1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

suddenly slow internet

Discussion in 'Virus & Other Malware Removal' started by hatsushiba, May 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. hatsushiba

    hatsushiba Thread Starter

    Joined:
    May 1, 2010
    Messages:
    2
    hi. recently my internet speed started fluctuating. sometimes its normal, sometimes it suddenly becomes slow. i believe a malware is stealing my bandwidth because i noticed one time that my p2p download suddenly dropped speed for no apparent reason. here is my hijackthis log:

    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Acer\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\rovir09\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Users\rovir09\Desktop\NO$GBA.2.6a\NO$GBA_2.6a\NO$GBA.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files\Acer\Hotkey Utility\HotkeyUtility.exe
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\rovir09\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{254A4474-694B-494B-9691-15773703246B}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS1\Services\Tcpip\..\{254A4474-694B-494B-9691-15773703246B}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12550 bytes


    thanks in advance
     
  2. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hello, hatsushiba
    Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:

    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    Sorry for the delay in response. If you still need help, please do the following.



    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
     
  3. hatsushiba

    hatsushiba Thread Starter

    Joined:
    May 1, 2010
    Messages:
    2
    hello tom,

    sorry for the really late reply. hope you're still there to help.

    ok i did some things wrong. first, i followed your instructions, and the scan generated two reports, OTL.txt and Extra.txt. then i noticed that i forgot to show all files in my computer. so what i did was to delete the reports, show all files and run the OTL again. however, this time only 1 report was generated: OTL.txt. so i deleted it and run the scan for the third time. again only one report was generated. so i deleted the downloaded file, downloaded it again and run the scan for the fourth time. again, only 1 report was generated. sorry for making things more complicated.

    here's the report:
    OTL logfile created on: 5/27/2010 7:46:17 AM - Run 4
    OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\rovir09\Desktop
    Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 290.95 Gb Total Space | 191.08 Gb Free Space | 65.67% Space Free | Partition Type: NTFS
    Drive D: | 291.12 Gb Total Space | 286.30 Gb Free Space | 98.34% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ROVIR09-PC
    Current User Name: rovir09
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/05/27 07:45:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\rovir09\Desktop\OTL.exe
    PRC - [2010/05/21 02:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Users\rovir09\AppData\Local\Google\Chrome\Application\chrome.exe
    PRC - [2010/05/17 01:07:03 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/04/29 02:15:02 | 002,633,976 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    PRC - [2010/04/25 09:36:28 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/18 21:07:22 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\rovir09\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/12/03 18:15:46 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/12/03 18:15:14 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2009/12/02 11:56:39 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/09/16 08:26:53 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
    PRC - [2009/08/18 15:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files\Acer\Hotkey Utility\HotkeyUtility.exe
    PRC - [2009/08/07 01:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    PRC - [2009/08/07 01:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    PRC - [2009/08/04 13:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    PRC - [2009/07/20 19:21:50 | 007,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/07/04 09:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2009/07/02 13:16:22 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/07/02 13:15:52 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/06/05 10:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/05 10:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/27 06:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    PRC - [2009/04/16 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/27 07:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/27 07:45:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\rovir09\Desktop\OTL.exe
    MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 09:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 09:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 09:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 09:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
    MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/25 09:36:28 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/01/12 00:23:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/12/03 18:15:14 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/08/26 01:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/08/07 01:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
    SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/07/04 09:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2009/07/02 13:15:52 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/06/05 10:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/01/27 07:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/08 01:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/12/11 15:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/23 09:41:48 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/09/21 16:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/09/21 16:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/09/21 16:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2009/09/08 16:40:20 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2009/09/08 16:40:18 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2009/09/08 16:40:18 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2009/07/20 19:15:28 | 002,664,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 07:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
    DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/02 13:50:46 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/06/12 18:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R)
    DRV - [2009/06/11 13:18:30 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/11 05:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/06/05 09:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2009/06/05 08:28:12 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/06/02 19:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV - [2009/06/02 19:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV - [2009/06/02 19:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV - [2009/05/23 07:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/02/18 01:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/08/14 23:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
    DRV - [2007/09/18 07:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&m=aspire_m3802&r=17251109x306p03e5x025w4831t270
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4


    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/17 01:07:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 01:07:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 01:07:34 | 000,000,000 | ---D | M]

