1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AV Protection Virus - Cannot boot even in safe mode

Discussion in 'Virus & Other Malware Removal' started by SarahDoughnut5, Nov 28, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
    Hi, my brother's computer has the AV Protection virus. I've joined several forums to try and get help, they have all stopped responding. I'm been using my computer (what I'm on now) to look up support. The problem was so bad, I couldn't even boot to desktop, even in safe mode. I could get as far as the welcome screen, type in the password, the computer would wait awhile, then say 'User log on failed to execute' or something along those lines. Because I can't get on the desktop, I can't run any malware removal program.s Before, when I COULD get to the desktop, I would try to and the programs would stop running, or the computer would restart continuously. I followed the steps from one forum to boot from CD to reatogo desktop. I used OTL to make custom scans, using my USB drive to copy the instructions the forum gave me for the scan from my computer to his. Their last instructions had me do a scan and then if it worked I was supposed to use combo fix, but I don't think the scan worked. Can someone help me? This is the last OTL:

    OTL logfile created on: 11/27/2011 11:35:23 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 147.58 Gb Total Space | 88.22 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
    Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.78% Space Free | Partition Type: FAT
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
    SRV - File not found [Auto] -- -- (TosCoSrv)
    SRV - File not found [Auto] -- -- (MSK80Service)
    SRV - File not found [Auto] -- -- (MpfService)
    SRV - File not found [On_Demand] -- -- (McSysmon)
    SRV - File not found [Auto] -- -- (McProxy)
    SRV - File not found [Auto] -- -- (mcmscsvc)
    SRV - File not found [On_Demand] -- -- (iPod Service)
    SRV - File not found [Auto] -- -- (Apple Mobile Device)
    SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
    SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
    DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
    DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
    DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
    DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
    DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
    DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
    DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
    DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
    DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
    DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
    DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&hl=en
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

