[godawgs]

Could you get me a fresh OTL scan?

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open on the desktop. To do that:

• XP users: Double click on the OTL icon.
  Make sure all other windows are closed.
  
• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console
• Do Not click the box beside Include 64bit Scans at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

[Advertisements]

OTL logfile created on: 2/19/2013 10:24:27 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 38.82% Memory free
3.77 Gb Paging File | 1.98 Gb Available in Paging File | 52.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 120.10 Gb Free Space | 59.97% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 07:54:50 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 06:39:58 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files\QuickBooks 2012\QBW32.EXE
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 23:00:00 | 002,088,400 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/13 18:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\TscHelp.exe
PRC - [2010/04/13 18:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 18:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 18:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\Snagit32.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2013/01/10 10:33:28 | 000,049,720 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:33:45 | 013,324,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\866abe13110ccdbbe0a1e26513416300\System.Data.Entity.ni.dll
MOD - [2012/11/27 09:09:54 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012/11/27 09:09:54 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:52 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\64bd7a006d1c9ac8204de2a184a55721\System.Data.OracleClient.ni.dll
MOD - [2012/11/27 09:09:49 | 012,076,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\cb71b32d04d46e52d806bfcf56835f4a\System.Web.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:41 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:38 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\066468aae0716d2f75b23e16a938bc00\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:09:36 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b11051375305a940185b3c450f6fb537\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:09:11 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\f340d6d2f714f641ec63cc69f85eaa0d\System.Xaml.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:09:04 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:05:01 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/27 09:04:57 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e7e541ea6001b032c801c05773b44622\PresentationFramework.ni.dll
MOD - [2012/11/27 09:04:40 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\d0ad071b17c23df135fe90b9f38f0570\PresentationCore.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:32 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d9492ed82f3081adec9c2a464ec5e7bc\PresentationFramework.Classic.ni.dll
MOD - [2012/11/27 09:04:30 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b86266f20ea3c037c7eb1585cf3119c1\PresentationFramework.Aero.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:27 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\61c53f76cd398b33c852798f164163f9\WindowsBase.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:23 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\6141ff9a028af1c813abc2b5434d69f8\System.Security.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:04 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:01:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/27 09:00:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/27 07:20:13 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2012/08/28 06:40:44 | 000,110,480 | ---- | M] () -- C:\Program Files\QuickBooks 2012\Webification.DLL
MOD - [2012/08/28 06:40:38 | 000,121,232 | ---- | M] () -- C:\Program Files\QuickBooks 2012\ReportBridge.DLL
MOD - [2012/08/28 06:40:34 | 000,176,528 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBSearch.dll
MOD - [2012/08/28 06:40:30 | 000,138,128 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2012/08/28 06:40:28 | 000,020,880 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBCompressor.DLL
MOD - [2012/08/28 06:40:26 | 000,070,032 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QB2WPFBridge.dll
MOD - [2012/08/28 06:40:20 | 000,042,384 | ---- | M] () -- C:\Program Files\QuickBooks 2012\mbpopup.dll
MOD - [2012/08/28 06:40:18 | 000,093,072 | ---- | M] () -- C:\Program Files\QuickBooks 2012\IPDWidgetInterop.dll
MOD - [2012/08/28 06:40:18 | 000,082,832 | ---- | M] () -- C:\Program Files\QuickBooks 2012\IPDWidgetBridge.DLL
MOD - [2012/08/28 06:40:16 | 000,817,040 | ---- | M] () -- C:\Program Files\QuickBooks 2012\HPD.DLL
MOD - [2012/08/28 06:40:16 | 000,049,552 | ---- | M] () -- C:\Program Files\QuickBooks 2012\HPDBridge.dll
MOD - [2012/08/28 06:40:14 | 000,399,248 | ---- | M] () -- C:\Program Files\QuickBooks 2012\FeaturesBridge.DLL
MOD - [2012/08/28 06:40:04 | 000,268,688 | ---- | M] () -- C:\Program Files\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/08/28 06:40:04 | 000,176,528 | ---- | M] () -- C:\Program Files\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/08/28 06:40:02 | 000,380,304 | ---- | M] () -- C:\Program Files\QuickBooks 2012\BackupLib.dll
MOD - [2012/07/26 23:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files\Trillian\libspeex.dll
MOD - [2012/07/26 23:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2012/07/26 23:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2012/07/26 23:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2012/07/26 23:00:00 | 000,008,704 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2012/07/26 23:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2012/07/26 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2012/07/26 23:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2012/04/24 22:24:23 | 000,132,968 | ---- | M] () -- C:\Program Files\QuickBooks 2012\LP_FeaturesBridge.DLL
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/08/19 20:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\QuickBooks 2012\zlib1.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2004/01/12 04:40:08 | 000,049,152 | ---- | M] () -- C:\Program Files\IconSaver\Shell Extension.dll
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/02/11 07:54:50 | 000,170,912 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/31 12:54:48 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/23 14:31:28 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:3.0.20121120
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/02/17 11:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/01 07:52:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/02/17 11:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\staged
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/02/11 18:41:04 | 000,533,536 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 11:22:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/17 11:24:10 | 000,151,803 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\staged\[email protected]
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2013/02/05 07:55:20 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 19:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/11 07:55:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/11 07:55:07 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/11 07:54:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/11 07:54:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/11 07:54:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/11 07:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/10 11:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/02/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QT Lite
[2013/02/10 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/02/10 10:46:54 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll
[2013/02/10 10:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2013/02/10 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/02/10 10:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/02/10 10:32:24 | 002,226,176 | ---- | C] (Bootstrap Development, LLC.) -- C:\WINDOWS\bsdsetup.dll
[2013/01/31 12:55:12 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/31 12:25:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/31 08:53:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/31 08:53:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/31 08:53:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/31 08:53:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/31 08:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/30 09:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:38 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/01/26 08:34:38 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 08:40:37 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/02/15 19:02:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/02/12 08:49:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 08:49:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 08:35:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/02/12 08:33:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/12 08:33:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/12 08:33:20 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 09:02:51 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/02/11 07:54:51 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/11 07:54:50 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/11 07:54:50 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/11 07:54:50 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/11 07:54:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/11 07:54:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/11 07:54:50 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/10 11:40:16 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/02/10 10:35:22 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/02/10 10:12:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/10 10:12:08 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/10 09:16:28 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/02/07 11:23:21 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/02/05 07:55:20 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/31 12:55:12 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/31 12:53:54 | 000,055,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/30 10:02:08 | 000,000,815 | ---- | M] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/26 08:21:45 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 09:02:51 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/02/10 11:40:16 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/02/10 11:40:16 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/02/10 10:35:22 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/31 12:53:54 | 000,055,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/31 08:53:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/31 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/31 08:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/31 08:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/31 08:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/30 10:02:08 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/26 08:02:53 | 001,492,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 001,239,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/13 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2008/07/09 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2008/08/11 07:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Locktime
[2008/08/19 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\r2 Studios
[2013/01/27 16:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\URSoft
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/02/19 06:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2013/02/15 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2013/02/09 16:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ASPNET\Application Data\VERITAS
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/02/19 09:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2013/02/18 13:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon
[2011/05/12 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2008/07/09 14:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Interactive Studios
[2008/07/09 06:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Spearit
[2013/01/17 15:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\VERITAS
[2011/12/17 09:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Foxit Software
[2011/12/17 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Lenovo
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Spearit
[2008/07/09 14:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\VERITAS

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 16:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2007/09/19 20:49:32 | 000,025,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 05:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 16:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 16:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 16:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 16:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 16:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 16:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 16:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 16:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 16:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 16:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 16:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 16:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 16:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 16:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 21:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 16:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 16:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 16:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 16:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 16:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 16:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 16:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 16:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 04:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 16:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 16:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 22:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) -- C:\AUTOCHK.EXE
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/07/03 16:15:12 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=D999CF40BD4EEB69FAB32069CA9D65B1 -- C:\Program Files\UpdatePack-Files\SP3QFE\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2009/04/19 10:20:18 | 000,408,576 | ---- | M] (Microsoft Corporation) MD5=FF1B04E478694FE92E6D1EC025EAB7FD -- C:\Program Files\UpdatePack-Files\SP3QFE\qmgr.dll

< MD5 for: SERVICES >
[2001/08/18 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
[2013/01/29 11:24:30 | 002,540,423 | ---- | M] () MD5=E21FD5DB0EEDCB0EC6F90CBB96EA543D -- C:\Program Files\Wireshark\services

< MD5 for: SERVICES._ >
[2004/08/12 05:05:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES._
[2001/08/18 04:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.CSS >
[2009/08/31 15:07:44 | 000,011,359 | ---- | M] () MD5=7A8415047C36FC8CB9137D6280E5305E -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\Help\services.css
[2011/08/19 20:25:04 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\QuickBooks 2012\Components\Services\services.css

< MD5 for: SERVICES.DLL >
[2006/11/24 15:19:24 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\WINDOWS\system32\tvia\local\collect\services.dll

< MD5 for: SERVICES.EX_ >
[2001/08/18 04:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\I386\SERVICES.EX_
[2008/04/14 01:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/12/24 04:35:14 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=357F8FBE36D514F1FFF7D731CB61A9AB -- C:\Program Files\UpdatePack-Files\SP3QFE\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2012/05/30 19:34:56 | 000,109,895 | ---- | M] () MD5=27C527CBCA5F2A406A8705400A044C5C -- C:\Program Files\Android\android-sdk\docs\guide\topics\fundamentals\services.html
[2004/04/05 10:08:46 | 000,001,469 | ---- | M] () MD5=946647C766B08D2393EE47837D676181 -- C:\Program Files\TuneXP\docs\services.html

< MD5 for: SERVICES.JAVA >
[2012/05/30 19:50:45 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\Program Files\Android\android-sdk\sources\android-15\org\apache\harmony\security\fortress\Services.java

< MD5 for: SERVICES.LNK >
[2012/05/07 12:43:15 | 000,001,612 | ---- | M] () MD5=EBB4C737C277C6FCAE0310FF4BD77F82 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.LST >
[2005/08/10 15:28:07 | 000,076,632 | ---- | M] () MD5=64107E3C030A2AE5BA2F9119C61E8A32 -- C:\Program Files\IP-Tools\SERVICES.LST

< MD5 for: SERVICES.MS_ >
[2004/08/12 05:05:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.MS_
[2001/08/18 04:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2001/08/23 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.MSC.LNK >
[2012/10/10 08:37:43 | 000,001,455 | ---- | M] () MD5=B83543A01C747EE66A9D108442A15510 -- C:\Documents and Settings\Gary\Desktop\services.msc.lnk

< MD5 for: SERVICES.PLT >
[2009/09/01 13:25:10 | 000,000,097 | ---- | M] () MD5=F6BF633EA2A36B743B47163F9E78B8B3 -- C:\Program Files\NetView\Portlist\TCP\services.plt

< MD5 for: SERVICES.RDB >
[2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2008/10/03 11:54:32 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\Program Files\UpdatePack-Files\SP3QFE\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/24 13:50:16 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\Program Files\UpdatePack-Files\SP3QFE\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2008/08/03 21:08:35 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/08/03 21:08:36 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/09 22:27:40 | 000,000,728 | ---- | C] () -- C:\WINDOWS\Tasks\BMMTask.job
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\Tasks\WavePadReminder.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9500420AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 70.00GB
Starting Offset: 215033978880
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 195.00GB
Starting Offset: 290373763072
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: DOCFXITLT
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 H DVD-ROM 0 B
Volume 1 C Docfxit XP NTFS Partition 200 GB Healthy System
Volume 2 F Backup NTFS Partition 70 GB Healthy
Volume 3 D Partition 195 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F

< End of report >


Thank you for looking at this for me.

Docfxit

[docfxit]

OTL logfile created on: 2/19/2013 10:24:27 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 38.82% Memory free
3.77 Gb Paging File | 1.98 Gb Available in Paging File | 52.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 120.10 Gb Free Space | 59.97% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 07:54:50 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 06:39:58 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files\QuickBooks 2012\QBW32.EXE
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 23:00:00 | 002,088,400 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/13 18:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\TscHelp.exe
PRC - [2010/04/13 18:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 18:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 18:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files\Snagit 10\Snagit32.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2013/01/10 10:33:28 | 000,049,720 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:33:45 | 013,324,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\866abe13110ccdbbe0a1e26513416300\System.Data.Entity.ni.dll
MOD - [2012/11/27 09:09:54 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ae40aeae573219a0439def61b1d48b49\UIAutomationTypes.ni.dll
MOD - [2012/11/27 09:09:54 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9fedec1f005f9e39f8dde611c4c27cab\UIAutomationProvider.ni.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:52 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\64bd7a006d1c9ac8204de2a184a55721\System.Data.OracleClient.ni.dll
MOD - [2012/11/27 09:09:49 | 012,076,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\cb71b32d04d46e52d806bfcf56835f4a\System.Web.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:41 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:38 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\066468aae0716d2f75b23e16a938bc00\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:09:36 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b11051375305a940185b3c450f6fb537\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:09:11 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\f340d6d2f714f641ec63cc69f85eaa0d\System.Xaml.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:09:04 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\5528d332c662a879514630cbee174ada\Accessibility.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:05:01 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/27 09:04:57 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e7e541ea6001b032c801c05773b44622\PresentationFramework.ni.dll
MOD - [2012/11/27 09:04:40 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\d0ad071b17c23df135fe90b9f38f0570\PresentationCore.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:32 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d9492ed82f3081adec9c2a464ec5e7bc\PresentationFramework.Classic.ni.dll
MOD - [2012/11/27 09:04:30 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b86266f20ea3c037c7eb1585cf3119c1\PresentationFramework.Aero.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:27 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\61c53f76cd398b33c852798f164163f9\WindowsBase.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:23 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\6141ff9a028af1c813abc2b5434d69f8\System.Security.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:04 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\4356fe490600dd3d31969f31f59a6892\System.Numerics.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:01:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/11/27 09:00:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/11/27 07:20:13 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2012/08/28 06:40:44 | 000,110,480 | ---- | M] () -- C:\Program Files\QuickBooks 2012\Webification.DLL
MOD - [2012/08/28 06:40:38 | 000,121,232 | ---- | M] () -- C:\Program Files\QuickBooks 2012\ReportBridge.DLL
MOD - [2012/08/28 06:40:34 | 000,176,528 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBSearch.dll
MOD - [2012/08/28 06:40:30 | 000,138,128 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2012/08/28 06:40:28 | 000,020,880 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QBCompressor.DLL
MOD - [2012/08/28 06:40:26 | 000,070,032 | ---- | M] () -- C:\Program Files\QuickBooks 2012\QB2WPFBridge.dll
MOD - [2012/08/28 06:40:20 | 000,042,384 | ---- | M] () -- C:\Program Files\QuickBooks 2012\mbpopup.dll
MOD - [2012/08/28 06:40:18 | 000,093,072 | ---- | M] () -- C:\Program Files\QuickBooks 2012\IPDWidgetInterop.dll
MOD - [2012/08/28 06:40:18 | 000,082,832 | ---- | M] () -- C:\Program Files\QuickBooks 2012\IPDWidgetBridge.DLL
MOD - [2012/08/28 06:40:16 | 000,817,040 | ---- | M] () -- C:\Program Files\QuickBooks 2012\HPD.DLL
MOD - [2012/08/28 06:40:16 | 000,049,552 | ---- | M] () -- C:\Program Files\QuickBooks 2012\HPDBridge.dll
MOD - [2012/08/28 06:40:14 | 000,399,248 | ---- | M] () -- C:\Program Files\QuickBooks 2012\FeaturesBridge.DLL
MOD - [2012/08/28 06:40:04 | 000,268,688 | ---- | M] () -- C:\Program Files\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/08/28 06:40:04 | 000,176,528 | ---- | M] () -- C:\Program Files\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/08/28 06:40:02 | 000,380,304 | ---- | M] () -- C:\Program Files\QuickBooks 2012\BackupLib.dll
MOD - [2012/07/26 23:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files\Trillian\libspeex.dll
MOD - [2012/07/26 23:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2012/07/26 23:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2012/07/26 23:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2012/07/26 23:00:00 | 000,008,704 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2012/07/26 23:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2012/07/26 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2012/07/26 23:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2012/04/24 22:24:23 | 000,132,968 | ---- | M] () -- C:\Program Files\QuickBooks 2012\LP_FeaturesBridge.DLL
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/08/19 20:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\QuickBooks 2012\zlib1.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2004/01/12 04:40:08 | 000,049,152 | ---- | M] () -- C:\Program Files\IconSaver\Shell Extension.dll
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/02/11 07:54:50 | 000,170,912 | ---- | M] (Oracle Corporation) [Disabled | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/31 12:53:34 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/31 12:54:48 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/23 14:31:28 | 000,132,864 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:3.0.20121120
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/02/17 11:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/01 07:52:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/02/17 11:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\staged
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/02/11 18:41:04 | 000,533,536 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 11:22:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/17 11:24:10 | 000,151,803 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\staged\[email protected]
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2013/02/05 07:55:20 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-133707808-2752991226-3942243025-1004\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 19:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/11 07:55:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/11 07:55:07 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/11 07:54:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/11 07:54:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/11 07:54:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/11 07:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/10 11:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/02/10 10:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QT Lite
[2013/02/10 10:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/02/10 10:46:54 | 000,180,224 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QTCF.dll
[2013/02/10 10:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2013/02/10 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/02/10 10:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/02/10 10:32:24 | 002,226,176 | ---- | C] (Bootstrap Development, LLC.) -- C:\WINDOWS\bsdsetup.dll
[2013/01/31 12:55:12 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/31 12:25:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/31 08:53:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/31 08:53:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/31 08:53:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/31 08:53:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/31 08:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/30 09:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:38 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013/01/26 08:34:38 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 08:40:37 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/02/15 19:02:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/02/12 08:49:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 08:49:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 08:35:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/02/12 08:33:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/12 08:33:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/12 08:33:20 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 09:02:51 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/02/11 07:54:51 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/11 07:54:50 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/02/11 07:54:50 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/11 07:54:50 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/11 07:54:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/11 07:54:50 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/11 07:54:50 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/10 11:40:16 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/02/10 10:35:22 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/02/10 10:12:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/10 10:12:08 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/10 09:16:28 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/02/07 11:23:21 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/02/05 07:55:20 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/31 12:55:12 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/31 12:54:48 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/31 12:53:54 | 000,055,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/30 10:02:08 | 000,000,815 | ---- | M] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/26 08:21:45 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 09:02:51 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/02/10 11:40:16 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/02/10 11:40:16 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/02/10 10:35:22 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/31 12:53:54 | 000,055,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/31 08:53:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/31 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/31 08:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/31 08:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/31 08:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/30 10:02:08 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/26 08:02:53 | 001,492,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 001,239,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\Ÿ9Ÿ9
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/13 10:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bitdefender
[2008/07/09 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2008/08/11 07:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Locktime
[2008/08/19 07:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\r2 Studios
[2013/01/27 16:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\URSoft
[2008/07/09 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/02/19 06:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2013/02/15 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2013/02/09 16:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ASPNET\Application Data\VERITAS
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/02/19 09:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2013/02/18 13:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon
[2011/05/12 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2008/07/09 14:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Interactive Studios
[2008/07/09 06:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Spearit
[2013/01/17 15:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\Spearit
[2008/07/09 14:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\QBPOSDBSrvUser\Application Data\VERITAS
[2011/12/17 09:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Foxit Software
[2011/12/17 08:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Lenovo
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\Spearit
[2008/07/09 14:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scans\Application Data\VERITAS

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 16:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2007/09/19 20:49:32 | 000,025,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 05:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 16:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 16:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 16:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 16:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 16:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 16:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 16:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 16:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 16:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 16:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 16:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 16:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 16:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 16:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 21:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 16:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 16:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 16:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 16:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 16:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 16:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 16:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 16:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 04:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 16:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 16:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 22:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) -- C:\AUTOCHK.EXE
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/07/03 16:15:12 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=D999CF40BD4EEB69FAB32069CA9D65B1 -- C:\Program Files\UpdatePack-Files\SP3QFE\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2009/04/19 10:20:18 | 000,408,576 | ---- | M] (Microsoft Corporation) MD5=FF1B04E478694FE92E6D1EC025EAB7FD -- C:\Program Files\UpdatePack-Files\SP3QFE\qmgr.dll

< MD5 for: SERVICES >
[2001/08/18 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
[2013/01/29 11:24:30 | 002,540,423 | ---- | M] () MD5=E21FD5DB0EEDCB0EC6F90CBB96EA543D -- C:\Program Files\Wireshark\services

< MD5 for: SERVICES._ >
[2004/08/12 05:05:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES._
[2001/08/18 04:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.CSS >
[2009/08/31 15:07:44 | 000,011,359 | ---- | M] () MD5=7A8415047C36FC8CB9137D6280E5305E -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\Help\services.css
[2011/08/19 20:25:04 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\QuickBooks 2012\Components\Services\services.css

< MD5 for: SERVICES.DLL >
[2006/11/24 15:19:24 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\WINDOWS\system32\tvia\local\collect\services.dll

< MD5 for: SERVICES.EX_ >
[2001/08/18 04:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\I386\SERVICES.EX_
[2008/04/14 01:42:36 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/12/24 04:35:14 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=357F8FBE36D514F1FFF7D731CB61A9AB -- C:\Program Files\UpdatePack-Files\SP3QFE\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2012/05/30 19:34:56 | 000,109,895 | ---- | M] () MD5=27C527CBCA5F2A406A8705400A044C5C -- C:\Program Files\Android\android-sdk\docs\guide\topics\fundamentals\services.html
[2004/04/05 10:08:46 | 000,001,469 | ---- | M] () MD5=946647C766B08D2393EE47837D676181 -- C:\Program Files\TuneXP\docs\services.html

< MD5 for: SERVICES.JAVA >
[2012/05/30 19:50:45 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\Program Files\Android\android-sdk\sources\android-15\org\apache\harmony\security\fortress\Services.java

< MD5 for: SERVICES.LNK >
[2012/05/07 12:43:15 | 000,001,612 | ---- | M] () MD5=EBB4C737C277C6FCAE0310FF4BD77F82 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.LST >
[2005/08/10 15:28:07 | 000,076,632 | ---- | M] () MD5=64107E3C030A2AE5BA2F9119C61E8A32 -- C:\Program Files\IP-Tools\SERVICES.LST

< MD5 for: SERVICES.MS_ >
[2004/08/12 05:05:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Dnload\Scratch02\Session 01\I386\SERVICES.MS_
[2001/08/18 04:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2001/08/23 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.MSC.LNK >
[2012/10/10 08:37:43 | 000,001,455 | ---- | M] () MD5=B83543A01C747EE66A9D108442A15510 -- C:\Documents and Settings\Gary\Desktop\services.msc.lnk

< MD5 for: SERVICES.PLT >
[2009/09/01 13:25:10 | 000,000,097 | ---- | M] () MD5=F6BF633EA2A36B743B47163F9E78B8B3 -- C:\Program Files\NetView\Portlist\TCP\services.plt

< MD5 for: SERVICES.RDB >
[2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2008/10/03 11:54:32 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=67E38B4A549833E02D4D1617B5DBC318 -- C:\Program Files\UpdatePack-Files\SP3QFE\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/24 13:50:16 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\Program Files\UpdatePack-Files\SP3QFE\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2008/08/03 21:08:35 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/08/03 21:08:36 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/05/09 22:27:40 | 000,000,728 | ---- | C] () -- C:\WINDOWS\Tasks\BMMTask.job
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\Tasks\WavePadReminder.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9500420AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 70.00GB
Starting Offset: 215033978880
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 195.00GB
Starting Offset: 290373763072
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: DOCFXITLT
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 H DVD-ROM 0 B
Volume 1 C Docfxit XP NTFS Partition 200 GB Healthy System
Volume 2 F Backup NTFS Partition 70 GB Healthy
Volume 3 D Partition 195 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A303874F

< End of report >


Thank you for looking at this for me.

Docfxit

[godawgs]

I don't see any malware but there are some additional files that I want checked. In the meantime I'll do some further research on this.

Virustotal File Upload:

To use Virustotal go Here

• Click the Choose File button in the middle of the screen. This will open a File Upload window.
• On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
  NOTE.. Only one file per scan
  
  C:\WINDOWS\System32\-1
  C:\WINDOWS\System32\drivers\psmounterex.sys
  C:\WINDOWS\System32\smfaxmon.dll
• This will put the file in the box on the Virustotal page.
• Click the Scan it! button.
• Please be patient while the file is scanned. It may take several minutes.
• Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
• Repeat 1 thru 6 for each file listed.

Post the VirusTotal results or the links to the results.

[docfxit]

-1
Was garbage text. I deleted it.

psmounterex.sys
https://www.virustot...sis/1361318416/

smfaxmon.dll
https://www.virustot...sis/1361319118/


Thank you for looking into this.

Docfxit

[godawgs]

Hi there thanks for your continued help,

You are welcome. I'm still researching. I'll be back ASAP.

[godawgs]

Back in post #50 when you listed all of the fles that came up...was this in BitDefender or Spy-the Spy?

[docfxit]

They all showed in Spy-The-Spy.

Thanks,

Docfxit

[godawgs]

They all showed in Spy-The-Spy.

Thanks,

Docfxit

OK. That's good. I originally thought that BitDefender was flagging them.
Spy-TheSpy is a program that I was not familiar with so I appreciate your patience. Spy-The-Spy does not know if a file is good or malicious. See this link for a description of the program.
The program description says the following:

Legit Files
Spy-The-Spy is a file monitor. It doesn't differentiate between real spyware and a legit file that has been added to watched folders. There are cases when such legit files are created:

Windows may on startup replace some dll's in system folder from its backup
Some virus and anti-spyware scan may create a temporary files to unpack zipped files. AdAware does this for example.
Legitimate sites add dll's to your computer without any notification. Ebay does this for example.

The System Restore files are legitimately created by the system. So as long as Spy-The-Spy is monitoring that folder it will continue to flag changes. It doesn't mean they are malicious.
Spy-The-Spy sits in the system tray and watches folders you specified in settings. So you should be able to go into the program settings and remove the C:\System Restore folder from the watched folders list.

The last OTL scan was clear. If we have cleared up the Spy-The-Spy program I want you to go back to post #44 and clean up the tools we have used on Windows XP.

Then if you are up to it we need to look at the Windows 7 installation. One of the files that the MalwareBytes scan was part of the zero access infection. To be safe we should scan the Windows 7 installation an make sure nothing else is there.

Let me know when you have done the clean up on the XP installation and we can start on the Windows 7 installation.

[godawgs]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.