    [2010/02/07 07:02:30 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Mozilla\Extensions
    [2010/02/07 07:02:30 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/01/30 12:02:33 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Mozilla\Firefox\Profiles\6i8zn0oe.default\extensions
    [2010/03/24 13:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/01/12 00:30:25 | 000,000,852 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files\Acer\Hotkey Utility\HotkeyUtility.exe ()
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
    O4 - Startup: C:\Users\rovir09\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.80 58.69.254.142 124.104.135.73
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{707b04a3-ee53-11de-9f0d-002511812cf0}\Shell - "" = AutoRun
    O33 - MountPoints2\{707b04a3-ee53-11de-9f0d-002511812cf0}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 10:37:08 | 000,000,000 | ---D | M]
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/05/27 07:45:16 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\rovir09\Desktop\OTL.exe
    [2010/05/24 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
    [2010/05/17 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\Serway_-_Physics_For_Scientist
    [2010/05/17 01:12:25 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Local\WinZip
    [2010/05/17 01:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/05/17 01:07:05 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/05/17 01:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2010/05/17 01:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2010/05/17 01:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
    [2010/05/17 01:07:01 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\Real
    [2010/05/10 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\Avira
    [2010/05/10 18:13:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
    [2010/05/10 18:13:16 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
    [2010/05/10 18:13:15 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
    [2010/05/10 18:13:15 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
    [2010/05/10 18:13:15 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
    [2010/05/10 18:13:15 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
    [2010/05/10 18:13:15 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
    [2010/05/10 18:12:10 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
    [2010/05/10 18:12:10 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
    [2010/05/10 18:12:10 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
    [2010/05/10 18:12:10 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
    [2010/05/10 18:12:10 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
    [2010/05/10 18:12:10 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
    [2010/05/10 18:12:10 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
    [2010/05/10 18:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2010/05/10 18:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
    [2010/05/03 09:01:03 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\jing
    [2010/05/01 15:50:25 | 000,000,000 | ---D | C] -- C:\Trend Micro
    [2010/05/01 15:43:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\rovir09\Desktop\HiJackThis.exe
    [2010/05/01 15:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/29 18:53:46 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\69a6d7b96ff340139320bff5ce19438d863a847e (1)
    [2010/04/27 20:06:42 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\Shutter.Island.(2010).R5.DVDRip.XviD-MAXSPEED.english.subtitlesource
    [2010/04/26 17:09:10 | 000,000,000 | ---D | C] -- C:\SDFix
    [2010/04/24 20:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/04/22 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\FONTS
    [2010/04/21 17:36:30 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\saves
    [2010/04/20 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\FOR.E
    [2010/04/20 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/04/13 16:17:49 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\Publish Providers