    [2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\Windows\System32\
    [2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
    [2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
    [2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
    [2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
    [2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
    [2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
    [2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
    [2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
    [2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
    [2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
    [2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
    [2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
    [2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
    [2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
    [2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
    [2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
    [2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
    [2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
    [2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\System32\
    [2011/11/26 20:51:54 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
    [2011/11/26 20:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
    [2011/11/26 18:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 18:38:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
    [2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
    [2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
    [2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
    [2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
    [2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
    [2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
    [2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
    [2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
    [2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
    [2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
    [2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
    [2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
    [2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
    [2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
    [2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
    [2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
    [2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
    [2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
    [2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
    [2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
    [2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
    [2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
    [2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
    [2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
    [2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
    [2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
    [2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
    [2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
    [2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
    [2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
    [2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
    [2011/11/17 23:39:26 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
    [2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
    [2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
    [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
    [2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
    [2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
    [2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
    [2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
    [2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
    [2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
    [2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
    [2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
    [2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
    [2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
    [2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
    [2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
    [2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
    [2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
    [2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
    [2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
    [2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
    [2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
    [2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
    [2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
    [2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
    [2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
    [2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
    [2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
    [2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
    [2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
    [2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
    [2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
    [2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
    [2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
    [2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
    [2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
    [2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
    [2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
    [2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
    [2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
    [2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
    [2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
    [2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
    [2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
    [2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
    [2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
    [2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
    [2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
    [2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
    [2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
    [2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
    [2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
    [2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
    [2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
    [2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
    [2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
    [2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
    [2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
    [2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
    [2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
    [2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
    [2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
    [2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
    [2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
    [2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
    [2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
    [2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
    [2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
    [2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
    [2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
    [2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
    [2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
    [2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
    [2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
    [2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
    [2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
    [2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
    [2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
    [2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
    [2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
    [2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
    [2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
    [2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
    [2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
    [2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
    [2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
    [2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
    [2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
    [2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
    [2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
    [2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
    [2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
    [2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
    [2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
    [2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
    [2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
    [2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
    [2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
    [2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
    [2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
    [2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
    [2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
    [2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
    [2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
    [2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
    [2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
    [2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
    [2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
    [2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
    [2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
    [2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
    [2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
    [2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
    [2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
    [2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
    [2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
    [2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
    [2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
    [2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
    [2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
    [2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
    [2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
    [2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
    [2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
    [2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
    [2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
    [2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
    [2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
    [2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
    [2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
    [2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
    [2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
    [2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
    [2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
    [2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
    [2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
    [2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
    [2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
    [2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
    [2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
    [2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
    [2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
    [2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
    [2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
    [2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
    [2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
    [2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
    [2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
    [2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
    [2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
    [2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
    [2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
    [2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
    [2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
    [2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
    [2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
    [2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
    [2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
    [2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
    [2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
    [2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
    [2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
    [2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
    [2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
    [2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
    [2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
    [2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
    [2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
    [2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
    [2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
    [2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
    [2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
    [2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
    [2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
    [2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
    [2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
    [2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
    [2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
    [2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
    [2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
    [2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
    [2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
    [2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
    [2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
    [2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
    [2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
    [2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
    [2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
    [2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
    [2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
    [2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
    [2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
    [2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
    [2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
    [2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
    [2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
    [2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
    [2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
    [2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
    [2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
    [2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
    [2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
    [2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
    [2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
    [2011/11/09 00:22:39 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
    [2011/11/09 00:22:38 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
    [2011/11/09 00:22:38 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
    [2011/11/09 00:22:37 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
    [2011/11/09 00:22:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
    [2011/11/09 00:22:37 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
    [2011/11/09 00:22:36 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
    [2011/11/09 00:22:36 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
    [2011/11/09 00:22:35 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
    [2011/11/09 00:22:35 | 000,311,296 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
    [2011/11/09 00:22:34 | 000,244,224 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
    [2011/11/09 00:22:34 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
    [2011/11/09 00:22:34 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
    [2011/11/09 00:22:33 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
    [2011/11/09 00:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
    [2011/11/09 00:22:32 | 000,374,272 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
    [2011/11/09 00:22:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
    [2011/11/09 00:22:29 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2011/11/09 00:22:29 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
    [2011/11/09 00:22:28 | 000,359,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
    [2011/11/09 00:22:28 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
    [2011/11/09 00:22:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    [2011/11/09 00:21:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
    [2011/11/09 00:21:00 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
    [2011/11/09 00:21:00 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
    [2011/11/09 00:21:00 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
    [2011/11/09 00:20:58 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
    [2011/11/09 00:20:57 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
    [2011/11/09 00:20:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
    [2011/11/09 00:20:56 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
    [2011/11/09 00:20:56 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
    [2011/11/09 00:20:55 | 000,466,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    [2011/11/09 00:20:55 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
    [2011/11/09 00:20:55 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
    [2011/11/09 00:20:54 | 000,326,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
    [2011/11/09 00:20:54 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
    [2011/11/09 00:20:54 | 000,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
    [2011/11/09 00:20:53 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
    [2011/11/09 00:20:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
    [2011/11/09 00:20:52 | 000,946,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
    [2011/11/09 00:20:52 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
    [2011/11/09 00:20:52 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
    [2011/11/09 00:20:51 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
    [2011/11/09 00:20:51 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
    [2011/11/09 00:20:46 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
    [2011/11/09 00:20:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
    [2011/11/09 00:20:45 | 000,241,664 | ---- | M] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
    [2011/11/09 00:20:45 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
    [2011/11/09 00:20:44 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
    [2011/11/09 00:20:42 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
    [2011/11/09 00:20:41 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
    [2011/11/09 00:20:39 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    [2011/11/09 00:20:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
    [2011/11/09 00:20:38 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
    [2011/11/09 00:20:38 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
    [2011/11/09 00:20:38 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
    [2011/11/09 00:20:36 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
    [2011/11/09 00:20:35 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
    [2011/11/09 00:19:23 | 000,246,272 | ---- | M] () -- C:\Windows\sed.exe
    [2011/11/09 00:19:20 | 000,425,984 | ---- | M] (Toshiba America Information Systems) -- C:\Windows\SavePOH.exe
    [2011/11/09 00:19:19 | 004,591,616 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    [2011/11/09 00:19:19 | 001,339,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
    [2011/11/09 00:19:08 | 000,403,968 | ---- | M] () -- C:\Windows\PEV.exe
    [2011/11/09 00:15:49 | 000,462,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
    [2011/11/09 00:15:48 | 000,645,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
    [2011/11/09 00:15:43 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
    [2011/11/09 00:14:57 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
    [2011/11/09 00:08:50 | 000,195,072 | ---- | M] (Agere Systems) -- C:\Windows\agrsmdel.exe
    [2011/11/09 00:05:34 | 000,430,080 | ---- | M] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
    [2011/11/08 23:35:12 | 000,638,976 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
    [2011/11/08 22:59:47 | 001,267,298 | ---- | M] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
    [2011/11/08 22:53:30 | 005,292,544 | ---- | M] (ParetoLogic, Inc.) -- C:\Users\Steven User\Desktop\PCHA.exe
    [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    [2011/11/08 22:52:17 | 000,133,632 | ---- | M] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
    [2011/11/06 23:35:41 | 000,001,100 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
    [334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/26 16:31:41 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ej23jnm23.dat
    [2011/11/26 16:31:31 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocejmiaiw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\odej23moc.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\muhmiaol23.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\metroosehw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\exeiuqolmis.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ewqlldnolmia.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\otiuqarcjra.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\ocmuhmjila.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\niw46mia23.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\busmjnolexe.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | C] () -- C:\Windows\System32\46nololarc.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\mia46mirmoc.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\arcotniwniw.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | C] () -- C:\Windows\System32\23hwmiamoc.dat
    [2011/11/18 20:01:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F\isolate.ini
    [2011/11/17 23:17:25 | 002,284,298 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
    [2011/11/17 23:15:54 | 006,691,812 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
    [2011/11/17 23:07:14 | 000,000,925 | ---- | C] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
    [2011/11/17 22:52:39 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/11/17 22:52:39 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/11/17 22:52:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.cat
    [2011/11/17 22:52:11 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.cat
    [2011/11/17 22:52:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.cat
    [2011/11/17 22:52:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.cat
    [2011/11/17 22:52:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.cat
    [2011/11/17 22:52:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.cat
    [2011/11/17 22:52:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.inf
    [2011/11/17 22:52:11 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.inf
    [2011/11/17 22:52:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnetv.inf
    [2011/11/17 22:52:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symnet.inf
    [2011/11/17 22:52:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.inf
    [2011/11/17 22:52:11 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.inf
    [2011/11/17 22:52:11 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\iron.inf
    [2011/11/17 22:52:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\isolate.ini
    [2011/11/17 22:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\N360\0501000.01D\symds.cat
    [2011/11/17 20:30:31 | 000,001,927 | ---- | C] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
    [2011/11/15 17:08:22 | 000,437,248 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\java.exe
    [2011/11/12 01:33:53 | 000,048,016 | -HS- | C] () -- C:\Windows\System32\c_77621.nl_
    [2011/11/11 22:32:20 | 000,657,042 | ---- | C] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
    [2011/11/08 23:52:09 | 000,775,673 | ---- | C] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
    [2011/11/08 22:59:47 | 000,430,080 | ---- | C] () -- C:\Users\Steven User\Desktop\0.6255255489322431.exe
    [2011/11/08 22:57:40 | 000,001,814 | ---- | C] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
    [2011/11/08 22:57:32 | 001,818,624 | ---- | C] () -- C:\Windows\System32\System Security 2012v121.exe
    [2011/11/08 22:53:33 | 000,000,340 | ---- | C] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
    [2011/11/08 22:52:12 | 001,267,298 | ---- | C] () -- C:\Users\Steven User\Desktop\0.8543574810547517.exe
    [2011/11/08 22:52:12 | 000,133,632 | ---- | C] () -- C:\Users\Steven User\Desktop\0.4049731133631722.exe
    [2011/06/06 21:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
    [2011/06/05 22:09:49 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30531320r
    [2011/06/05 22:09:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~30531320
    [2011/06/05 22:08:44 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30531320
    [2011/06/05 17:51:42 | 000,001,100 | ---- | C] () -- C:\Users\Steven User\AppData\Local\d3d8caps.dat
    [2011/05/28 01:09:00 | 076,004,920 | -H-- | C] () -- C:\ProgramData\xbejnmpolmid.dat
    [2011/05/28 01:09:00 | 003,748,983 | -H-- | C] () -- C:\Windows\System32\32mnj32je.dat
    [2011/05/28 01:09:00 | 003,412,402 | -H-- | C] () -- C:\Windows\System32\com32jedo.dat
    [2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\winwintocra.dat
    [2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comrim64aim.dat
    [2011/05/28 01:09:00 | 003,255,548 | -H-- | C] () -- C:\Windows\System32\comaimwh32.dat
    [2011/05/28 01:09:00 | 003,233,636 | -H-- | C] () -- C:\Windows\System32\wiaimjeco.dat
    [2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\exelonjmsub.dat
    [2011/05/28 01:09:00 | 003,195,681 | -H-- | C] () -- C:\Windows\System32\alijmhumco.dat
    [2011/05/28 01:09:00 | 002,938,007 | -H-- | C] () -- C:\Windows\System32\simloquiexe.dat
    [2011/05/28 01:09:00 | 002,610,209 | -H-- | C] () -- C:\Windows\System32\arjcraquito.dat
    [2011/05/28 01:09:00 | 002,554,671 | -H-- | C] () -- C:\Windows\System32\32aim64win.dat
    [2011/05/28 01:09:00 | 002,499,132 | -H-- | C] () -- C:\Windows\System32\32loaimhum.dat
    [2011/05/28 01:09:00 | 002,480,750 | -H-- | C] () -- C:\Windows\System32\cralolon64.dat
    [2011/05/28 01:09:00 | 002,024,737 | -H-- | C] () -- C:\Windows\System32\aimlondllqwe.dat
    [2011/05/28 01:09:00 | 002,016,254 | -H-- | C] () -- C:\Windows\System32\whesoortem.dat
    [2011/05/28 01:09:00 | 001,512,735 | -H-- | C] () -- C:\ProgramData\dimlopmnjebx.dat
    [2010/11/29 16:08:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/11/29 16:08:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/11/25 17:10:48 | 000,227,896 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
    [2010/11/25 17:07:39 | 000,035,384 | ---- | C] () -- C:\Windows\System32\drivers\kbdclass.sys
    [2010/11/24 14:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Steven\AppData\Local\d3d9caps.dat
    [2010/09/30 14:47:29 | 000,403,968 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/09/30 14:47:29 | 000,246,272 | ---- | C] () -- C:\Windows\sed.exe
    [2010/09/30 14:47:29 | 000,215,552 | ---- | C] () -- C:\Windows\zip.exe
    [2010/09/30 14:47:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/09/30 14:47:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/09/10 20:45:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009/07/28 23:18:47 | 000,003,584 | ---- | C] () -- C:\Users\Guest\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/03 19:20:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2008/12/03 19:20:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
    [2008/10/26 11:26:38 | 000,006,656 | ---- | C] () -- C:\Users\Steven User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/16 19:10:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/03/29 17:35:45 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
    [2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
    [2007/11/06 18:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2007/11/06 18:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2007/11/06 18:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2007/11/06 18:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2007/11/06 18:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2007/11/06 18:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007/11/06 17:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2007/11/06 17:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2007/11/06 17:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2007/11/06 17:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
    [2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
    [2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
    [2007/11/06 17:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
    [2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
    [2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/12/05 16:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,321,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,607,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,105,530 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

    ========== LOP Check ==========

    [2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\DriverCure
    [2010/10/04 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
    [2010/12/15 15:03:25 | 000,000,000 | -HSD | M] -- C:\Users\Steven\AppData\Roaming\Internet Security Suite
    [2010/07/11 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\My Battle for Middle-earth Files
    [2010/09/10 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\ParetoLogic
    [2008/04/06 10:57:17 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\TOSHIBA
    [2008/03/29 17:43:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WildTangent
    [2008/04/06 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\WinBatch
    [2011/06/05 22:05:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\BitTorrent
    [2010/12/07 15:45:17 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\DriverCure
    [2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth Files
    [2011/06/06 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steven User\AppData\Roaming\My Battle for Middle-earth™ II Files
    [2010/12/07 15:45:12 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\ParetoLogic
    [2009/12/13 16:18:55 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WeatherBug
    [2008/06/27 16:19:46 | 000,000,000 | -H-D | M] -- C:\Users\Steven User\AppData\Roaming\WinBatch
    [2011/01/13 03:07:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\2f8725
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2011/06/06 22:12:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Flip Video
    [2010/12/08 18:35:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\ISVZJKWXPS
    [2010/09/10 19:40:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\MSDXBJHHS
    [2011/06/05 21:17:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
    [2011/11/26 17:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\ParetoLogic
    [2011/11/17 22:36:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2007/12/11 08:36:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Toshiba
    [2011/06/06 22:12:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
    [2011/06/06 22:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
    [2009/03/15 14:23:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2007/12/11 08:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2010/05/02 13:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/08/14 23:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
    [2011/10/01 00:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
    [2010/09/10 21:54:55 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
    [2011/11/26 16:31:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe >


    < :files >

    < C:\Windows\System32\drivers\kbdclass.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys /replace >
    Invalid Switch: replace

    < C:\Windows\System32\drivers\volsnap.sys|C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys /replace >
    Invalid Switch: replace


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 816 bytes -> C:\Windows\1970516416:1062112394.exe

    < End of report >
     
  2. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
    Hi, my brother's computer has the AV Protection virus. I've joined several forums to try and get help, they have all stopped responding. I'm been using my computer (what I'm on now) to look up support. The problem was so bad, I couldn't even boot to desktop, even in safe mode. I could get as far as the welcome screen, type in the password, the computer would wait awhile, then say 'User log on failed to execute' or something along those lines. Because I can't get on the desktop, I can't run any malware removal program.s Before, when I COULD get to the desktop, I would try to and the programs would stop running, or the computer would restart continuously. I followed the steps from one forum to boot from CD to reatogo desktop. I used OTL to make custom scans, using my USB drive to copy the instructions the forum gave me for the scan from my computer to his. Their last instructions had me do a scan and then if it worked I was supposed to use combo fix, but I don't think the scan worked. Can someone help me?
     
  3. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
    This is the latest OTL:
     

    Attached Files:

  4. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.


    I am reviewing your logs which may could take some time. In the meanwhile, please provide me a link to the topic you get instructions for running OTLPE and the OTLPE Fix,
     
  5. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    Please read this instructions carefully.

    Download the attached Fix.txt to an USB drive.


    Start OTLPE as you did previously from CD

    • Insert your USB drive with fix.txt on it
    • Start OTLPE
    • Drag and drop fix.txt into the Custom scans and fixes box
    • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done to normal mode if possible


    Please let me know if you are able to boot windows now.
     

    Attached Files:

    • fix.txt
      File size:
      2.8 KB
      Views:
      1
  6. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
  7. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
    Here is the most recent scan:


    OTL logfile created on: 11/28/2011 9:10:14 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 147.58 Gb Total Space | 86.21 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
    Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.77% Space Free | Partition Type: FAT
    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet002

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (TOSHIBA Bluetooth Service)
    SRV - File not found [Auto] -- -- (TosCoSrv)
    SRV - File not found [Auto] -- -- (MSK80Service)
    SRV - File not found [Auto] -- -- (MpfService)
    SRV - File not found [On_Demand] -- -- (McSysmon)
    SRV - File not found [Auto] -- -- (McProxy)
    SRV - File not found [Auto] -- -- (mcmscsvc)
    SRV - File not found [On_Demand] -- -- (iPod Service)
    SRV - File not found [Auto] -- -- (Apple Mobile Device)
    SRV - [2011/11/08 22:53:19 | 000,532,480 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2011/11/08 22:53:16 | 000,196,608 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2011/11/08 22:53:13 | 000,262,144 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2011/11/08 22:53:12 | 000,225,280 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2011/11/08 22:53:10 | 000,294,912 | ---- | M] () [Auto] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
    SRV - [2011/11/08 22:53:05 | 000,765,952 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/11/08 22:53:04 | 002,584,576 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2011/11/08 22:52:56 | 000,569,344 | ---- | M] (WildTangent, Inc.) [Auto] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2011/11/08 22:52:55 | 000,598,016 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2011/11/08 22:52:48 | 000,188,416 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2011/11/08 22:52:43 | 000,158,720 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2011/05/28 01:09:00 | 001,512,735 | -H-- | M] () [Auto] -- C:\ProgramData\dimlopmnjebx.dat -- (SENS)
    SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (Tosrfcom)
    DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- -- (IO_Memory)
    DRV - File not found [Kernel | On_Demand] -- -- (catchme)
    DRV - File not found [Kernel | Disabled] -- -- (blbdrive)
    DRV - [2011/11/28 11:21:09 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\1970516416 -- (c0b17375)
    DRV - [2011/11/18 02:32:44 | 000,273,408 | ---- | M] () [Kernel | System] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
    DRV - [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/07/06 09:56:47 | 000,213,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
    DRV - [2011/04/29 07:49:57 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
    DRV - [2011/04/29 07:49:55 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
    DRV - [2011/04/29 07:49:44 | 000,079,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
    DRV - [2011/04/29 07:49:35 | 000,105,984 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
    DRV - [2011/04/18 19:35:53 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110415.001\bhdrvx86.sys -- (BHDrvx86)
    DRV - [2011/04/18 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\navex15.sys -- (NAVEX15)
    DRV - [2011/04/18 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.018\naveng.sys -- (NAVENG)
    DRV - [2011/04/14 09:24:14 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
    DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
    DRV - [2011/03/14 21:29:00 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110330.001\idsvix86.sys -- (IDSVix86)
    DRV - [2011/02/22 07:51:51 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
    DRV - [2011/02/18 08:31:24 | 000,304,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srv.sys -- (srv)
    DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
    DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2010/08/20 23:59:12 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
    DRV - [2010/06/16 10:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2010/04/19 19:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
    DRV - [2010/02/20 16:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
    DRV - [2010/02/18 06:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
    DRV - [2009/06/15 13:20:59 | 000,439,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2008/08/01 20:01:23 | 000,625,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
    DRV - [2008/05/19 21:07:31 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
    DRV - [2008/04/04 20:21:42 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
    DRV - [2008/02/22 21:38:33 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
    DRV - [2008/01/19 02:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/01/19 02:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/01/19 02:43:27 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
    DRV - [2008/01/19 02:43:03 | 000,294,456 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
    DRV - [2008/01/19 02:43:03 | 000,266,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
    DRV - [2008/01/19 02:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
    DRV - [2008/01/19 02:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
    DRV - [2008/01/19 02:42:38 | 000,192,056 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
    DRV - [2008/01/19 02:42:35 | 000,181,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
    DRV - [2008/01/19 02:42:31 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
    DRV - [2008/01/19 02:42:29 | 000,163,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
    DRV - [2008/01/19 02:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/01/19 02:42:23 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
    DRV - [2008/01/19 02:42:20 | 000,151,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pci.sys -- (pci)
    DRV - [2008/01/19 02:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\disk.sys -- (disk)
    DRV - [2008/01/19 02:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/01/19 02:42:18 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
    DRV - [2008/01/19 02:42:14 | 000,049,720 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
    DRV - [2008/01/19 02:42:11 | 000,143,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
    DRV - [2008/01/19 02:41:52 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
    DRV - [2008/01/19 02:41:52 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
    DRV - [2008/01/19 02:41:49 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/01/19 02:41:40 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
    DRV - [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
    DRV - [2008/01/19 02:41:30 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
    DRV - [2008/01/19 02:41:25 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
    DRV - [2008/01/19 02:41:20 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
    DRV - [2008/01/19 02:41:14 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
    DRV - [2008/01/19 02:41:14 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
    DRV - [2008/01/19 01:14:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/01/19 01:04:19 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
    DRV - [2008/01/19 01:01:21 | 000,181,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
    DRV - [2008/01/19 01:01:15 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
    DRV - [2008/01/19 01:01:09 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
    DRV - [2008/01/19 01:01:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
    DRV - [2008/01/19 01:01:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
    DRV - [2008/01/19 01:01:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
    DRV - [2008/01/19 00:57:16 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
    DRV - [2008/01/19 00:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
    DRV - [2008/01/19 00:56:43 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
    DRV - [2008/01/19 00:56:34 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/01/19 00:56:34 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/01/19 00:56:33 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/01/19 00:56:33 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
    DRV - [2008/01/19 00:56:31 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/01/19 00:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2008/01/19 00:56:29 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/01/19 00:56:28 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
    DRV - [2008/01/19 00:56:28 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2008/01/19 00:56:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/01/19 00:56:07 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
    DRV - [2008/01/19 00:56:07 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
    DRV - [2008/01/19 00:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
    DRV - [2008/01/19 00:55:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
    DRV - [2008/01/19 00:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/01/19 00:55:41 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
    DRV - [2008/01/19 00:55:40 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/01/19 00:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
    DRV - [2008/01/19 00:55:27 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
    DRV - [2008/01/19 00:55:19 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/01/19 00:55:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
    DRV - [2008/01/19 00:55:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
    DRV - [2008/01/19 00:54:46 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
    DRV - [2008/01/19 00:53:42 | 000,194,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/01/19 00:53:40 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
    DRV - [2008/01/19 00:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
    DRV - [2008/01/19 00:53:21 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
    DRV - [2008/01/19 00:53:20 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/01/19 00:53:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2008/01/19 00:53:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/01/19 00:52:19 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
    DRV - [2008/01/19 00:52:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/01/19 00:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
    DRV - [2008/01/19 00:49:20 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/01/19 00:49:19 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
    DRV - [2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/01/19 00:49:18 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/01/19 00:49:18 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/01/19 00:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
    DRV - [2008/01/19 00:49:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
    DRV - [2008/01/19 00:49:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\null.sys -- (Null)
    DRV - [2008/01/19 00:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
    DRV - [2008/01/19 00:32:47 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
    DRV - [2008/01/19 00:30:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
    DRV - [2008/01/19 00:30:23 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
    DRV - [2008/01/19 00:28:45 | 000,110,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/01/19 00:28:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
    DRV - [2008/01/19 00:28:10 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/01/19 00:28:09 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/01/19 00:28:08 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
    DRV - [2008/01/19 00:28:02 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
    DRV - [2008/01/19 00:28:01 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
    DRV - [2008/01/19 00:28:01 | 000,136,192 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
    DRV - [2008/01/19 00:27:57 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
    DRV - [2008/01/19 00:27:21 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
    DRV - [2008/01/18 23:30:49 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/11/06 17:02:00 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
    DRV - [2007/11/06 16:54:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2007/09/19 13:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2007/09/13 18:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2007/08/15 20:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/07/24 15:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2007/07/24 10:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2007/07/21 12:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2007/07/21 12:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2007/07/21 12:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2007/07/13 12:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2007/06/01 16:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
    DRV - [2007/04/25 20:03:58 | 001,771,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/09 13:00:00 | 000,221,696 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
    DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 04:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 04:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 04:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
    DRV - [2006/11/02 04:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 04:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
    DRV - [2006/11/02 04:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
    DRV - [2006/11/02 04:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 04:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
    DRV - [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
    DRV - [2006/11/02 04:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
    DRV - [2006/11/02 04:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
    DRV - [2006/11/02 04:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
    DRV - [2006/11/02 04:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wd.sys -- (Wd)
    DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 04:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
    DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
    DRV - [2006/11/02 04:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
    DRV - [2006/11/02 04:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
    DRV - [2006/11/02 03:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
    DRV - [2006/11/02 03:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
    DRV - [2006/11/02 03:55:20 | 000,132,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
    DRV - [2006/11/02 03:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
    DRV - [2006/11/02 03:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
    DRV - [2006/11/02 03:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
    DRV - [2006/11/02 03:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\usbohci.sys -- (usbohci)
    DRV - [2006/11/02 03:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
    DRV - [2006/11/02 03:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
    DRV - [2006/11/02 03:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
    DRV - [2006/11/02 03:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
    DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
    DRV - [2006/11/02 03:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
    DRV - [2006/11/02 03:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
    DRV - [2006/11/02 03:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
    DRV - [2006/11/02 03:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
    DRV - [2006/11/02 03:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
    DRV - [2006/11/02 03:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
    DRV - [2006/11/02 03:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
    DRV - [2006/11/02 03:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
    DRV - [2006/11/02 03:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
    DRV - [2006/11/02 03:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
    DRV - [2006/11/02 03:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi)
    DRV - [2006/11/02 03:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
    DRV - [2006/11/02 03:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
    DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
    DRV - [2006/11/02 03:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
    DRV - [2006/11/02 03:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 02:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
    DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
    DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2006/09/27 07:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Guest_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
    IE - HKU\Steven_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Steven_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\Steven_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25402

    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?ie=UTF-8&amp;hl=en
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\Steven_User_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Steven_User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/mswmp,version=1.0: C:\Program Files\SpiralFrog\wmp\np-mswmp.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@SpiralFrog.com/Download Manager,version=1.0.0: C:\Program Files\SpiralFrog\NPSFDMGR.dll (SpiralFrog Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 16:34:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.528.0\firefox\extensions
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/23 15:33:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/23 15:33:05 | 000,000,000 | ---D | M]

    [2010/12/08 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/23 15:32:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/10/23 15:32:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2011/10/23 15:32:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2011/10/23 15:32:58 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2010/05/02 13:10:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2010/05/02 13:10:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2011/10/23 15:33:01 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2011/10/23 15:33:01 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2011/10/23 15:33:01 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2011/10/23 15:33:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2011/10/23 15:33:01 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2011/10/23 15:33:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2011/10/23 15:33:01 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\Steven_User_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MRT] C:\Windows\System32\MRT.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe (SpiralFrog)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    O4 - HKU\Guest_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\Steven_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKU\Steven_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Steven_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\Steven_User_ON_C..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\Steven_User_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\Steven_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\Steven_User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SENS - C:\ProgramData\dimlopmnjebx.dat ()
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    File not found -- C:\Windows\System32\
    [2011/11/27 22:34:01 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\SUPERAntiSpyware.com
    [2011/11/26 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
    [2011/11/18 20:01:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0401000.00F
    [2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
    [2011/11/18 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
    [2011/11/18 00:11:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
    [2011/11/18 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\CrashDumps
    [2011/11/17 23:13:58 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Local\NPE
    [2011/11/17 23:07:14 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2011/11/17 22:52:39 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/11/17 22:52:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys
    [2011/11/17 22:52:11 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys
    [2011/11/17 22:52:11 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys
    [2011/11/17 22:52:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symtdiv.sys
    [2011/11/17 22:52:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys
    [2011/11/17 22:52:11 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys
    [2011/11/17 22:52:11 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys
    [2011/11/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0501000.01D
    [2011/11/17 22:50:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
    [2011/11/17 22:50:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2011/11/17 22:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2011/11/17 22:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2011/11/17 21:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/11/17 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2011/11/08 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\Steven User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
    [2011/11/07 19:15:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [334 C:\Users\Steven User\Documents\*.tmp files -> C:\Users\Steven User\Documents\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\Windows\System32\
    [2011/11/28 20:39:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/28 11:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\1970516416
    [2011/11/28 11:20:55 | 000,048,016 | -HS- | M] () -- C:\Windows\System32\c_77621.nl_
    [2011/11/28 11:19:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/28 11:19:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/28 11:16:07 | 2137,415,680 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/26 19:24:11 | 146,509,049 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/26 19:09:25 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/26 19:09:25 | 000,105,530 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/26 18:43:58 | 076,004,920 | -H-- | M] () -- C:\ProgramData\xbejnmpolmid.dat
    [2011/11/26 18:04:15 | 000,001,927 | ---- | M] () -- C:\Users\Steven User\Desktop\AV Protection 2011.lnk
    [2011/11/26 17:58:53 | 000,000,925 | ---- | M] () -- C:\Users\Steven User\Desktop\Norton Installation Files.lnk
    [2011/11/26 17:57:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
    [2011/11/26 16:31:41 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ej23jnm23.dat
    [2011/11/26 16:31:31 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocejmiaiw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\odej23moc.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\muhmiaol23.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\metroosehw.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\exeiuqolmis.dat
    [2011/11/26 16:31:30 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ewqlldnolmia.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\otiuqarcjra.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\ocmuhmjila.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\niw46mia23.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\busmjnolexe.dat
    [2011/11/26 16:31:29 | 076,004,920 | ---- | M] () -- C:\Windows\System32\46nololarc.dat
    [2011/11/26 16:12:36 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\mia46mirmoc.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\arcotniwniw.dat
    [2011/11/18 20:04:49 | 076,004,920 | ---- | M] () -- C:\Windows\System32\23hwmiamoc.dat
    [2011/11/18 20:01:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
    [2011/11/18 18:20:45 | 000,775,673 | ---- | M] () -- C:\Users\Steven User\AppData\Local\dfl20z32.dll
    [2011/11/18 02:33:05 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
    [2011/11/18 02:32:44 | 000,273,408 | ---- | M] () -- C:\Windows\System32\drivers\afd.sys
    [2011/11/18 02:32:42 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
    [2011/11/18 02:32:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpnotify.exe
    [2011/11/18 02:32:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
    [2011/11/18 02:31:59 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
    [2011/11/18 02:31:15 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
    [2011/11/18 02:29:40 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
    [2011/11/18 02:29:33 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
    [2011/11/18 02:29:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
    [2011/11/18 02:29:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
    [2011/11/18 02:29:01 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printui.exe
    [2011/11/18 02:28:41 | 000,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
    [2011/11/18 02:28:41 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
    [2011/11/18 02:28:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
    [2011/11/18 02:28:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
    [2011/11/18 02:28:27 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
    [2011/11/18 02:27:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
    [2011/11/18 02:26:46 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2011/11/18 02:26:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
    [2011/11/18 02:26:33 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
    [2011/11/18 02:25:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
    [2011/11/18 02:24:18 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
    [2011/11/18 02:23:55 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
    [2011/11/18 02:23:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2011/11/18 02:22:41 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
    [2011/11/18 02:22:13 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
    [2011/11/17 23:18:19 | 002,284,298 | ---- | M] () -- C:\Windows\System32\drivers\N360\0501000.01D\Cat.DB
    [2011/11/17 23:16:36 | 006,691,812 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\SMRBackup210.dat
    [2011/11/17 22:52:39 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2011/11/17 22:52:39 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2011/11/17 22:52:39 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2011/11/17 22:52:17 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2011/11/17 20:30:31 | 000,001,814 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\ldr.ini
    [2011/11/17 18:00:24 | 000,000,680 | ---- | M] () -- C:\Users\Steven User\AppData\Local\d3d9caps.dat
    [2011/11/17 17:55:33 | 000,002,609 | ---- | M] () -- C:\Users\Steven User\Desktop\Microsoft Office Word 2003.lnk
    [2011/11/16 00:04:52 | 000,437,248 | ---- | M] () -- C:\Users\Steven User\AppData\Roaming\java.exe
    [2011/11/14 17:55:47 | 000,000,340 | ---- | M] () -- C:\Users\Steven User\AppData\Local\wsr20zt32.dll
    [2011/11/13 03:55:52 | 000,760,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2011/11/11 22:33:21 | 000,657,042 | ---- | M] () -- C:\Users\Steven User\Desktop\0.22068448169927946.exe
    [2011/11/11 00:57:47 | 000,022,519 | ---- | M] () -- C:\Windows\System32\Config.MPF
    [2011/11/09 23:14:20 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
    [2011/11/09 21:09:08 | 001,818,624 | ---- | M] () -- C:\Windows\System32\System Security 2012v121.exe
    [2011/11/09 01:58:19 | 000,215,552 | ---- | M] () -- C:\Windows\zip.exe
    [2011/11/09 00:32:40 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
    [2011/11/09 00:32:38 | 000,178,688 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
    [2011/11/09 00:31:38 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
    [2011/11/09 00:31:38 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
    [2011/11/09 00:31:37 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
    [2011/11/09 00:31:37 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2011/11/09 00:31:36 | 000,393,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
    [2011/11/09 00:31:36 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
    [2011/11/09 00:31:35 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
    [2011/11/09 00:31:35 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\write.exe
    [2011/11/09 00:31:34 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
    [2011/11/09 00:31:34 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2011/11/09 00:31:34 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
    [2011/11/09 00:31:31 | 003,364,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
    [2011/11/09 00:31:31 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winver.exe
    [2011/11/09 00:31:30 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
    [2011/11/09 00:31:29 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
    [2011/11/09 00:31:27 | 000,355,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
    [2011/11/09 00:31:22 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
    [2011/11/09 00:31:22 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
    [2011/11/09 00:31:21 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\whoami.exe
    [2011/11/09 00:31:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\where.exe
    [2011/11/09 00:31:20 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
    [2011/11/09 00:31:20 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2011/11/09 00:31:19 | 001,007,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
    [2011/11/09 00:31:18 | 001,290,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
    [2011/11/09 00:31:18 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
    [2011/11/09 00:30:41 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
    [2011/11/09 00:30:41 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
    [2011/11/09 00:30:40 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
    [2011/11/09 00:30:40 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
    [2011/11/09 00:30:39 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
    [2011/11/09 00:30:39 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
    [2011/11/09 00:30:38 | 000,786,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
    [2011/11/09 00:30:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
    [2011/11/09 00:30:37 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
    [2011/11/09 00:30:36 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
    [2011/11/09 00:30:35 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
    [2011/11/09 00:30:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
    [2011/11/09 00:30:34 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
    [2011/11/09 00:30:33 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
    [2011/11/09 00:30:33 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
    [2011/11/09 00:30:33 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
    [2011/11/09 00:30:32 | 000,233,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
    [2011/11/09 00:30:32 | 000,225,280 | ---- | M] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
    [2011/11/09 00:30:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
    [2011/11/09 00:30:30 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
    [2011/11/09 00:30:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
    [2011/11/09 00:30:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
    [2011/11/09 00:30:18 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
    [2011/11/09 00:30:18 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
    [2011/11/09 00:30:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
    [2011/11/09 00:30:17 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
    [2011/11/09 00:30:17 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
    [2011/11/09 00:30:16 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
    [2011/11/09 00:30:15 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesAdvanced.exe
    [2011/11/09 00:30:14 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
    [2011/11/09 00:30:11 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
    [2011/11/09 00:30:11 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
    [2011/11/09 00:30:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\subst.exe
    [2011/11/09 00:29:58 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
    [2011/11/09 00:29:58 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sort.exe
    [2011/11/09 00:29:57 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
    [2011/11/09 00:29:57 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
    [2011/11/09 00:29:54 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
    [2011/11/09 00:29:53 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
    [2011/11/09 00:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sigverif.exe
    [2011/11/09 00:29:51 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
    [2011/11/09 00:29:51 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
    [2011/11/09 00:29:50 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setx.exe
    [2011/11/09 00:29:50 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
    [2011/11/09 00:29:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
    [2011/11/09 00:29:49 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
    [2011/11/09 00:29:48 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2011/11/09 00:29:47 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
    [2011/11/09 00:29:47 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
    [2011/11/09 00:29:46 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
    [2011/11/09 00:29:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secinit.exe
    [2011/11/09 00:29:44 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2011/11/09 00:29:44 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
    [2011/11/09 00:29:43 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
    [2011/11/09 00:29:42 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
    [2011/11/09 00:29:42 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
    [2011/11/09 00:29:42 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
    [2011/11/09 00:29:41 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RunLegacyCPLElevated.exe
    [2011/11/09 00:29:41 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runas.exe
    [2011/11/09 00:29:39 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
    [2011/11/09 00:29:39 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
    [2011/11/09 00:29:39 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
    [2011/11/09 00:29:38 | 000,235,008 | ---- | M] (Microsoft) -- C:\Windows\System32\Robocopy.exe
    [2011/11/09 00:29:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RmClient.exe
    [2011/11/09 00:29:37 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2011/11/09 00:29:37 | 000,494,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2011/11/09 00:29:36 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2011/11/09 00:29:36 | 000,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2011/11/09 00:29:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\replace.exe
    [2011/11/09 00:29:19 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
    [2011/11/09 00:29:19 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
    [2011/11/09 00:29:18 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2011/11/09 00:29:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
    [2011/11/09 00:29:17 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
    [2011/11/09 00:29:17 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
    [2011/11/09 00:29:17 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regedt32.exe
    [2011/11/09 00:29:16 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recover.exe
    [2011/11/09 00:29:15 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
    [2011/11/09 00:29:15 | 000,186,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
    [2011/11/09 00:29:15 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
    [2011/11/09 00:29:14 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
    [2011/11/09 00:29:13 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
    [2011/11/09 00:29:12 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
    [2011/11/09 00:29:10 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2011/11/09 00:29:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
    [2011/11/09 00:29:10 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\print.exe
    [2011/11/09 00:29:09 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2011/11/09 00:29:09 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
    [2011/11/09 00:29:08 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
    [2011/11/09 00:29:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
    [2011/11/09 00:29:08 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\plasrv.exe
    [2011/11/09 00:29:07 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
    [2011/11/09 00:29:07 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
    [2011/11/09 00:29:06 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
    [2011/11/09 00:29:06 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
    [2011/11/09 00:29:05 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaui.exe
    [2011/11/09 00:29:05 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
    [2011/11/09 00:29:05 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
    [2011/11/09 00:29:04 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
    [2011/11/09 00:29:04 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2011/11/09 00:29:04 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PATHPING.EXE
    [2011/11/09 00:29:03 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
    [2011/11/09 00:29:03 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
    [2011/11/09 00:28:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.exe
    [2011/11/09 00:28:53 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcad32.exe
    [2011/11/09 00:28:53 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
    [2011/11/09 00:28:52 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2011/11/09 00:28:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
    [2011/11/09 00:28:49 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
    [2011/11/09 00:28:48 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
    [2011/11/09 00:28:48 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
    [2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
    [2011/11/09 00:28:47 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
    [2011/11/09 00:28:46 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
    [2011/11/09 00:28:46 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
    [2011/11/09 00:28:45 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
    [2011/11/09 00:28:44 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
    [2011/11/09 00:28:42 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
    [2011/11/09 00:28:41 | 000,632,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
    [2011/11/09 00:28:41 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
    [2011/11/09 00:28:41 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
    [2011/11/09 00:28:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/11/09 00:28:37 | 000,375,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
    [2011/11/09 00:28:37 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
    [2011/11/09 00:28:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
    [2011/11/09 00:28:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
    [2011/11/09 00:28:32 | 001,939,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
    [2011/11/09 00:28:19 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
    [2011/11/09 00:28:17 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
    [2011/11/09 00:28:16 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
    [2011/11/09 00:28:16 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
    [2011/11/09 00:28:16 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
    [2011/11/09 00:28:15 | 001,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
    [2011/11/09 00:28:15 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
    [2011/11/09 00:28:14 | 000,857,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
    [2011/11/09 00:28:11 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
    [2011/11/09 00:28:10 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
    [2011/11/09 00:28:10 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
    [2011/11/09 00:28:07 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2011/11/09 00:28:06 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
    [2011/11/09 00:28:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
    [2011/11/09 00:28:01 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
    [2011/11/09 00:28:00 | 000,286,720 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/11/09 00:28:00 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/11/09 00:27:59 | 000,282,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/11/09 00:27:58 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
    [2011/11/09 00:27:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
    [2011/11/09 00:27:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
    [2011/11/09 00:27:57 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
    [2011/11/09 00:27:48 | 001,060,864 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
    [2011/11/09 00:27:46 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2011/11/09 00:27:46 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/11/09 00:27:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/11/09 00:27:45 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
    [2011/11/09 00:27:44 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
    [2011/11/09 00:27:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
    [2011/11/09 00:27:42 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
    [2011/11/09 00:27:41 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
    [2011/11/09 00:27:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
    [2011/11/09 00:27:38 | 000,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
    [2011/11/09 00:27:38 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
    [2011/11/09 00:27:37 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
    [2011/11/09 00:27:36 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
    [2011/11/09 00:27:36 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
    [2011/11/09 00:27:35 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
    [2011/11/09 00:27:35 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
    [2011/11/09 00:27:35 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
    [2011/11/09 00:27:34 | 002,732,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
    [2011/11/09 00:27:34 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
    [2011/11/09 00:27:34 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
    [2011/11/09 00:27:33 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
    [2011/11/09 00:27:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
    [2011/11/09 00:27:33 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
    [2011/11/09 00:27:32 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
    [2011/11/09 00:27:31 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
    [2011/11/09 00:27:30 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
    [2011/11/09 00:27:30 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
    [2011/11/09 00:27:29 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
    [2011/11/09 00:27:29 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
    [2011/11/09 00:27:15 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2011/11/09 00:27:15 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
    [2011/11/09 00:27:14 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
    [2011/11/09 00:27:13 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
    [2011/11/09 00:22:42 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
    [2011/11/09 00:22:41 | 000,170,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
    [2011/11/09 00:22:41 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
    [2011/11/09 00:22:40 | 000,554,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
    [2011/11/09 00:22:40 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
    [2011/11/09 00:22:39 | 000,249,856 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
     
  8. SarahDoughnut5

    SarahDoughnut5 Thread Starter

    Joined:
    Nov 28, 2011
    Messages:
    6
    Here is the most recent scan:

    Sorry for the goofy name of the attachment, my brother made it
     

    Attached Files:

  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I am sorry, but you cannot post in two (2) different forums. It is either your thread at bleeping computers or this one. Your choice.

    We are all a big family and someone will be wasting time that can be use helping other users. In addition it will only serve to confuse the helper.
     
  10. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Thanks JSntgRvr

    You are in good hands on bleeping :)
    Good luck
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028767

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice