eraddd
2010-08-26, 01:03
Hello, I'm here because a malware affected my computer and it simply will not go away. NOD32 has continually blocked its actions (disconnected the connection to malicious sites etc etc), but cannot clean the computer as the processes keep coming back. The files that run it usually appear in the localApps folder in the temp folder, but after I delete, they come back.
Spybot's website is also being blocked, so I cannot update, nor can I update Adaware. Adaware also crashes whenever I try to run a full scan (a smart scan revealed a trojan which I disposed of already).
Here is the DDS Log
DDS (Ver_10-03-17.01) - NTFSX64
Run by Administrator at 15:58:01.49 on 25/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3956.1863 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UTSCSI.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
C:\Users\Administrator\Documents\Core Temp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.naver.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TPKMAPMN] c:\program files (x86)\thinkpad\utilities\TpKmapMn.exe
uRun: [Core Temp] "c:\users\administrator\documents\Core Temp.exe"
uRun: [XBV6RD5SZF] c:\users\admini~1\appdata\local\temp\Wcd.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [TPKMAPHELPER] c:\program files (x86)\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\administrator\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 93.188.163.189,93.188.166.189
TCP: {00AF639A-1B33-4A9B-BAB7-4C2267774A09} = 93.188.163.189,93.188.166.189
TCP: {751FA41C-8220-4B65-A9DE-EF057D3E49CD} = 93.188.163.189,93.188.166.189
TCP: {76244BC4-7621-4868-A71E-5B1B04AEFB7A} = 93.188.163.189,93.188.166.189
TCP: {B13D8113-52BE-449B-85E8-477EA2524ABB} = 93.188.163.189,93.188.166.189
TCP: {C8E74575-2FB5-4900-AAF7-3EA7418D5DF7} = 93.188.163.189,93.188.166.189
TCP: {FD1208DA-52BD-4153-A866-2A1114C45748} = 93.188.163.189,93.188.166.189
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
mRun-x64: [PLFSetI] c:\windows\PLFSetI.exe
mRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\NPNLiveCast.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-2-9 180184]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-25 69152]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-8-4 195016]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2010-2-9 810112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 123200]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-10 865824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-3-18 2560]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-30 336728]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2010-5-20 13832]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2009-11-4 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 7195648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 265728]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools64.sys [2010-4-25 47160]
R3 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-4 56344]
R3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe -product hss --> c:\program files (x86)\hotspot shield\bin\hsswd.exe -product HSS [?]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-10 151936]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-9-24 62720]
R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-6-19 31232]
R3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2010-5-20 134928]
R3 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-4 240160]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe --> c:\program files (x86)\egistec\mywinlocker 3\x86\\MWLService.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-25 1153368]
S3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 203264]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-22 40448]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 108072]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-7-1 525040]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-7-4 252928]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1255736]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2010-6-19 704760]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-25 22:46:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-25 22:46:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-25 21:34:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 21:20:57 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-25 21:20:35 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 21:20:25 0 d-----w- c:\programdata\Lavasoft
2010-08-25 21:20:25 0 d-----w- c:\program files (x86)\Lavasoft
2010-08-24 17:41:34 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 17:41:34 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-19 19:36:08 0 d-----w- c:\users\admini~1\appdata\roaming\DiskAid
2010-08-18 22:06:42 213120 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-08-18 20:18:22 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-18 20:18:22 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-08-18 20:18:22 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-08-18 20:17:34 0 d-----w- c:\program files\iPod
2010-08-18 20:17:33 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-18 20:17:33 0 d-----w- c:\program files\iTunes
2010-08-18 20:17:33 0 d-----w- c:\program files (x86)\iTunes
2010-08-18 20:16:43 0 d-----w- c:\programdata\Apple Computer
2010-08-18 20:15:37 0 d-----w- c:\program files\common files\Apple
2010-08-18 20:15:30 0 d-----w- c:\program files\Bonjour
2010-08-18 20:15:30 0 d-----w- c:\program files (x86)\Bonjour
2010-08-18 20:02:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-17 23:22:21 0 d-----w- c:\users\admini~1\appdata\roaming\dBpoweramp
2010-08-17 22:45:07 0 d-----w- c:\program files (x86)\NeoSmart Technologies
2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Vuze_Remote
2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Conduit
2010-08-11 05:40:44 57436 ----a-w- c:\windows\DASShp.dll
2010-08-11 05:40:44 0 d-----w- c:\program files (x86)\Microsoft Reader
2010-08-05 05:32:18 0 d-----w- c:\program files\WinPcap
2010-08-05 05:32:06 0 d-----w- c:\users\admini~1\appdata\roaming\Neoretix
2010-08-04 14:18:48 195016 ----a-r- c:\windows\system32\drivers\PCGenFAM.sys
2010-08-04 14:18:46 0 d-----w- c:\program files\Soluto
2010-08-04 14:18:11 0 d-----w- c:\programdata\Soluto
2010-08-04 14:06:11 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-01 15:18:13 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
2010-08-01 15:12:01 0 d-----r- c:\program files (x86)\Skype
2010-08-01 15:11:59 0 d-----w- c:\programdata\Skype
2010-07-28 16:21:41 0 d-----w- c:\programdata\ATI
2010-07-28 15:57:57 0 d-----w- c:\program files (x86)\StarCraft II
==================== Find3M ====================
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-19 08:40:36 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-11 11:28:38 45056 ----a-w- c:\windows\syswow64\UTSCSI.EXE
2010-07-07 02:30:08 7195648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-07-07 01:15:42 265728 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-07-07 01:14:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-07-02 02:08:32 525040 ----a-w- c:\windows\system32\drivers\SRS_HDAL_amd64.sys
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-29 07:55:39 5894 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp CD Writer.dat
2010-06-29 07:55:01 1850 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2010-06-29 07:54:58 2234 ----a-w- c:\windows\syswow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2010-06-29 07:54:56 11479 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2010-06-29 07:54:46 3014 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
2010-06-29 07:54:39 3071 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2010-06-29 07:54:32 3159 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-06-29 07:54:25 3113 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-29 07:54:19 2993 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-29 07:54:12 2849 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2010-06-29 07:52:44 11030 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-06-29 07:52:37 15613 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-15 01:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021420100215\index.dat
2010-02-16 01:38:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021520100216\index.dat
2010-02-17 01:42:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021620100217\index.dat
2010-02-18 03:29:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021720100218\index.dat
2010-02-19 03:52:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021820100219\index.dat
2010-02-20 04:01:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021920100220\index.dat
2010-02-21 04:27:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022020100221\index.dat
2010-02-22 04:28:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022120100222\index.dat
2010-02-23 04:34:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100223\index.dat
2010-02-24 06:03:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022320100224\index.dat
2010-02-25 06:21:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022420100225\index.dat
2010-02-26 06:34:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022520100226\index.dat
2010-02-27 06:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022620100227\index.dat
2010-02-28 06:57:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022720100228\index.dat
2010-03-01 00:44:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022820100301\index.dat
2010-03-02 00:45:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100302\index.dat
2010-03-03 01:12:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030220100303\index.dat
2010-03-04 01:43:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030320100304\index.dat
2010-03-05 02:08:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030420100305\index.dat
2010-03-06 02:36:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030520100306\index.dat
2010-03-07 03:05:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030620100307\index.dat
2010-03-08 03:19:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030720100308\index.dat
2010-03-09 03:45:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100309\index.dat
2010-03-10 03:50:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030920100310\index.dat
2010-03-11 04:00:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031020100311\index.dat
2010-03-12 04:04:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031120100312\index.dat
2010-03-13 04:27:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031220100313\index.dat
2010-03-14 04:45:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031320100314\index.dat
2010-03-15 05:14:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031420100315\index.dat
2010-03-16 05:36:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100316\index.dat
2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100322\index.dat
2010-03-17 05:49:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031620100317\index.dat
2010-03-18 05:54:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031720100318\index.dat
2010-03-19 06:22:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031820100319\index.dat
2010-03-20 06:47:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031920100320\index.dat
2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032220100323\index.dat
2010-03-23 07:25:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032320100324\index.dat
2010-03-24 07:30:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032420100325\index.dat
2010-03-25 10:50:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032520100326\index.dat
2010-03-26 18:19:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032620100327\index.dat
2010-03-27 18:29:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032720100328\index.dat
2010-03-28 18:41:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032820100329\index.dat
2010-03-29 18:48:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032920100330\index.dat
2010-03-30 19:05:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033020100331\index.dat
2010-03-31 19:17:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033120100401\index.dat
2010-04-01 20:05:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040120100402\index.dat
2010-04-02 20:29:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040220100403\index.dat
2010-04-03 20:31:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040320100404\index.dat
2010-04-04 20:56:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040420100405\index.dat
2010-04-05 21:10:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040520100406\index.dat
2010-04-06 21:39:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040620100407\index.dat
2010-04-07 23:09:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
2010-04-08 23:33:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040820100409\index.dat
2010-04-10 00:33:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040920100410\index.dat
2010-04-12 01:16:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041120100412\index.dat
2010-04-13 01:42:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100413\index.dat
2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100419\index.dat
2010-04-14 04:30:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat
2010-04-15 04:44:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041420100415\index.dat
2010-04-16 06:58:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041520100416\index.dat
2010-04-17 07:11:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041720100418\index.dat
2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041920100420\index.dat
2010-04-20 08:02:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042020100421\index.dat
2010-04-21 14:19:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042120100422\index.dat
2010-04-22 14:25:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042220100423\index.dat
2010-04-23 14:50:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042320100424\index.dat
2010-04-24 20:17:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042420100425\index.dat
2010-04-25 21:24:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042520100426\index.dat
2010-04-26 21:50:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042620100427\index.dat
2010-04-27 22:35:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042720100428\index.dat
2010-04-29 00:20:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042820100429\index.dat
2010-04-30 04:09:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042920100430\index.dat
2010-05-01 00:21:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010043020100501\index.dat
2010-05-02 00:41:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050120100502\index.dat
2010-05-03 01:05:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050220100503\index.dat
2010-05-04 01:34:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100504\index.dat
2010-05-05 01:48:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050420100505\index.dat
2010-05-06 01:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050520100506\index.dat
2010-05-07 02:07:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050620100507\index.dat
2010-05-08 02:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050720100508\index.dat
2010-05-09 03:00:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050820100509\index.dat
2010-05-10 03:03:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050920100510\index.dat
2010-05-11 03:28:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051020100511\index.dat
2010-05-12 03:51:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051120100512\index.dat
2010-05-13 04:22:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051220100513\index.dat
2010-05-14 04:22:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051320100514\index.dat
2010-05-15 04:34:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051420100515\index.dat
2010-05-16 04:58:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051520100516\index.dat
2010-05-17 05:12:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-05-18 05:32:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051720100518\index.dat
2010-05-19 05:49:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051820100519\index.dat
2010-05-20 05:53:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051920100520\index.dat
2010-05-21 05:58:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052020100521\index.dat
2010-05-22 06:17:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052120100522\index.dat
2010-05-23 06:30:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052220100523\index.dat
2010-05-24 06:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052320100524\index.dat
2010-05-27 18:38:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052720100528\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 15:58:54.59 ===============
And I have attached the attach that came along with it.
Thank you.
Spybot's website is also being blocked, so I cannot update, nor can I update Adaware. Adaware also crashes whenever I try to run a full scan (a smart scan revealed a trojan which I disposed of already).
Here is the DDS Log
DDS (Ver_10-03-17.01) - NTFSX64
Run by Administrator at 15:58:01.49 on 25/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3956.1863 [GMT -7:00]
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\UTSCSI.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
C:\Users\Administrator\Documents\Core Temp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.naver.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5740&r=27360210h716l04d8z105t6491d734
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TPKMAPMN] c:\program files (x86)\thinkpad\utilities\TpKmapMn.exe
uRun: [Core Temp] "c:\users\administrator\documents\Core Temp.exe"
uRun: [XBV6RD5SZF] c:\users\admini~1\appdata\local\temp\Wcd.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [TPKMAPHELPER] c:\program files (x86)\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\eboost~1.lnk - c:\program files\eboostr\eBoostrCP.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\administrator\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 93.188.163.189,93.188.166.189
TCP: {00AF639A-1B33-4A9B-BAB7-4C2267774A09} = 93.188.163.189,93.188.166.189
TCP: {751FA41C-8220-4B65-A9DE-EF057D3E49CD} = 93.188.163.189,93.188.166.189
TCP: {76244BC4-7621-4868-A71E-5B1B04AEFB7A} = 93.188.163.189,93.188.166.189
TCP: {B13D8113-52BE-449B-85E8-477EA2524ABB} = 93.188.163.189,93.188.166.189
TCP: {C8E74575-2FB5-4900-AAF7-3EA7418D5DF7} = 93.188.163.189,93.188.166.189
TCP: {FD1208DA-52BD-4153-A866-2A1114C45748} = 93.188.163.189,93.188.166.189
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
mRun-x64: [PLFSetI] c:\windows\PLFSetI.exe
mRun-x64: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\b7tws27n.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\NPNLiveCast.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-2-9 180184]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-25 69152]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-8-4 195016]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 EBOOSTRSVC;eBoostr Service;c:\program files\eboostr\EBstrSvc.exe [2010-2-9 810112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-12-18 123200]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-10 865824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-3-18 2560]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-30 336728]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2010-5-20 13832]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2009-11-4 2320920]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 7195648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 265728]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools64.sys [2010-4-25 47160]
R3 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-4 56344]
R3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\hotspot shield\bin\hsswd.exe -product hss --> c:\program files (x86)\hotspot shield\bin\hsswd.exe -product HSS [?]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-10 151936]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-9-24 62720]
R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-6-19 31232]
R3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2010-5-20 134928]
R3 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-4 240160]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe --> c:\program files (x86)\egistec\mywinlocker 3\x86\\MWLService.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-8-25 1153368]
S3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 203264]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-7-22 40448]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 108072]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-7-1 525040]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-7-4 252928]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1255736]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2010-6-19 704760]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2010-08-25 22:46:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-25 22:46:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-25 21:34:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-25 21:20:57 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-25 21:20:35 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-25 21:20:25 0 d-----w- c:\programdata\Lavasoft
2010-08-25 21:20:25 0 d-----w- c:\program files (x86)\Lavasoft
2010-08-24 17:41:34 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 17:41:34 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-19 19:36:08 0 d-----w- c:\users\admini~1\appdata\roaming\DiskAid
2010-08-18 22:06:42 213120 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-08-18 20:18:22 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-18 20:18:22 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-08-18 20:18:22 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-08-18 20:17:34 0 d-----w- c:\program files\iPod
2010-08-18 20:17:33 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-18 20:17:33 0 d-----w- c:\program files\iTunes
2010-08-18 20:17:33 0 d-----w- c:\program files (x86)\iTunes
2010-08-18 20:16:43 0 d-----w- c:\programdata\Apple Computer
2010-08-18 20:15:37 0 d-----w- c:\program files\common files\Apple
2010-08-18 20:15:30 0 d-----w- c:\program files\Bonjour
2010-08-18 20:15:30 0 d-----w- c:\program files (x86)\Bonjour
2010-08-18 20:02:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-17 23:22:21 0 d-----w- c:\users\admini~1\appdata\roaming\dBpoweramp
2010-08-17 22:45:07 0 d-----w- c:\program files (x86)\NeoSmart Technologies
2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Vuze_Remote
2010-08-14 13:02:59 0 d-----w- c:\program files (x86)\Conduit
2010-08-11 05:40:44 57436 ----a-w- c:\windows\DASShp.dll
2010-08-11 05:40:44 0 d-----w- c:\program files (x86)\Microsoft Reader
2010-08-05 05:32:18 0 d-----w- c:\program files\WinPcap
2010-08-05 05:32:06 0 d-----w- c:\users\admini~1\appdata\roaming\Neoretix
2010-08-04 14:18:48 195016 ----a-r- c:\windows\system32\drivers\PCGenFAM.sys
2010-08-04 14:18:46 0 d-----w- c:\program files\Soluto
2010-08-04 14:18:11 0 d-----w- c:\programdata\Soluto
2010-08-04 14:06:11 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-01 15:18:13 56 ---ha-w- c:\windows\syswow64\ezsidmv.dat
2010-08-01 15:12:01 0 d-----r- c:\program files (x86)\Skype
2010-08-01 15:11:59 0 d-----w- c:\programdata\Skype
2010-07-28 16:21:41 0 d-----w- c:\programdata\ATI
2010-07-28 15:57:57 0 d-----w- c:\program files (x86)\StarCraft II
==================== Find3M ====================
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-19 08:40:36 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-11 11:28:38 45056 ----a-w- c:\windows\syswow64\UTSCSI.EXE
2010-07-07 02:30:08 7195648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 02:16:20 20118528 ----a-w- c:\windows\system32\atio6axx.dll
2010-07-07 01:55:08 15461888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-07-07 01:53:20 594432 ----a-w- c:\windows\system32\aticfx64.dll
2010-07-07 01:51:30 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:26 462336 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50:54 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49:48 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-07-07 01:49:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-07-07 01:49:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-07-07 01:49:14 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-07-07 01:49:06 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-07-07 01:37:36 4463616 ----a-w- c:\windows\system32\atidxx64.dll
2010-07-07 01:30:12 2785792 ----a-w- c:\windows\system32\atiumd6a.dll
2010-07-07 01:29:26 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-07-07 01:29:24 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-07-07 01:29:16 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-07-07 01:29:14 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-07-07 01:29:06 5378560 ----a-w- c:\windows\system32\aticaldd64.dll
2010-07-07 01:28:20 3975680 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-07-07 01:24:34 55296 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-07-07 01:22:26 5099008 ----a-w- c:\windows\system32\atiumd64.dll
2010-07-07 01:16:06 335872 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:16:02 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-07-07 01:15:54 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-07-07 01:15:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15:48 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-07-07 01:15:46 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-07-07 01:15:42 265728 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:15:04 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-07-07 01:14:58 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-07-07 01:14:50 30208 ----a-w- c:\windows\system32\atiu9p64.dll
2010-07-07 01:14:44 22528 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-07-07 01:14:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\atimpc64.dll
2010-07-07 01:11:12 54272 ----a-w- c:\windows\system32\amdpcom64.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-07-02 02:08:32 525040 ----a-w- c:\windows\system32\drivers\SRS_HDAL_amd64.sys
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-29 07:55:39 5894 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp CD Writer.dat
2010-06-29 07:55:01 1850 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2010-06-29 07:54:58 2234 ----a-w- c:\windows\syswow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2010-06-29 07:54:56 11479 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2010-06-29 07:54:46 3014 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
2010-06-29 07:54:39 3071 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2010-06-29 07:54:32 3159 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-06-29 07:54:25 3113 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-29 07:54:19 2993 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-29 07:54:12 2849 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2010-06-29 07:52:44 11030 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-06-29 07:52:37 15613 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-15 22:28:58 2857 ----a-w- c:\windows\syswow64\atipblag.dat
2010-06-15 22:28:58 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-15 01:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021420100215\index.dat
2010-02-16 01:38:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021520100216\index.dat
2010-02-17 01:42:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021620100217\index.dat
2010-02-18 03:29:07 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021720100218\index.dat
2010-02-19 03:52:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021820100219\index.dat
2010-02-20 04:01:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010021920100220\index.dat
2010-02-21 04:27:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022020100221\index.dat
2010-02-22 04:28:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022120100222\index.dat
2010-02-23 04:34:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022220100223\index.dat
2010-02-24 06:03:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022320100224\index.dat
2010-02-25 06:21:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022420100225\index.dat
2010-02-26 06:34:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022520100226\index.dat
2010-02-27 06:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022620100227\index.dat
2010-02-28 06:57:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022720100228\index.dat
2010-03-01 00:44:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010022820100301\index.dat
2010-03-02 00:45:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030120100302\index.dat
2010-03-03 01:12:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030220100303\index.dat
2010-03-04 01:43:39 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030320100304\index.dat
2010-03-05 02:08:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030420100305\index.dat
2010-03-06 02:36:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030520100306\index.dat
2010-03-07 03:05:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030620100307\index.dat
2010-03-08 03:19:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030720100308\index.dat
2010-03-09 03:45:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030820100309\index.dat
2010-03-10 03:50:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010030920100310\index.dat
2010-03-11 04:00:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031020100311\index.dat
2010-03-12 04:04:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031120100312\index.dat
2010-03-13 04:27:05 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031220100313\index.dat
2010-03-14 04:45:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031320100314\index.dat
2010-03-15 05:14:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031420100315\index.dat
2010-03-16 05:36:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100316\index.dat
2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031520100322\index.dat
2010-03-17 05:49:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031620100317\index.dat
2010-03-18 05:54:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031720100318\index.dat
2010-03-19 06:22:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031820100319\index.dat
2010-03-20 06:47:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031920100320\index.dat
2010-03-22 07:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032220100323\index.dat
2010-03-23 07:25:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032320100324\index.dat
2010-03-24 07:30:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032420100325\index.dat
2010-03-25 10:50:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032520100326\index.dat
2010-03-26 18:19:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032620100327\index.dat
2010-03-27 18:29:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032720100328\index.dat
2010-03-28 18:41:52 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032820100329\index.dat
2010-03-29 18:48:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010032920100330\index.dat
2010-03-30 19:05:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033020100331\index.dat
2010-03-31 19:17:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010033120100401\index.dat
2010-04-01 20:05:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040120100402\index.dat
2010-04-02 20:29:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040220100403\index.dat
2010-04-03 20:31:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040320100404\index.dat
2010-04-04 20:56:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040420100405\index.dat
2010-04-05 21:10:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040520100406\index.dat
2010-04-06 21:39:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040620100407\index.dat
2010-04-07 23:09:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
2010-04-08 23:33:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040820100409\index.dat
2010-04-10 00:33:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040920100410\index.dat
2010-04-12 01:16:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041120100412\index.dat
2010-04-13 01:42:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100413\index.dat
2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041220100419\index.dat
2010-04-14 04:30:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat
2010-04-15 04:44:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041420100415\index.dat
2010-04-16 06:58:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041520100416\index.dat
2010-04-17 07:11:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041720100418\index.dat
2010-04-19 07:43:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041920100420\index.dat
2010-04-20 08:02:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042020100421\index.dat
2010-04-21 14:19:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042120100422\index.dat
2010-04-22 14:25:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042220100423\index.dat
2010-04-23 14:50:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042320100424\index.dat
2010-04-24 20:17:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042420100425\index.dat
2010-04-25 21:24:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042520100426\index.dat
2010-04-26 21:50:33 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042620100427\index.dat
2010-04-27 22:35:09 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042720100428\index.dat
2010-04-29 00:20:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042820100429\index.dat
2010-04-30 04:09:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010042920100430\index.dat
2010-05-01 00:21:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010043020100501\index.dat
2010-05-02 00:41:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050120100502\index.dat
2010-05-03 01:05:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050220100503\index.dat
2010-05-04 01:34:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050320100504\index.dat
2010-05-05 01:48:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050420100505\index.dat
2010-05-06 01:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050520100506\index.dat
2010-05-07 02:07:49 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050620100507\index.dat
2010-05-08 02:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050720100508\index.dat
2010-05-09 03:00:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050820100509\index.dat
2010-05-10 03:03:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010050920100510\index.dat
2010-05-11 03:28:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051020100511\index.dat
2010-05-12 03:51:57 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051120100512\index.dat
2010-05-13 04:22:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051220100513\index.dat
2010-05-14 04:22:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051320100514\index.dat
2010-05-15 04:34:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051420100515\index.dat
2010-05-16 04:58:02 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051520100516\index.dat
2010-05-17 05:12:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-05-18 05:32:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051720100518\index.dat
2010-05-19 05:49:32 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051820100519\index.dat
2010-05-20 05:53:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051920100520\index.dat
2010-05-21 05:58:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052020100521\index.dat
2010-05-22 06:17:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052120100522\index.dat
2010-05-23 06:30:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052220100523\index.dat
2010-05-24 06:34:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052320100524\index.dat
2010-05-27 18:38:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052720100528\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 15:58:54.59 ===============
And I have attached the attach that came along with it.
Thank you.