    [2010/04/13 16:17:31 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\Sony
    [2010/04/13 16:17:31 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Local\Sony
    [2010/04/13 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
    [2010/04/13 16:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
    [2010/04/13 16:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/04/13 16:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
    [2010/04/13 16:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010/04/13 13:17:39 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\dvdcss
    [2010/04/05 20:55:27 | 000,066,560 | ---- | C] (Rekenwonder Software) -- C:\Users\rovir09\Desktop\revealer.exe
    [2010/04/05 11:35:13 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\University_Physics_with_Modern_Physics_12e_with_Solutions
    [2010/04/05 09:57:30 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\NO$GBA.2.6a
    [2010/04/03 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\dad
    [2010/03/28 17:02:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
    [2010/03/28 17:02:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
    [2010/03/19 18:51:14 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Desktop\pictures
    [2010/03/15 12:16:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/03/15 12:16:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/03/15 12:16:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/03/15 12:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/03/15 12:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/03/04 08:06:23 | 000,000,000 | ---D | C] -- C:\Users\rovir09\AppData\Roaming\Facebook
    [2010/03/02 02:40:36 | 000,000,000 | ---D | C] -- C:\Users\rovir09\Documents\Unzipped
    [2010/03/02 01:58:27 | 000,000,000 | ---D | C] -- C:\Windows\CD95F661A5C444F5A6AAECDD91C240BB.TMP
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/05/27 07:46:44 | 004,718,592 | -HS- | M] () -- C:\Users\rovir09\NTUSER.DAT
    [2010/05/27 07:45:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\rovir09\Desktop\OTL.exe
    [2010/05/27 07:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/27 07:20:10 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/05/27 07:20:10 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/05/27 07:12:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4236441813-4096366845-1883141491-1000UA.job
    [2010/05/27 04:20:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/27 04:20:01 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2010/05/27 04:20:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/05/27 04:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/05/27 04:19:49 | 1609,936,896 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/26 23:18:31 | 002,912,165 | -H-- | M] () -- C:\Users\rovir09\AppData\Local\IconCache.db
    [2010/05/26 21:24:39 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4236441813-4096366845-1883141491-1000Core.job
    [2010/05/26 13:26:07 | 000,002,377 | ---- | M] () -- C:\Users\rovir09\Desktop\Google Chrome.lnk
    [2010/05/25 21:54:25 | 000,035,328 | ---- | M] () -- C:\Users\rovir09\Desktop\eng3.doc
    [2010/05/25 21:52:23 | 000,030,720 | ---- | M] () -- C:\Users\rovir09\Desktop\eng2.doc
    [2010/05/25 21:45:16 | 000,036,352 | ---- | M] () -- C:\Users\rovir09\Desktop\eng1.doc
    [2010/05/24 20:25:52 | 000,001,226 | ---- | M] () -- C:\Users\rovir09\Desktop\Veoh.com.lnk
    [2010/05/24 20:24:25 | 010,779,760 | ---- | M] () -- C:\Users\rovir09\Desktop\VeohWebPlayerSetup_eng.exe
    [2010/05/24 15:54:39 | 000,027,136 | ---- | M] () -- C:\Users\rovir09\Desktop\physics answers.doc
    [2010/05/24 15:52:49 | 000,099,328 | ---- | M] () -- C:\Users\rovir09\Desktop\physics questions.doc
    [2010/05/18 22:15:31 | 002,617,894 | ---- | M] () -- C:\Users\rovir09\Desktop\schubert serenade.mp3
    [2010/05/18 22:11:45 | 000,000,000 | ---- | M] () -- C:\Users\rovir09\Desktop\Serenade-schubert_.mp3
    [2010/05/18 22:06:04 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/05/18 22:06:04 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/05/18 22:06:04 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/05/18 07:23:08 | 009,392,138 | ---- | M] () -- C:\Users\rovir09\Desktop\LMP20100515.mp3
    [2010/05/17 20:00:27 | 139,018,599 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/05/17 14:11:24 | 000,028,672 | ---- | M] () -- C:\Users\rovir09\Desktop\answers.doc
    [2010/05/17 14:09:56 | 000,049,152 | ---- | M] () -- C:\Users\rovir09\Desktop\sample problems.doc
    [2010/05/17 10:44:41 | 066,489,596 | ---- | M] () -- C:\Users\rovir09\Desktop\Serway_-_Physics_For_Scientist.rar
    [2010/05/17 10:21:06 | 000,188,928 | ---- | M] () -- C:\Users\rovir09\Desktop\valsci handouts in physics.doc
    [2010/05/17 01:45:02 | 000,000,455 | ---- | M] () -- C:\Windows\cdplayer.ini
    [2010/05/17 01:32:05 | 009,394,186 | ---- | M] () -- C:\Users\rovir09\Desktop\LMP20100508.mp3
    [2010/05/17 01:12:16 | 000,304,317 | ---- | M] () -- C:\Users\rovir09\Desktop\EO 56 Research (1).zip
    [2010/05/17 01:07:29 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Free Movies & Games.lnk
    [2010/05/17 01:07:29 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/05/17 01:07:05 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/05/17 01:05:27 | 000,304,317 | ---- | M] () -- C:\Users\rovir09\Desktop\EO 56 Research.zip
    [2010/05/12 23:21:45 | 000,078,336 | ---- | M] () -- C:\Users\rovir09\Desktop\FS Proposed GS0307 Audit Plan S2 V1 (2) (1).doc
    [2010/05/12 23:21:43 | 000,078,336 | ---- | M] () -- C:\Users\rovir09\Desktop\FS Proposed GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:52 | 000,000,162 | -H-- | M] () -- C:\Users\rovir09\Desktop\~$undation GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:33 | 000,093,184 | ---- | M] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:20 | 000,093,184 | ---- | M] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1 (1).doc
    [2010/05/12 18:38:16 | 000,093,184 | ---- | M] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1.doc
    [2010/05/12 05:06:49 | 000,282,112 | ---- | M] () -- C:\Users\rovir09\Desktop\toyota foundation.doc
    [2010/05/12 02:33:41 | 000,061,525 | ---- | M] () -- C:\Users\rovir09\Desktop\I100219MNL PAGADUAN MS.pdf
    [2010/05/12 00:59:55 | 000,044,544 | ---- | M] () -- C:\Users\rovir09\Desktop\proposed fund releases_dollarpeso.doc
    [2010/05/12 00:59:12 | 000,079,360 | ---- | M] () -- C:\Users\rovir09\Desktop\CHSMM Researc Design_REVISED.doc
    [2010/05/11 23:59:18 | 000,233,984 | ---- | M] () -- C:\Users\rovir09\Desktop\10kie_kjp_kenjyo.doc
    [2010/05/11 22:32:36 | 000,205,312 | ---- | M] () -- C:\Users\rovir09\Desktop\10kie_arp_rinjin.doc
    [2010/05/11 21:59:08 | 000,090,112 | ---- | M] () -- C:\Users\rovir09\Desktop\Draft Research Plan with inputs from Jermaine.doc
    [2010/05/11 05:47:13 | 000,021,467 | ---- | M] () -- C:\Users\rovir09\Desktop\uplbcampusmap.jpg
    [2010/05/10 21:55:11 | 000,216,064 | ---- | M] () -- C:\Users\rovir09\Desktop\804233Sec1105.doc
    [2010/05/10 21:35:12 | 000,334,947 | ---- | M] () -- C:\Users\rovir09\Desktop\Photo0013.jpg
    [2010/05/10 18:10:07 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2010/05/10 17:32:51 | 128,264,856 | ---- | M] () -- C:\Users\rovir09\Desktop\New_PC_Studio_1.4.0.IL1.exe
    [2010/05/10 08:36:33 | 001,867,053 | ---- | M] () -- C:\Users\rovir09\Desktop\Gensomaden Saiyuki - Alone-(Music box version).mp3
    [2010/05/08 10:30:28 | 000,158,243 | ---- | M] () -- C:\Users\rovir09\Desktop\no$gba-w.zip
    [2010/05/06 05:28:25 | 000,004,048 | ---- | M] () -- C:\Users\rovir09\Desktop\image006.jpg
    [2010/05/06 05:28:11 | 000,044,106 | ---- | M] () -- C:\Users\rovir09\Desktop\image001.jpg
    [2010/05/06 05:27:55 | 000,083,061 | ---- | M] () -- C:\Users\rovir09\Desktop\pic26428.jpg
    [2010/05/06 05:27:46 | 000,086,461 | ---- | M] () -- C:\Users\rovir09\Desktop\pic02670.jpg
    [2010/05/06 05:27:33 | 000,050,182 | ---- | M] () -- C:\Users\rovir09\Desktop\pic15759.jpg
    [2010/05/06 05:27:12 | 000,087,482 | ---- | M] () -- C:\Users\rovir09\Desktop\pic23392.jpg
    [2010/05/06 05:24:48 | 000,044,106 | ---- | M] () -- C:\Users\rovir09\Desktop\pic05601 (1).jpg
    [2010/05/06 05:24:06 | 000,044,106 | ---- | M] () -- C:\Users\rovir09\Desktop\pic05601.jpg
    [2010/05/04 14:53:17 | 000,015,053 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] True.Legend.2010.DVDRip.X264.AC3-gandarloda.5515640.TPB.torrent
    [2010/05/01 15:50:28 | 000,002,945 | ---- | M] () -- C:\Users\rovir09\Desktop\HiJackThis.lnk
    [2010/05/01 15:43:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\rovir09\Desktop\HiJackThis.exe
    [2010/05/01 15:38:31 | 001,402,880 | ---- | M] () -- C:\Users\rovir09\Desktop\HiJackThis.msi
    [2010/05/01 07:46:31 | 000,034,304 | ---- | M] () -- C:\Users\rovir09\Desktop\IQA part 1 (1).doc
    [2010/05/01 07:46:18 | 000,034,304 | ---- | M] () -- C:\Users\rovir09\Desktop\IQA part 1.doc
    [2010/04/29 18:53:04 | 000,043,733 | ---- | M] () -- C:\Users\rovir09\Desktop\69a6d7b96ff340139320bff5ce19438d863a847e (1).zip
    [2010/04/29 18:50:32 | 000,043,733 | ---- | M] () -- C:\Users\rovir09\Desktop\69a6d7b96ff340139320bff5ce19438d863a847e.zip
    [2010/04/29 16:31:23 | 000,256,806 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] db283f58dd0d233dadb767f2da96627d89d37846.torrent
    [2010/04/27 20:06:29 | 000,044,750 | ---- | M] () -- C:\Users\rovir09\Desktop\Shutter.Island.(2010).R5.DVDRip.XviD-MAXSPEED.english.subtitlesource.zip
    [2010/04/26 07:59:12 | 000,036,352 | ---- | M] () -- C:\Users\rovir09\Desktop\Valscipta resolution.doc
    [2010/04/25 08:50:48 | 002,359,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/04/24 22:40:27 | 000,117,960 | ---- | M] () -- C:\Users\rovir09\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/04/24 21:14:54 | 000,015,264 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
    [2010/04/24 21:03:39 | 000,015,046 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] The Bounty Hunter.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
    [2010/04/22 15:27:03 | 000,001,115 | ---- | M] () -- C:\Users\rovir09\Desktop\Yahoo! Messenger.lnk
    [2010/04/20 08:16:25 | 003,553,280 | ---- | M] () -- C:\Users\rovir09\Desktop\GEOGRAPHY_posted.ppt
    [2010/04/18 14:00:02 | 003,084,051 | ---- | M] () -- C:\Users\rovir09\Desktop\IMG.jpg
    [2010/04/18 13:44:03 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/04/16 15:33:18 | 000,103,168 | ---- | M] () -- C:\Users\rovir09\Desktop\12295_1113431212101_1716566885_219516_7054092_n.jpg
    [2010/04/13 16:12:58 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 8.0.lnk
    [2010/04/07 22:28:40 | 910,379,008 | ---- | M] () -- C:\Users\rovir09\Desktop\BM 2 ep01 (704x396).avi
    [2010/04/07 20:50:13 | 000,041,292 | ---- | M] () -- C:\Users\rovir09\Desktop\Bloody Monday Season 2 ep05 (704x396 DivX6).avi.torrent
    [2010/04/07 17:18:37 | 000,023,762 | ---- | M] () -- C:\Users\rovir09\Desktop\FS 106_SRUIJK_2nd_09-10.xlsx
    [2010/04/06 06:55:47 | 000,096,256 | ---- | M] () -- C:\Users\rovir09\Desktop\pre test physics.doc
    [2010/04/06 06:20:31 | 000,045,568 | ---- | M] () -- C:\Users\rovir09\Desktop\UPCAT 2010 (2).doc
    [2010/04/06 06:20:28 | 000,045,568 | ---- | M] () -- C:\Users\rovir09\Desktop\UPCAT 2010 (1).doc
    [2010/04/05 20:55:30 | 000,066,560 | ---- | M] (Rekenwonder Software) -- C:\Users\rovir09\Desktop\revealer.exe
    [2010/04/05 20:00:48 | 008,915,968 | ---- | M] () -- C:\Users\rovir09\Desktop\attachments_2010_04_05.zip
    [2010/04/05 15:31:53 | 000,040,864 | ---- | M] () -- C:\Users\rovir09\Documents\question.docx
    [2010/04/05 14:02:25 | 000,045,568 | ---- | M] () -- C:\Users\rovir09\Desktop\UPCAT 2010.doc
    [2010/04/05 13:00:34 | 000,142,635 | ---- | M] () -- C:\Users\rovir09\Desktop\PhysicsTeam.pdf
    [2010/04/05 11:00:21 | 336,224,398 | ---- | M] () -- C:\Users\rovir09\Desktop\University_Physics_with_Modern_Physics_12e_with_Solutions.rar
    [2010/04/05 08:13:46 | 024,626,304 | ---- | M] () -- C:\Users\rovir09\Desktop\__Tipler_-_Physics_5_Ed_--_Com.PDF
    [2010/04/04 13:22:41 | 000,306,624 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] 2012[2009]DvDrip[Eng]-FXG.5330542.TPB.torrent
    [2010/04/04 13:22:41 | 000,306,624 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] 2012[2009]DvDrip[Eng]-FXG.5330542.TPB (1).torrent
    [2010/04/03 13:58:10 | 000,029,369 | ---- | M] () -- C:\Users\rovir09\Desktop\the.time.travelers.wife.(2009).eng.1cd.(3623844).zip
    [2010/03/29 13:04:51 | 000,021,371 | ---- | M] () -- C:\Users\rovir09\Desktop\[isoHunt] The Time Traveler's Wife {2009} DVDRIP. Jaybob.torrent
    [2010/03/26 22:37:06 | 042,281,152 | ---- | M] () -- C:\Users\rovir09\Desktop\avira_antivir_personal_en.exe
    [2010/03/26 15:35:08 | 000,022,087 | ---- | M] () -- C:\Users\rovir09\Desktop\CRMB4N_OR03242010.pdf
    [2010/03/23 11:15:58 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    [2010/03/15 12:17:12 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/02/26 14:35:34 | 000,014,908 | ---- | M] () -- C:\Users\rovir09\Documents\Guidelines for analyzing fiction.docx
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/25 21:54:23 | 000,035,328 | ---- | C] () -- C:\Users\rovir09\Desktop\eng3.doc
    [2010/05/25 21:52:21 | 000,030,720 | ---- | C] () -- C:\Users\rovir09\Desktop\eng2.doc
    [2010/05/25 21:45:14 | 000,036,352 | ---- | C] () -- C:\Users\rovir09\Desktop\eng1.doc
    [2010/05/24 20:25:52 | 000,001,226 | ---- | C] () -- C:\Users\rovir09\Desktop\Veoh.com.lnk
    [2010/05/24 20:18:09 | 010,779,760 | ---- | C] () -- C:\Users\rovir09\Desktop\VeohWebPlayerSetup_eng.exe
    [2010/05/24 15:54:39 | 000,027,136 | ---- | C] () -- C:\Users\rovir09\Desktop\physics answers.doc
    [2010/05/24 10:57:57 | 000,099,328 | ---- | C] () -- C:\Users\rovir09\Desktop\physics questions.doc
    [2010/05/18 22:14:58 | 002,617,894 | ---- | C] () -- C:\Users\rovir09\Desktop\schubert serenade.mp3
    [2010/05/18 22:11:45 | 000,000,000 | ---- | C] () -- C:\Users\rovir09\Desktop\Serenade-schubert_.mp3
    [2010/05/18 07:20:51 | 009,392,138 | ---- | C] () -- C:\Users\rovir09\Desktop\LMP20100515.mp3
    [2010/05/17 12:34:42 | 000,028,672 | ---- | C] () -- C:\Users\rovir09\Desktop\answers.doc
    [2010/05/17 12:34:27 | 000,049,152 | ---- | C] () -- C:\Users\rovir09\Desktop\sample problems.doc
    [2010/05/17 10:24:32 | 066,489,596 | ---- | C] () -- C:\Users\rovir09\Desktop\Serway_-_Physics_For_Scientist.rar
    [2010/05/17 01:37:42 | 000,000,455 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2010/05/17 01:29:40 | 009,394,186 | ---- | C] () -- C:\Users\rovir09\Desktop\LMP20100508.mp3
    [2010/05/17 01:12:10 | 000,304,317 | ---- | C] () -- C:\Users\rovir09\Desktop\EO 56 Research (1).zip
    [2010/05/17 01:07:29 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Free Movies & Games.lnk
    [2010/05/17 01:07:29 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
    [2010/05/17 01:05:13 | 000,304,317 | ---- | C] () -- C:\Users\rovir09\Desktop\EO 56 Research.zip
    [2010/05/16 16:33:40 | 000,188,928 | ---- | C] () -- C:\Users\rovir09\Desktop\valsci handouts in physics.doc
    [2010/05/12 23:21:44 | 000,078,336 | ---- | C] () -- C:\Users\rovir09\Desktop\FS Proposed GS0307 Audit Plan S2 V1 (2) (1).doc
    [2010/05/12 23:21:42 | 000,078,336 | ---- | C] () -- C:\Users\rovir09\Desktop\FS Proposed GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:52 | 000,000,162 | -H-- | C] () -- C:\Users\rovir09\Desktop\~$undation GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:31 | 000,093,184 | ---- | C] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1 (2).doc
    [2010/05/12 18:38:18 | 000,093,184 | ---- | C] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1 (1).doc
    [2010/05/12 18:38:15 | 000,093,184 | ---- | C] () -- C:\Users\rovir09\Desktop\Foundation GS0307 Audit Plan S2 V1.doc
    [2010/05/12 02:33:40 | 000,061,525 | ---- | C] () -- C:\Users\rovir09\Desktop\I100219MNL PAGADUAN MS.pdf
    [2010/05/12 01:29:47 | 000,282,112 | ---- | C] () -- C:\Users\rovir09\Desktop\toyota foundation.doc
    [2010/05/12 00:59:54 | 000,044,544 | ---- | C] () -- C:\Users\rovir09\Desktop\proposed fund releases_dollarpeso.doc
    [2010/05/12 00:59:11 | 000,079,360 | ---- | C] () -- C:\Users\rovir09\Desktop\CHSMM Researc Design_REVISED.doc
    [2010/05/11 23:59:14 | 000,233,984 | ---- | C] () -- C:\Users\rovir09\Desktop\10kie_kjp_kenjyo.doc
    [2010/05/11 22:32:33 | 000,205,312 | ---- | C] () -- C:\Users\rovir09\Desktop\10kie_arp_rinjin.doc
    [2010/05/11 21:59:06 | 000,090,112 | ---- | C] () -- C:\Users\rovir09\Desktop\Draft Research Plan with inputs from Jermaine.doc
    [2010/05/11 05:47:12 | 000,021,467 | ---- | C] () -- C:\Users\rovir09\Desktop\uplbcampusmap.jpg
    [2010/05/10 21:55:07 | 000,216,064 | ---- | C] () -- C:\Users\rovir09\Desktop\804233Sec1105.doc
    [2010/05/10 21:40:00 | 000,334,947 | ---- | C] () -- C:\Users\rovir09\Desktop\Photo0013.jpg
    [2010/05/10 18:10:07 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
    [2010/05/10 16:59:33 | 128,264,856 | ---- | C] () -- C:\Users\rovir09\Desktop\New_PC_Studio_1.4.0.IL1.exe
    [2010/05/10 08:35:57 | 001,867,053 | ---- | C] () -- C:\Users\rovir09\Desktop\Gensomaden Saiyuki - Alone-(Music box version).mp3
    [2010/05/08 10:30:24 | 000,158,243 | ---- | C] () -- C:\Users\rovir09\Desktop\no$gba-w.zip
    [2010/05/06 05:28:25 | 000,004,048 | ---- | C] () -- C:\Users\rovir09\Desktop\image006.jpg
    [2010/05/06 05:28:10 | 000,044,106 | ---- | C] () -- C:\Users\rovir09\Desktop\image001.jpg
    [2010/05/06 05:27:54 | 000,083,061 | ---- | C] () -- C:\Users\rovir09\Desktop\pic26428.jpg
    [2010/05/06 05:27:44 | 000,086,461 | ---- | C] () -- C:\Users\rovir09\Desktop\pic02670.jpg
    [2010/05/06 05:27:32 | 000,050,182 | ---- | C] () -- C:\Users\rovir09\Desktop\pic15759.jpg
    [2010/05/06 05:27:11 | 000,087,482 | ---- | C] () -- C:\Users\rovir09\Desktop\pic23392.jpg
    [2010/05/06 05:24:47 | 000,044,106 | ---- | C] () -- C:\Users\rovir09\Desktop\pic05601 (1).jpg
    [2010/05/06 05:24:05 | 000,044,106 | ---- | C] () -- C:\Users\rovir09\Desktop\pic05601.jpg
    [2010/05/04 14:53:17 | 000,015,053 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] True.Legend.2010.DVDRip.X264.AC3-gandarloda.5515640.TPB.torrent
    [2010/05/01 15:50:28 | 000,002,945 | ---- | C] () -- C:\Users\rovir09\Desktop\HiJackThis.lnk
    [2010/05/01 15:38:02 | 001,402,880 | ---- | C] () -- C:\Users\rovir09\Desktop\HiJackThis.msi
    [2010/05/01 07:46:04 | 000,034,304 | ---- | C] () -- C:\Users\rovir09\Desktop\IQA part 1 (1).doc
    [2010/05/01 07:45:50 | 000,034,304 | ---- | C] () -- C:\Users\rovir09\Desktop\IQA part 1.doc
    [2010/04/29 18:53:04 | 000,043,733 | ---- | C] () -- C:\Users\rovir09\Desktop\69a6d7b96ff340139320bff5ce19438d863a847e (1).zip
    [2010/04/29 18:50:30 | 000,043,733 | ---- | C] () -- C:\Users\rovir09\Desktop\69a6d7b96ff340139320bff5ce19438d863a847e.zip
    [2010/04/29 16:31:19 | 000,256,806 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] db283f58dd0d233dadb767f2da96627d89d37846.torrent
    [2010/04/27 20:06:28 | 000,044,750 | ---- | C] () -- C:\Users\rovir09\Desktop\Shutter.Island.(2010).R5.DVDRip.XviD-MAXSPEED.english.subtitlesource.zip
    [2010/04/26 07:59:11 | 000,036,352 | ---- | C] () -- C:\Users\rovir09\Desktop\Valscipta resolution.doc
    [2010/04/24 21:14:50 | 000,015,264 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
    [2010/04/24 21:03:36 | 000,015,046 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] The Bounty Hunter.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
    [2010/04/22 15:27:03 | 000,001,115 | ---- | C] () -- C:\Users\rovir09\Desktop\Yahoo! Messenger.lnk
    [2010/04/20 12:46:02 | 139,018,599 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/04/20 08:15:28 | 003,553,280 | ---- | C] () -- C:\Users\rovir09\Desktop\GEOGRAPHY_posted.ppt
    [2010/04/18 13:54:07 | 003,084,051 | ---- | C] () -- C:\Users\rovir09\Desktop\IMG.jpg
    [2010/04/16 15:33:17 | 000,103,168 | ---- | C] () -- C:\Users\rovir09\Desktop\12295_1113431212101_1716566885_219516_7054092_n.jpg
    [2010/04/13 16:25:12 | 000,051,205 | ---- | C] () -- C:\Users\rovir09\Desktop\1177570930PKXY1A.jpg
    [2010/04/13 16:12:58 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 8.0.lnk
    [2010/04/07 20:50:12 | 000,041,292 | ---- | C] () -- C:\Users\rovir09\Desktop\Bloody Monday Season 2 ep05 (704x396 DivX6).avi.torrent
    [2010/04/07 18:23:34 | 910,379,008 | ---- | C] () -- C:\Users\rovir09\Desktop\BM 2 ep01 (704x396).avi
    [2010/04/07 17:18:36 | 000,023,762 | ---- | C] () -- C:\Users\rovir09\Desktop\FS 106_SRUIJK_2nd_09-10.xlsx
    [2010/04/06 06:20:29 | 000,045,568 | ---- | C] () -- C:\Users\rovir09\Desktop\UPCAT 2010 (2).doc
    [2010/04/06 06:20:26 | 000,045,568 | ---- | C] () -- C:\Users\rovir09\Desktop\UPCAT 2010 (1).doc
    [2010/04/05 19:58:29 | 008,915,968 | ---- | C] () -- C:\Users\rovir09\Desktop\attachments_2010_04_05.zip
    [2010/04/05 17:11:07 | 000,096,256 | ---- | C] () -- C:\Users\rovir09\Desktop\pre test physics.doc
    [2010/04/05 15:31:52 | 000,040,864 | ---- | C] () -- C:\Users\rovir09\Documents\question.docx
    [2010/04/05 14:02:24 | 000,045,568 | ---- | C] () -- C:\Users\rovir09\Desktop\UPCAT 2010.doc
    [2010/04/05 13:00:30 | 000,142,635 | ---- | C] () -- C:\Users\rovir09\Desktop\PhysicsTeam.pdf
    [2010/04/05 08:36:49 | 336,224,398 | ---- | C] () -- C:\Users\rovir09\Desktop\University_Physics_with_Modern_Physics_12e_with_Solutions.rar
    [2010/04/05 07:57:23 | 024,626,304 | ---- | C] () -- C:\Users\rovir09\Desktop\__Tipler_-_Physics_5_Ed_--_Com.PDF
    [2010/04/04 13:22:41 | 000,306,624 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] 2012[2009]DvDrip[Eng]-FXG.5330542.TPB (1).torrent
    [2010/04/04 13:22:35 | 000,306,624 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] 2012[2009]DvDrip[Eng]-FXG.5330542.TPB.torrent
    [2010/04/03 13:58:02 | 000,029,369 | ---- | C] () -- C:\Users\rovir09\Desktop\the.time.travelers.wife.(2009).eng.1cd.(3623844).zip
    [2010/03/29 13:04:50 | 000,021,371 | ---- | C] () -- C:\Users\rovir09\Desktop\[isoHunt] The Time Traveler's Wife {2009} DVDRIP. Jaybob.torrent
    [2010/03/26 21:54:28 | 042,281,152 | ---- | C] () -- C:\Users\rovir09\Desktop\avira_antivir_personal_en.exe
    [2010/03/26 15:35:07 | 000,022,087 | ---- | C] () -- C:\Users\rovir09\Desktop\CRMB4N_OR03242010.pdf
    [2010/03/23 11:15:58 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    [2010/03/23 11:14:43 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2010/03/15 12:17:12 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2010/02/26 14:10:30 | 000,014,908 | ---- | C] () -- C:\Users\rovir09\Documents\Guidelines for analyzing fiction.docx
    [2010/01/03 02:13:49 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
    [2009/12/10 17:19:56 | 000,000,291 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/12/08 06:22:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/12/07 14:39:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2009/12/07 14:39:20 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2007/10/26 09:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

    ========== LOP Check ==========

    [2010/03/24 14:26:34 | 000,000,000 | -HSD | M] -- C:\Users\rovir09\AppData\Roaming\.#
    [2010/03/04 08:06:24 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Facebook
    [2009/12/02 03:28:05 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\GameConsole
    [2010/05/27 04:20:24 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\LimeWire
    [2009/12/07 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\PC Suite
    [2009/12/15 03:11:56 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\PlayFirst
    [2010/04/13 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Publish Providers
    [2009/12/07 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Samsung
    [2010/04/13 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Sony
    [2010/01/30 01:44:16 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\Template
    [2010/05/27 07:40:32 | 000,000,000 | ---D | M] -- C:\Users\rovir09\AppData\Roaming\uTorrent
    [2010/05/01 07:21:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: IASTOR.SYS >
    [2009/06/05 09:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
    [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\IaStor.sys
    [2009/06/05 09:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
    [2009/06/05 09:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
    [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
    [2009/06/05 09:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys

    < MD5 for: IASTORV.SYS >
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E3C56885
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E1982A23
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:ABE89FFE
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

    < End of report >
     
  4. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi :)


    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920363

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice