Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Welcome to NGINX

Started by AzureSkyy , Mar 22 2012 03:12 PM

This topic is locked

28 replies to this topic

#1 AzureSkyy

Member

Members
26 posts

Posted 22 March 2012 - 03:12 PM

http://www.bleepingcomputer.com/forums/topic445942.html

^ Original topic of suspicion. Contains information, which may or may not be from the same source/by the same cause. However, it's clear that someone's mucking around in my hosts file if nothing else.

For now, the hosts file has been restored from an archived copy of mine, and I'd like help removing the source of the change.

I'll post a HiJackThis! log, as it was the net recommended thing on the list of things to combat NGINX. If you'd rather I do something else, please suggest it and ignore the HJT log. <3 Nothing has been done with HJT.

Spybot S&D picked up Win32.Spynet.a. I've chosen to remove it. Ad-Aware, having scanned before SB S&D, saw nothing. Neither did ESET.

Thankyou.
~Haven.-

Attached Files

hijackthis.log 9.44K 4 downloads
SB S&D - Log.png 114.79K 4 downloads

BC Ads
BleepingComputer.com

#2 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 06:25 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.

In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stop

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

I will be gone from the 17th to the 27th of May

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
If I have helped you and you would like to donate, please click here
Please don't send help request via PM, unless I am already helping you. Use the forums!

#3 AzureSkyy

Member

Members
26 posts

Posted 28 March 2012 - 07:57 AM

Hi.

Thank you for helping.

I had to change firewall/anti-virus, because ESET stopped being able to update, and stated running 6+ scans at random times. I do not know why, and had to uninstall it to make the machine run smoothly again. AVG is currently the security center in use. However, it does not appear to be functioning very well.. Please help. This is depressing.

Anyway.

Windows 7, Ultimate edition, 64-bit. I am able to start the computer, but some things are not functioning as they normally might.
AVG, processing is slow by ~30%, internet is ~40% of maximum, and am not sure if updates on AVG/Ad-Aware/etc are actually successful or not. I have to access Gmail through the Italian portal, NGINX is in place over the English portal again.

The problem started some months ago, with minorly suspicious things. Strange folders, resources temporarily over-taxed. Subtle, non-invasive things. A few weeks ago, it started to drain more heavily, and I noticed more of the subtle activity. I then submitted a report to the Am I Infected section of this forum. The link is contained in my original post on this thread.

A week ago, when this thread was started, I had confirmed that the NGINX thing had modified my hosts file. This was when the overt campaign began.

I run regular scans, but ever since the intrusion became overt, I had stepped up scans to 1-2x per day. Using AVG/Ad-Aware/Spybot S&D. Sometimes they find something, but none have been able to find the root cause. Again, as my hosts file has been modified and reverted after I changed it back to dodge NGINX the first time (see first post of this thread), I am not sure that the updates are successful. Anyway. Here is OTL.

OTL SCAN RESULTS:
OTL logfile created on: 28-Mar-12 14:46:22 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Haven\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 24.47% Memory free
7.73 Gb Paging File | 3.55 Gb Available in Paging File | 45.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = X:\Skyylife\. Biosphere\- Fauna
Drive C: | 25.05 Gb Total Space | 3.35 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 272.94 Gb Total Space | 10.71 Gb Free Space | 3.92% Space Free | Partition Type: NTFS

Computer Name: SKYY | User Name: Haven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-28 14:45:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
PRC - [2012-03-12 20:20:11 | 001,891,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware\Ad-Aware.exe
PRC - [2012-03-12 20:20:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware\AAWTray.exe
PRC - [2012-03-12 20:20:09 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware\AAWService.exe
PRC - [2012-02-28 02:03:14 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- X:\Skyylife\. Biosphere\- Fauna\utorrent\uTorrent.exe
PRC - [2012-02-09 08:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE
PRC - [2012-01-24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe
PRC - [2011-12-31 05:54:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\firefox.exe
PRC - [2011-12-31 05:54:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugin-container.exe
PRC - [2011-11-23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe
PRC - [2011-11-15 01:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe
PRC - [2011-08-05 02:00:53 | 001,242,448 | ---- | M] (Valve Corporation) -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\Steam.exe
PRC - [2011-08-02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe
PRC - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe
PRC - [2011-07-14 14:21:10 | 000,108,032 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe
PRC - [2011-06-06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-03-17 12:50:42 | 004,523,928 | ---- | M] (Almico Software (www.almico.com)) -- X:\Skyylife\. Biosphere\- Fauna\SpeedFan\speedfan.exe
PRC - [2010-07-12 18:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe
PRC - [2009-01-26 21:31:12 | 005,365,592 | ---- | M] (Safer Networking Limited) -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2001-09-07 02:37:10 | 000,049,152 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe

========== Modules (No Company Name) ==========

MOD - [2012-03-23 10:21:52 | 000,192,512 | ---- | M] () -- C:\Users\Haven\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012-03-23 10:21:52 | 000,172,032 | ---- | M] () -- C:\Users\Haven\AppData\Local\Temp\sfareca00001.dll
MOD - [2012-03-13 14:16:31 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012-03-12 20:20:15 | 000,774,040 | ---- | M] () -- C:\Program Files (x86)\Ad-Aware\PrivacyClean.dll
MOD - [2012-02-10 02:39:09 | 014,415,144 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\libcef.dll
MOD - [2012-02-10 02:39:09 | 000,914,216 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\avcodec-52.dll
MOD - [2012-02-10 02:39:09 | 000,857,896 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\chromehtml.dll
MOD - [2012-02-10 02:39:09 | 000,214,528 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\mssvoice.asi
MOD - [2012-02-10 02:39:09 | 000,155,432 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\avformat-52.dll
MOD - [2012-02-10 02:39:09 | 000,095,744 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\mssmp3.asi
MOD - [2012-02-10 02:39:09 | 000,091,432 | ---- | M] () -- X:\Skyylife\. Biosphere\_ Intervening Variables\Steam\bin\avutil-50.dll
MOD - [2012-01-29 19:50:03 | 000,623,104 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jnetlib.w5s
MOD - [2012-01-29 19:50:03 | 000,291,328 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_local.dll
MOD - [2012-01-29 19:50:03 | 000,237,056 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\aacPlusDecoder.w5s
MOD - [2012-01-29 19:50:03 | 000,214,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_pmp.dll
MOD - [2012-01-29 19:50:03 | 000,174,080 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\auth.w5s
MOD - [2012-01-29 19:50:03 | 000,154,624 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jpeg.w5s
MOD - [2012-01-29 19:50:03 | 000,135,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_ipod.dll
MOD - [2012-01-29 19:50:03 | 000,125,952 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_online.dll
MOD - [2012-01-29 19:50:03 | 000,115,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_p4s.dll
MOD - [2012-01-29 19:50:03 | 000,090,112 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\xml.w5s
MOD - [2012-01-29 19:50:03 | 000,086,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\png.w5s
MOD - [2012-01-29 19:50:03 | 000,084,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\playlist.w5s
MOD - [2012-01-29 19:50:03 | 000,083,968 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\tataki.dll
MOD - [2012-01-29 19:50:03 | 000,082,944 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_playlists.dll
MOD - [2012-01-29 19:50:03 | 000,061,952 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_plg.dll
MOD - [2012-01-29 19:50:03 | 000,056,320 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_impex.dll
MOD - [2012-01-29 19:50:03 | 000,052,224 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_history.dll
MOD - [2012-01-29 19:50:03 | 000,051,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_android.dll
MOD - [2012-01-29 19:50:03 | 000,051,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_ds.dll
MOD - [2012-01-29 19:50:03 | 000,047,616 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\zlib.dll
MOD - [2012-01-29 19:50:03 | 000,047,104 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_usb.dll
MOD - [2012-01-29 19:50:03 | 000,035,840 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\timer.w5s
MOD - [2012-01-29 19:50:03 | 000,033,792 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_rg.dll
MOD - [2012-01-29 19:50:03 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_transcode.dll
MOD - [2012-01-29 19:50:03 | 000,023,040 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\albumart.w5s
MOD - [2012-01-29 19:50:03 | 000,022,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_disk.dll
MOD - [2012-01-29 19:50:03 | 000,021,504 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\tagz.w5s
MOD - [2012-01-29 19:50:03 | 000,020,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_njb.dll
MOD - [2012-01-29 19:50:03 | 000,019,456 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gif.w5s
MOD - [2012-01-29 19:50:03 | 000,019,456 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\bmp.w5s
MOD - [2012-01-29 19:50:03 | 000,018,432 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_wave.dll
MOD - [2012-01-29 19:50:03 | 000,016,896 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\dlmgr.w5s
MOD - [2012-01-29 19:50:03 | 000,016,384 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gracenote.w5s
MOD - [2012-01-29 19:50:03 | 000,014,336 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\filereader.w5s
MOD - [2012-01-29 19:50:03 | 000,013,824 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\primo.w5s
MOD - [2012-01-29 19:50:02 | 001,735,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ff.dll
MOD - [2012-01-29 19:50:02 | 000,340,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2012-01-29 19:50:02 | 000,312,320 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wm.dll
MOD - [2012-01-29 19:50:02 | 000,306,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ml.dll
MOD - [2012-01-29 19:50:02 | 000,285,184 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp3.dll
MOD - [2012-01-29 19:50:02 | 000,252,928 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\libsndfile.dll
MOD - [2012-01-29 19:50:02 | 000,216,576 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_vorbis.dll
MOD - [2012-01-29 19:50:02 | 000,199,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_disc.dll
MOD - [2012-01-29 19:50:02 | 000,183,808 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_jumpex.dll
MOD - [2012-01-29 19:50:02 | 000,164,352 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mod.dll
MOD - [2012-01-29 19:50:02 | 000,136,192 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\libFLAC.dll
MOD - [2012-01-29 19:50:02 | 000,109,568 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_midi.dll
MOD - [2012-01-29 19:50:02 | 000,102,400 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_cdda.dll
MOD - [2012-01-29 19:50:02 | 000,075,776 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\nde.dll
MOD - [2012-01-29 19:50:02 | 000,059,904 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_flac.dll
MOD - [2012-01-29 19:50:02 | 000,053,248 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\nsutil.dll
MOD - [2012-01-29 19:50:02 | 000,050,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp4.dll
MOD - [2012-01-29 19:50:02 | 000,028,672 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_autotag.dll
MOD - [2012-01-29 19:50:02 | 000,027,648 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_bookmarks.dll
MOD - [2012-01-29 19:50:02 | 000,027,648 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_hotkeys.dll
MOD - [2012-01-29 19:50:02 | 000,025,600 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_tray.dll
MOD - [2012-01-29 19:50:02 | 000,016,896 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wave.dll
MOD - [2012-01-29 19:50:02 | 000,007,168 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_linein.dll
MOD - [2011-12-31 05:54:56 | 002,124,760 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\mozjs.dll
MOD - [2011-07-14 14:21:22 | 001,712,128 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libvorbis_plugin.dll
MOD - [2011-07-14 14:21:22 | 001,137,664 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libxml_plugin.dll
MOD - [2011-07-14 14:21:22 | 001,108,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libtaglib_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,368,640 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libtheora_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,325,120 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libswscale_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,078,848 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libzip_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,046,592 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libwaveout_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,040,448 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,038,912 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,036,864 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,032,256 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libyuvp_plugin.dll
MOD - [2011-07-14 14:21:22 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2011-07-14 14:21:20 | 011,496,448 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libqt4_plugin.dll
MOD - [2011-07-14 14:21:20 | 002,169,856 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libskins2_plugin.dll
MOD - [2011-07-14 14:21:20 | 001,013,248 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libschroedinger_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,130,048 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libspeex_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,036,864 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libscaletempo_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,034,304 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,033,792 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,031,744 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libscale_plugin.dll
MOD - [2011-07-14 14:21:20 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,237,568 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libpng_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,194,048 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libmp4_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,128,000 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,108,032 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libplaylist_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,038,912 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libmono_plugin.dll
MOD - [2011-07-14 14:21:18 | 000,037,888 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2011-07-14 14:21:16 | 001,776,128 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liblibass_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,338,432 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liblua_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,135,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,073,728 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,052,224 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,048,640 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,046,592 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libhotkeys_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,046,080 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,039,936 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,038,400 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,037,888 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,036,352 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,035,840 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liblpcm_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,033,792 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,033,792 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,032,768 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libi422_i420_plugin.dll
MOD - [2011-07-14 14:21:16 | 000,032,768 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,652,800 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfreetype_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,309,760 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfaad_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,265,216 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libflac_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,258,048 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,231,424 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdvdnav_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,210,944 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdshow_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,178,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,067,072 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdirectx_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,061,440 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdirect3d_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,039,424 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfilesystem_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,039,424 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdts_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,037,376 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfake_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,032,256 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,032,256 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,031,744 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2011-07-14 14:21:14 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libdrawable_plugin.dll
MOD - [2011-07-14 14:21:12 | 008,248,320 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libavcodec_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,057,856 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libblend_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,046,592 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libaout_directx_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,045,568 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libaraw_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,041,472 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libaudio_format_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,034,304 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libcdg_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,033,280 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libaes3_plugin.dll
MOD - [2011-07-14 14:21:12 | 000,032,768 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2011-07-14 14:21:10 | 002,263,552 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\libvlccore.dll
MOD - [2011-07-14 14:21:10 | 000,108,032 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe
MOD - [2011-07-14 14:21:10 | 000,101,376 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\libvlc.dll
MOD - [2011-07-14 14:21:10 | 000,090,112 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2011-07-14 14:21:10 | 000,065,536 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2011-07-14 14:21:10 | 000,036,352 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liba52_plugin.dll
MOD - [2011-07-14 14:21:10 | 000,030,720 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2011-04-12 02:45:32 | 000,047,616 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2011-03-02 19:40:51 | 000,140,288 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\WinRar\RarExt32.dll
MOD - [2008-06-20 00:35:36 | 000,333,288 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008-03-05 16:34:32 | 000,795,520 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008-03-04 21:52:00 | 000,790,392 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008-02-26 18:04:40 | 000,717,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007-12-24 08:05:00 | 000,121,344 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
MOD - [2001-09-07 02:37:10 | 000,049,152 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- X:\Skyylife\. Biosphere\- Fauna\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2011-11-23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe -- (avgfws)
SRV:64bit: - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV:64bit: - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe -- (avgwd)
SRV:64bit: - [2011-03-24 13:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011-03-09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-07-29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- X:\Skyylife\. Biosphere\- Fauna\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012-03-12 20:20:09 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012-02-10 02:39:10 | 000,481,064 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-08-19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-06-06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-05-17 23:42:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-05-06 02:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 20:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-10 03:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010-01-10 03:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-02-23 02:47:28 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-02-09 08:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-12-23 08:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011-10-07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-08-19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2011-08-19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011-08-16 19:31:34 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011-08-08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-06-20 00:16:04 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-05-23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011-03-24 13:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-03-09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-03-09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-07 05:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-10-18 11:21:31 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010-05-20 22:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010-05-08 02:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010-05-08 02:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010-05-06 02:46:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009-12-04 18:17:38 | 000,107,120 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2009-09-17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 20:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-08 21:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012-03-12 20:20:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1&ucc=IT&dcc=IT&opt=0
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C B3 67 BA 19 DD CC 01 [binary data]
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: {c0bcf963-624b-47fe-aa78-8cc02434cf32}:0.5.3.1Build201101051500
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: X:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: E:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\components [2011-12-31 05:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins [2012-01-29 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: X:\Skyylife\. Biosphere\- Fauna\ESET\ESET Smart Security\Mozilla Thunderbird

[2011-05-05 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Extensions
[2012-03-23 22:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions
[2011-09-12 04:40:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012-01-16 17:31:30 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011-12-26 01:48:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-05-05 19:47:31 | 000,000,000 | ---D | M] (Mouseless Browsing) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{c0bcf963-624b-47fe-aa78-8cc02434cf32}
[2011-11-06 23:59:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011-08-12 16:22:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\DeviceDetection@logitech.com
[2011-03-21 22:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\conduit.xml
[2011-06-25 08:51:59 | 000,001,597 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\the-pirate-bay.xml
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\CUSTOMGOOGLE@MAFIAAFIRE.COM.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe Reader\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: 20 Things I Learned About Browsers & the Web = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg\0.91_0\
CHR - Extension: Google Calendar = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Planetarium = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Gestures for Chrome™ = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Scratchpad = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\2.4.1_0\
CHR - Extension: Clouds Theme 2 (Aero) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcheeeikigmhnkchfhhpanmpclafnai\1.0_0\

O1 HOSTS File: ([2012-03-22 22:13:05 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15172 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRISOVM.EXE] X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000..\Run: [DAEMON Tools Lite] X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000..\Run: [SandboxieControl] X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: HKEY_CURRENT_USER = C:\Users\Haven\AppData\Roaming\update.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\Program Files (x86)\install\javakey.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Program Files (x86)\install\javakey.exe
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - X:\Skyylife\. Biosphere\- Fauna\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049C920F-77A7-42BF-969F-78373534F3AE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-04-18 17:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell - "" = AutoRun
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell\AutoRun\command - "" = H:\autorun.exe -auto
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001-04-30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (X:\Skyylife\BIOSPH~1\-FAUNA~1\AVG\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - X:\Skyylife\. Biosphere\- Fauna\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Haven\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAE5BA3C-8C5B-CD6D-EEFB-FBEB4CCEBA6C} - C:\Users\Haven\AppData\Roaming\update.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D16DAE53-5F9E-3FBE-F8B2-12EFDCAEA7A4} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {UXAQ5TDT-0MCL-8WRH-X4PG-HQ28J8WNTLS0} - C:\Program Files (x86)\install\javakey.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - X:\Skyylife\. Biosphere\- Fauna\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012-03-28 14:45:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\requiem_of_sorrow_v6.00_full_install__final_version_
[2012-03-27 19:39:06 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\CONTACT LEARNINGRX + LOVAAS
[2012-03-27 19:38:58 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\LEARN BODYPARTS
[2012-03-26 00:29:18 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Lug 15 - 13.00 - Registri per l'evento Rugged Maniac
[2012-03-24 22:54:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Trastevere - Civitavecchia - Pineto
[2012-03-23 23:53:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 23.30 - Spanking Party
[2012-03-23 01:45:27 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\AVG2012
[2012-03-23 01:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012-03-23 01:43:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012-03-23 01:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-03-23 01:41:19 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\AVG
[2012-03-23 01:37:48 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012-03-23 01:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-03-22 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Haven\Documents\ForceField Shared Files
[2012-03-22 22:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012-03-22 21:40:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-21 11:14:29 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\BIOGame
[2012-03-20 22:39:41 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 15.00 - Deb
[2012-03-20 19:10:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012-03-19 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\Haven\kbpki
[2012-03-18 21:25:35 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 09.00 - David
[2012-03-18 19:18:30 | 000,159,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\PhysXExtensions.dll
[2012-03-18 01:10:13 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 6 - 10.00 - Rachel - Morning Drunk
[2012-03-16 04:01:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-03-16 04:01:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-03-16 04:01:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-03-15 19:58:12 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 20.00 - David
[2012-03-15 17:57:21 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 4 - 20.00 - Katie
[2012-03-15 15:27:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-03-15 15:26:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012-03-15 15:26:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012-03-15 15:26:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012-03-15 15:26:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-03-15 15:26:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-03-15 15:26:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-03-15 13:07:23 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 10a - Gran
[2012-03-15 12:16:03 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 21.00 - Eric - Bring swimsuit
[2012-03-14 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\D2X
[2012-03-13 22:08:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe.backup
[2012-03-13 15:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012-03-13 15:14:29 | 000,125,376 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012-03-13 15:14:29 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\PowerISO
[2012-03-13 14:16:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:26 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 18:03:04 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\dvdcss
[2012-03-12 16:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:11:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-12 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\adaware
[2012-03-12 16:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012-03-12 16:06:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012-03-12 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012-03-12 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-03-11 23:36:07 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\GLEE! DOWN IT ALL
[2012-03-11 23:15:04 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 13.00 - Dentist
[2012-03-11 23:14:56 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 3 - 6am - Parti al Fiumcino
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\ESET
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\ESET
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-28 14:50:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000UA.job
[2012-03-28 14:45:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 14:44:53 | 092,861,381 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-03-28 14:34:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-28 11:00:18 | 000,024,166 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2012-03-28 08:50:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000Core.job
[2012-03-27 21:56:20 | 000,071,304 | ---- | M] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:47 | 000,462,230 | ---- | M] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:59 | 024,898,915 | ---- | M] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:53:47 | 052,497,064 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:03:43 | 072,378,893 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:03:09 | 059,720,168 | ---- | M] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 19:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-27 15:17:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-27 14:57:47 | 044,966,680 | ---- | M] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:50:09 | 138,405,794 | ---- | M] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-26 01:02:28 | 000,033,662 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-03-24 11:08:44 | 016,745,526 | ---- | M] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-24 10:35:20 | 000,623,281 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012-03-23 02:25:42 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-23 02:25:42 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-23 01:59:45 | 000,088,914 | ---- | M] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:34 | 000,214,098 | ---- | M] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:25 | 000,093,543 | ---- | M] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 23:01:30 | 000,013,824 | ---- | M] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-22 22:13:05 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-22 22:11:20 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:59:57 | 000,046,951 | -H-- | M] () -- C:\Users\Haven\AppData\Roaming\Havenv1.18.0 - Trial versionlog.dat
[2012-03-21 11:15:48 | 013,085,647 | ---- | M] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:29:42 | 026,418,220 | ---- | M] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-16 08:18:35 | 004,968,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-03-13 22:50:40 | 000,001,469 | ---- | M] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | M] () -- C:\Users\Haven\Documents\HE Items.lnk
[2012-03-13 14:16:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:22 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 16:11:50 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-04 16:23:59 | 000,002,234 | ---- | M] () -- C:\Windows\Sandboxie.ini
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-27 21:56:19 | 000,071,304 | ---- | C] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:46 | 000,462,230 | ---- | C] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:21 | 024,898,915 | ---- | C] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:52:55 | 052,497,064 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:02:30 | 072,378,893 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:02:07 | 059,720,168 | ---- | C] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 13:48:37 | 044,966,680 | ---- | C] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:48:14 | 138,405,794 | ---- | C] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-24 11:08:43 | 016,745,526 | ---- | C] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-23 01:59:33 | 000,214,098 | ---- | C] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:27 | 000,088,914 | ---- | C] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:18 | 000,093,543 | ---- | C] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 22:11:20 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:12:39 | 013,085,647 | ---- | C] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:27:01 | 026,418,220 | ---- | C] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-13 22:50:40 | 000,001,469 | ---- | C] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | C] () -- C:\Users\Haven\Documents\HE Items.lnk
[2011-12-16 23:52:07 | 000,109,419 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-12-16 07:50:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-12-16 07:50:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-12-16 07:50:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-12-06 12:09:58 | 000,004,416 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamStudio.cfg
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamShapes.ini
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamLayout.ini
[2011-12-06 12:09:58 | 000,000,118 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Camdata.ini
[2011-08-19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011-08-19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011-08-19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011-08-05 08:30:10 | 000,013,824 | ---- | C] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-13 01:56:29 | 001,651,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 23:27:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011-06-28 18:21:31 | 000,695,578 | ---- | C] () -- C:\Windows\unins001.exe
[2011-06-28 18:21:31 | 000,000,896 | ---- | C] () -- C:\Windows\unins001.dat
[2011-06-28 18:19:23 | 000,696,858 | ---- | C] () -- C:\Windows\unins000.exe
[2011-06-28 18:19:23 | 000,002,261 | ---- | C] () -- C:\Windows\unins000.dat
[2011-05-28 22:09:57 | 000,024,166 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2011-05-25 21:23:02 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2011-05-25 06:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-05-22 22:54:58 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-05-22 22:54:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-05-22 22:54:56 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011-05-22 22:54:56 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-05-22 22:54:56 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-05-22 22:54:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-04-10 01:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011-04-06 05:33:19 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011-04-06 05:21:56 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011-04-06 05:21:56 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011-04-01 20:26:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-03-31 04:44:48 | 000,002,234 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011-03-30 22:31:15 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-03-30 22:27:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-30 22:01:23 | 000,000,090 | ---- | C] () -- C:\Windows\ob1.INI
[2011-03-30 04:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-05-20 22:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: WININIT.EXE >
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

========== Files - Unicode (All) ==========
[2012-02-25 10:40:04 | 000,001,324 | ---- | M] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk
[2012-02-25 10:40:04 | 000,001,324 | ---- | C] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
[/code]

OTL Extras:
[code=auto:0]OTL Extras logfile created on: 28-Mar-12 14:46:22 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Haven\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 24.47% Memory free
7.73 Gb Paging File | 3.55 Gb Available in Paging File | 45.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = X:\Skyylife\. Biosphere\- Fauna
Drive C: | 25.05 Gb Total Space | 3.35 Gb Free Space | 13.37% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 272.94 Gb Total Space | 10.71 Gb Free Space | 3.92% Space Free | Partition Type: NTFS

Computer Name: SKYY | User Name: Haven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- X:\Skyylife\. Biosphere\- Fauna\Adobe Photoshop CS5e\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- X:\Skyylife\. Biosphere\- Fauna\Adobe Photoshop CS5e\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "X:\Skyylife\. Biosphere\- Fauna\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Haven\AppData\Roaming\terraria.exe" = C:\Users\Haven\AppData\Roaming\terraria.exe:*:Enabled:Windows Messanger
"C:\Users\Haven\AppData\Roaming\msnmsgr.exe" = C:\Users\Haven\AppData\Roaming\msnmsgr.exe:*:Enabled:Windows Messanger
"C:\Users\Haven\AppData\Roaming\terraria.exe" = C:\Users\Haven\AppData\Roaming\terraria.exe:*:Enabled:Windows Messanger
"C:\Users\Haven\AppData\Roaming\msnmsgr.exe" = C:\Users\Haven\AppData\Roaming\msnmsgr.exe:*:Enabled:Windows Messanger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7156DB5-51A3-F70E-F338-9752921541DC}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F8851548-5D13-E66E-6607-E6D795F7B28B}" = ccc-utility64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Notepad2" = Notepad2 (Notepad Replacement)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25E6D9E3-3CA4-D2CF-6F18-9A08C4FF2885}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3377D2DE-B0F7-413E-97FE-E3E692DD7CDC}" = TQ Defiler.NET
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37AB6736-3C58-B2AD-9232-BBCF074F9A9C}" = Catalyst Control Center
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{58499C4F-DA08-4CD7-B21F-B12F53E394E0}" = TQVault
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BCDD54-0B5A-8C86-4E7E-A16F3CE60B81}" = Catalyst Control Center Localization All
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C46B05A-7D31-46B5-8B44-81B6B51E8A73}" = TQ Defiler.NET
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C04BADDA-A8E5-4460-8385-88F2A9E2A305}" = MATLAB Component Runtime 7.6
"{C42AA487-8DB6-EEDF-0DA5-27B2B710671E}" = Catalyst Control Center Graphics Previews Common
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity_is1" = Audacity 1.2.6
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Final Fantasy VII" = Final Fantasy VII
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps
"GoldenEye: Source" = GoldenEye: Source - HalfLife 2 Mod
"GridMove_is1" = GridMove V1.19.62
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4
"Lilith The Will of Demon : Battles of Jalavia v1.1_is1" = Lilith The Will of Demon : Battles of Jalavia v1.1
"Lilith The Will of Demon : Difficulty Changer Extra Boss_is1" = Lilith The Will of Demon : Difficulty Changer Extra Boss Beta 0
"LinuxLive USB Creator" = LinuxLive USB Creator
"Logitech Vid" = Logitech Vid HD
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PowerISO" = PowerISO
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steam App 105600" = Terraria
"Steam App 218" = Source SDK Base 2007
"Steam App 42910" = Magicka
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 99700" = NightSky
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by myrti, 28 March 2012 - 08:03 AM.
removed code tags

#4 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 08:05 AM

Hi,

what is X:\skyylife biosphere?

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Users\Haven\AppData\Roaming\update.exe
C:\Program Files (x86)\install\javakey.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

I will be gone from the 17th to the 27th of May

#5 AzureSkyy

Member

Members
26 posts

Posted 28 March 2012 - 08:22 AM

Myrti,

I've had hidden files visible for a long time. Ran through your instructions anyway, and they are as you said.

The folder: C:\Program Files (x86)\install\ appears EMPTY. Properties shows 0 bytes as well.

The folder: C:\Users\Haven\AppData\Roaming\update.exe does not appear to contain an update.exe. I have, however, noticed that file before. I cannot accurately guess when it was last there. It does not appear to be visible now, even with hidden files showing.

X:\ is a partition I made, 272GB. C:\ contains 25GB, mostly dedicated to the operating system. X:\ contains all of the files which I have personally put onto the computer. I have never directed anything to be installed manually onto the C:\ partition. If anything new enters C:\, it is because an installer or some other entity has placed them there. X:\Skyylife\Biosphere is, essentially, the root directory of my personal files.

As I could not find the files requested, I cannot attach them. I apologize, knowing that you look for these attachments while searching posts. :s

Please advise, I have 30 minutes before departing for work until tomorrow.
~H.-

#6 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 08:31 AM

Hi,

ok, then please run a scan wit malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I will be gone from the 17th to the 27th of May

#7 AzureSkyy

Member

Members
26 posts

Posted 28 March 2012 - 09:03 AM

Okay. MalwareBytes found 6 (!) objects. Cleaned them all and restarted.

Here is the log. It was saved before action was taken. Note: you were right, the two files you pegged were indeed part of the problem. Nice work! I have to go to work. Thank you for your help. I will reply tomorrow.

~H.-

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Haven :: SKYY [administrator]

Protection: Enabled

28-Mar-12 15:40:13
mbam-log-2012-03-28 (15-45-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193999
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{D16DAE53-5F9E-3FBE-F8B2-12EFDCAEA7A4} (Backdoor.Messa) -> No action taken.
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{D16DAE53-5F9E-3FBE-F8B2-12EFDCAEA7A4} (Backdoor.Messa) -> No action taken.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\install\javakey.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|HKEY_CURRENT_USER (Backdoor.Agent) -> Data: C:\Users\Haven\AppData\Roaming\update.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\install\javakey.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 09:08 AM

Hi,

please let MBAM remove those entries, reboot and provide a new OTL log when you have the time.

regards myrti

I will be gone from the 17th to the 27th of May

#9 AzureSkyy

Member

Members
26 posts

Posted 28 March 2012 - 09:43 AM

Myrti,

Well. Called ahead to tutoring client. "Allora, ho dimenticato, Riccardo è ammalato da ieri notte. Ci vediamo a domani?" I can't stand the Italians, sometimes. So bleep unreliable, no wonder their economy is dying. Ugh. However, this means that I now have time to finish this malware nonsense...

Small note: NGINX no longer blocks English portal to Gmail. Thumbs-up for that.

OTL Scan after MBAM object removal + reboot:

OTL logfile created on: 28-Mar-12 16:30:47 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Haven\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 36.72% Memory free
7.73 Gb Paging File | 5.07 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = X:\Skyylife\. Biosphere\- Fauna
Drive C: | 25.05 Gb Total Space | 3.76 Gb Free Space | 14.99% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 272.94 Gb Total Space | 10.70 Gb Free Space | 3.92% Space Free | Partition Type: NTFS

Computer Name: SKYY | User Name: Haven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-28 14:45:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
PRC - [2012-03-12 20:20:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware\AAWTray.exe
PRC - [2012-03-12 20:20:09 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware\AAWService.exe
PRC - [2012-02-28 02:03:14 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- X:\Skyylife\. Biosphere\- Fauna\utorrent\uTorrent.exe
PRC - [2012-02-09 08:06:48 | 000,312,376 | ---- | M] (Power Software Ltd) -- X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE
PRC - [2012-01-24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe
PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-01-13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-12-31 05:54:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\firefox.exe
PRC - [2011-12-31 05:54:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugin-container.exe
PRC - [2011-11-23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe
PRC - [2011-11-15 01:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe
PRC - [2011-08-02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe
PRC - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe
PRC - [2011-06-06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-03-17 12:50:42 | 004,523,928 | ---- | M] (Almico Software (www.almico.com)) -- X:\Skyylife\. Biosphere\- Fauna\SpeedFan\speedfan.exe
PRC - [2010-07-12 18:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe
PRC - [2001-09-07 02:37:10 | 000,049,152 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe

========== Modules (No Company Name) ==========

MOD - [2012-03-28 16:27:04 | 000,192,512 | ---- | M] () -- C:\Users\Haven\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012-03-28 16:27:04 | 000,172,032 | ---- | M] () -- C:\Users\Haven\AppData\Local\Temp\sfareca00001.dll
MOD - [2012-03-13 14:16:31 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012-01-29 19:50:03 | 000,623,104 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jnetlib.w5s
MOD - [2012-01-29 19:50:03 | 000,291,328 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_local.dll
MOD - [2012-01-29 19:50:03 | 000,214,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_pmp.dll
MOD - [2012-01-29 19:50:03 | 000,174,080 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\auth.w5s
MOD - [2012-01-29 19:50:03 | 000,154,624 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jpeg.w5s
MOD - [2012-01-29 19:50:03 | 000,135,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_ipod.dll
MOD - [2012-01-29 19:50:03 | 000,125,952 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_online.dll
MOD - [2012-01-29 19:50:03 | 000,115,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_p4s.dll
MOD - [2012-01-29 19:50:03 | 000,090,112 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\xml.w5s
MOD - [2012-01-29 19:50:03 | 000,086,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\png.w5s
MOD - [2012-01-29 19:50:03 | 000,084,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\playlist.w5s
MOD - [2012-01-29 19:50:03 | 000,083,968 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\tataki.dll
MOD - [2012-01-29 19:50:03 | 000,082,944 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_playlists.dll
MOD - [2012-01-29 19:50:03 | 000,061,952 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_plg.dll
MOD - [2012-01-29 19:50:03 | 000,056,320 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_impex.dll
MOD - [2012-01-29 19:50:03 | 000,052,224 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_history.dll
MOD - [2012-01-29 19:50:03 | 000,051,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_android.dll
MOD - [2012-01-29 19:50:03 | 000,051,200 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_ds.dll
MOD - [2012-01-29 19:50:03 | 000,047,616 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\zlib.dll
MOD - [2012-01-29 19:50:03 | 000,047,104 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_usb.dll
MOD - [2012-01-29 19:50:03 | 000,035,840 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\timer.w5s
MOD - [2012-01-29 19:50:03 | 000,033,792 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_rg.dll
MOD - [2012-01-29 19:50:03 | 000,031,232 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_transcode.dll
MOD - [2012-01-29 19:50:03 | 000,023,040 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\albumart.w5s
MOD - [2012-01-29 19:50:03 | 000,022,528 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_disk.dll
MOD - [2012-01-29 19:50:03 | 000,021,504 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\tagz.w5s
MOD - [2012-01-29 19:50:03 | 000,020,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_njb.dll
MOD - [2012-01-29 19:50:03 | 000,019,456 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gif.w5s
MOD - [2012-01-29 19:50:03 | 000,019,456 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\bmp.w5s
MOD - [2012-01-29 19:50:03 | 000,018,432 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_wave.dll
MOD - [2012-01-29 19:50:03 | 000,016,896 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\dlmgr.w5s
MOD - [2012-01-29 19:50:03 | 000,016,384 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gracenote.w5s
MOD - [2012-01-29 19:50:03 | 000,014,336 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\filereader.w5s
MOD - [2012-01-29 19:50:03 | 000,013,824 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\System\primo.w5s
MOD - [2012-01-29 19:50:02 | 001,735,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ff.dll
MOD - [2012-01-29 19:50:02 | 000,340,992 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2012-01-29 19:50:02 | 000,312,320 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wm.dll
MOD - [2012-01-29 19:50:02 | 000,306,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ml.dll
MOD - [2012-01-29 19:50:02 | 000,285,184 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp3.dll
MOD - [2012-01-29 19:50:02 | 000,252,928 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\libsndfile.dll
MOD - [2012-01-29 19:50:02 | 000,216,576 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_vorbis.dll
MOD - [2012-01-29 19:50:02 | 000,199,680 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_disc.dll
MOD - [2012-01-29 19:50:02 | 000,183,808 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_jumpex.dll
MOD - [2012-01-29 19:50:02 | 000,164,352 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mod.dll
MOD - [2012-01-29 19:50:02 | 000,109,568 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_midi.dll
MOD - [2012-01-29 19:50:02 | 000,102,400 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_cdda.dll
MOD - [2012-01-29 19:50:02 | 000,075,776 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\nde.dll
MOD - [2012-01-29 19:50:02 | 000,059,904 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_flac.dll
MOD - [2012-01-29 19:50:02 | 000,053,248 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\nsutil.dll
MOD - [2012-01-29 19:50:02 | 000,050,176 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp4.dll
MOD - [2012-01-29 19:50:02 | 000,028,672 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_autotag.dll
MOD - [2012-01-29 19:50:02 | 000,027,648 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_bookmarks.dll
MOD - [2012-01-29 19:50:02 | 000,027,648 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_hotkeys.dll
MOD - [2012-01-29 19:50:02 | 000,025,600 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_tray.dll
MOD - [2012-01-29 19:50:02 | 000,016,896 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wave.dll
MOD - [2012-01-29 19:50:02 | 000,007,168 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_linein.dll
MOD - [2011-12-31 05:54:56 | 002,124,760 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Firefox 4\mozjs.dll
MOD - [2011-11-15 04:16:46 | 000,075,624 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll
MOD - [2011-06-25 05:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-25 05:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2001-09-07 02:37:10 | 000,049,152 | ---- | M] () -- X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- X:\Skyylife\. Biosphere\- Fauna\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2011-11-23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe -- (avgfws)
SRV:64bit: - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV:64bit: - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe -- (avgwd)
SRV:64bit: - [2011-03-24 13:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011-03-09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-07-29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- X:\Skyylife\. Biosphere\- Fauna\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012-03-12 20:20:09 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012-02-10 02:39:10 | 000,481,064 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011-08-19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-06-06 19:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-05-17 23:42:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-05-06 02:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 20:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-10 03:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010-01-10 03:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-02-23 02:47:28 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-02-09 08:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-12-23 08:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011-12-10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011-10-07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-08-19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2011-08-19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011-08-16 19:31:34 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011-08-08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-06-20 00:16:04 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-05-23 02:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011-03-24 13:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-03-09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-03-09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-07 05:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- X:\Skyylife\. Biosphere\- Fauna\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-10-18 11:21:31 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010-05-20 22:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010-05-08 02:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010-05-08 02:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010-05-06 02:46:38 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009-12-04 18:17:38 | 000,107,120 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2009-09-17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 20:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-08 21:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-03-18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012-03-12 20:20:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1&ucc=IT&dcc=IT&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C B3 67 BA 19 DD CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: {c0bcf963-624b-47fe-aa78-8cc02434cf32}:0.5.3.1Build201101051500
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: X:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: E:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\components [2011-12-31 05:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins [2012-01-29 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: X:\Skyylife\. Biosphere\- Fauna\ESET\ESET Smart Security\Mozilla Thunderbird

[2011-05-05 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Extensions
[2012-03-23 22:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions
[2011-09-12 04:40:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012-01-16 17:31:30 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011-12-26 01:48:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-05-05 19:47:31 | 000,000,000 | ---D | M] (Mouseless Browsing) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{c0bcf963-624b-47fe-aa78-8cc02434cf32}
[2011-11-06 23:59:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011-08-12 16:22:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\DeviceDetection@logitech.com
[2011-03-21 22:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\conduit.xml
[2011-06-25 08:51:59 | 000,001,597 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\the-pirate-bay.xml
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\CUSTOMGOOGLE@MAFIAAFIRE.COM.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe Reader\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: 20 Things I Learned About Browsers & the Web = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg\0.91_0\
CHR - Extension: Google Calendar = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Planetarium = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Gestures for Chrome™ = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Scratchpad = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\2.4.1_0\
CHR - Extension: Clouds Theme 2 (Aero) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcheeeikigmhnkchfhhpanmpclafnai\1.0_0\

O1 HOSTS File: ([2012-03-22 22:13:05 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15172 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SandboxieControl] X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - X:\Skyylife\. Biosphere\- Fauna\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049C920F-77A7-42BF-969F-78373534F3AE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-04-18 17:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell - "" = AutoRun
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell\AutoRun\command - "" = H:\autorun.exe -auto
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001-04-30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (X:\Skyylife\BIOSPH~1\-FAUNA~1\AVG\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - X:\Skyylife\. Biosphere\- Fauna\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Haven\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAE5BA3C-8C5B-CD6D-EEFB-FBEB4CCEBA6C} - C:\Users\Haven\AppData\Roaming\update.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {UXAQ5TDT-0MCL-8WRH-X4PG-HQ28J8WNTLS0} - C:\Program Files (x86)\install\javakey.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - X:\Skyylife\. Biosphere\- Fauna\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012-03-28 15:38:17 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Malwarebytes
[2012-03-28 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-28 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-28 15:37:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-28 15:37:59 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware
[2012-03-28 15:37:22 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Haven\Desktop\mbam--setup-1.60.1.1000.exe
[2012-03-28 14:45:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\requiem_of_sorrow_v6.00_full_install__final_version_
[2012-03-27 19:39:06 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\CONTACT LEARNINGRX + LOVAAS
[2012-03-27 19:38:58 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\LEARN BODYPARTS
[2012-03-26 00:29:18 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Lug 15 - 13.00 - Registri per l'evento Rugged Maniac
[2012-03-24 22:54:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Trastevere - Civitavecchia - Pineto
[2012-03-23 23:53:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 23.30 - Spanking Party
[2012-03-23 01:45:27 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\AVG2012
[2012-03-23 01:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012-03-23 01:43:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012-03-23 01:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-03-23 01:41:19 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\AVG
[2012-03-23 01:37:48 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012-03-23 01:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-03-22 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Haven\Documents\ForceField Shared Files
[2012-03-22 22:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012-03-22 21:40:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-21 11:14:29 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\BIOGame
[2012-03-20 22:39:41 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 15.00 - Deb
[2012-03-20 19:10:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012-03-19 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\Haven\kbpki
[2012-03-18 21:25:35 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 09.00 - David
[2012-03-18 19:18:30 | 000,159,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\PhysXExtensions.dll
[2012-03-18 01:10:13 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 6 - 10.00 - Rachel - Morning Drunk
[2012-03-16 04:01:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-03-16 04:01:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-03-16 04:01:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-03-15 19:58:12 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 20.00 - David
[2012-03-15 17:57:21 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 4 - 20.00 - Katie
[2012-03-15 15:27:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-03-15 15:26:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012-03-15 15:26:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012-03-15 15:26:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012-03-15 15:26:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-03-15 15:26:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-03-15 15:26:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-03-15 13:07:23 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 10a - Gran
[2012-03-15 12:16:03 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 21.00 - Eric - Bring swimsuit
[2012-03-14 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\D2X
[2012-03-13 22:08:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe.backup
[2012-03-13 15:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012-03-13 15:14:29 | 000,125,376 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012-03-13 15:14:29 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\PowerISO
[2012-03-13 14:16:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:26 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 18:03:04 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\dvdcss
[2012-03-12 16:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:11:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-12 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\adaware
[2012-03-12 16:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012-03-12 16:06:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012-03-12 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012-03-12 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-03-11 23:36:07 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\GLEE! DOWN IT ALL
[2012-03-11 23:15:04 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 13.00 - Dentist
[2012-03-11 23:14:56 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 3 - 6am - Parti al Fiumcino
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\ESET
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\ESET
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-28 16:34:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-28 16:05:18 | 000,024,166 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2012-03-28 15:55:58 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-28 15:55:58 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-28 15:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000UA.job
[2012-03-28 15:48:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-28 15:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-28 15:38:01 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:37:25 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Haven\Desktop\mbam--setup-1.60.1.1000.exe
[2012-03-28 14:45:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 14:44:53 | 092,861,381 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-03-28 08:50:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000Core.job
[2012-03-27 21:56:20 | 000,071,304 | ---- | M] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:47 | 000,462,230 | ---- | M] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:59 | 024,898,915 | ---- | M] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:53:47 | 052,497,064 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:03:43 | 072,378,893 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:03:09 | 059,720,168 | ---- | M] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 14:57:47 | 044,966,680 | ---- | M] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:50:09 | 138,405,794 | ---- | M] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-26 01:02:28 | 000,033,662 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-03-24 11:08:44 | 016,745,526 | ---- | M] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-24 10:35:20 | 000,623,281 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012-03-23 01:59:45 | 000,088,914 | ---- | M] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:34 | 000,214,098 | ---- | M] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:25 | 000,093,543 | ---- | M] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 23:01:30 | 000,013,824 | ---- | M] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-22 22:13:05 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-22 22:11:20 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:59:57 | 000,046,951 | -H-- | M] () -- C:\Users\Haven\AppData\Roaming\Havenv1.18.0 - Trial versionlog.dat
[2012-03-21 11:15:48 | 013,085,647 | ---- | M] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:29:42 | 026,418,220 | ---- | M] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-16 08:18:35 | 004,968,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-03-13 22:50:40 | 000,001,469 | ---- | M] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | M] () -- C:\Users\Haven\Documents\HE Items.lnk
[2012-03-13 14:16:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:22 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 16:11:50 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-04 16:23:59 | 000,002,234 | ---- | M] () -- C:\Windows\Sandboxie.ini
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-28 15:38:01 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-27 21:56:19 | 000,071,304 | ---- | C] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:46 | 000,462,230 | ---- | C] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:21 | 024,898,915 | ---- | C] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:52:55 | 052,497,064 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:02:30 | 072,378,893 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:02:07 | 059,720,168 | ---- | C] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 13:48:37 | 044,966,680 | ---- | C] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:48:14 | 138,405,794 | ---- | C] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-24 11:08:43 | 016,745,526 | ---- | C] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-23 01:59:33 | 000,214,098 | ---- | C] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:27 | 000,088,914 | ---- | C] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:18 | 000,093,543 | ---- | C] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 22:11:20 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:12:39 | 013,085,647 | ---- | C] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:27:01 | 026,418,220 | ---- | C] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-13 22:50:40 | 000,001,469 | ---- | C] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | C] () -- C:\Users\Haven\Documents\HE Items.lnk
[2011-12-16 23:52:07 | 000,109,419 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-12-16 07:50:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-12-16 07:50:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-12-16 07:50:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-12-06 12:09:58 | 000,004,416 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamStudio.cfg
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamShapes.ini
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamLayout.ini
[2011-12-06 12:09:58 | 000,000,118 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Camdata.ini
[2011-08-19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011-08-19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011-08-19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011-08-05 08:30:10 | 000,013,824 | ---- | C] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-13 01:56:29 | 001,651,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 23:27:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011-06-28 18:21:31 | 000,695,578 | ---- | C] () -- C:\Windows\unins001.exe
[2011-06-28 18:21:31 | 000,000,896 | ---- | C] () -- C:\Windows\unins001.dat
[2011-06-28 18:19:23 | 000,696,858 | ---- | C] () -- C:\Windows\unins000.exe
[2011-06-28 18:19:23 | 000,002,261 | ---- | C] () -- C:\Windows\unins000.dat
[2011-05-28 22:09:57 | 000,024,166 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2011-05-25 21:23:02 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2011-05-25 06:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-05-22 22:54:58 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-05-22 22:54:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-05-22 22:54:56 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011-05-22 22:54:56 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-05-22 22:54:56 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-05-22 22:54:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-04-10 01:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011-04-06 05:33:19 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011-04-06 05:21:56 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011-04-06 05:21:56 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011-04-01 20:26:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-03-31 04:44:48 | 000,002,234 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011-03-30 22:31:15 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-03-30 22:27:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-30 22:01:23 | 000,000,090 | ---- | C] () -- C:\Windows\ob1.INI
[2011-03-30 04:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-05-20 22:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: WININIT.EXE >
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

========== Files - Unicode (All) ==========
[2012-02-25 10:40:04 | 000,001,324 | ---- | M] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk
[2012-02-25 10:40:04 | 000,001,324 | ---- | C] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
Would you be able to tell me what these chinese-language folders are? My computer shouldn't have anything but English, Italian, German, and French on it.

Thank you again for all your prompt and useful assistence, Myrti.

~H.-

Edited by myrti, 28 March 2012 - 09:49 AM.

#10 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 09:55 AM

Hi,

they are not folders but files and links at that. I would think those are files dropped by the malware. Not necessarily malicious, but defnitely not useful either.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:otl

[2012-02-25 10:40:04 | 000,001,324 | ---- | M] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk
[2012-02-25 10:40:04 | 000,001,324 | ---- | C] ()(C:\Windows\SysNative\??????????????????¦?????+????????????????????????????????????v?????i??????????????????¦?????+??????????????????????????????????????????r??????????????????¦?????+???????????????????????????????????.mp4.lnk) -- C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk

:files
C:\Windows\tasks\at*.job

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not post your logs in code-tags. It makes them harder to read for me.
How is the PC doing?

regards myrti

I will be gone from the 17th to the 27th of May

#11 AzureSkyy

Member

Members
26 posts

Posted 28 March 2012 - 10:05 AM

Apologies, thought code-tags would make it easier. Will post them raw.

OTL for chinese folders (no reboot required):

========== OTL ==========
C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk moved successfully.
File C:\Windows\SysNative\踀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴵ䙆呔ⵔ協䘭⹗汦vȗ數ȗ꯷㮏i輀楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴳ䙍ⵆ义䅓䕎昮癬昀ȗ數ȗꯆ㮏r言楦敬⼺⼯㩘匯祫汹晩⽥┮〲楂獯桰牥⽥╟〲浅楰楲慣╬〲慆瑣⽳┮〲敓獮瑡潩獮弯㈥嘰獩慵⽬敆慭敬弯㈥到獩畱⽥䑒⽔ⴴ䙍䙆匭ⵍ䅔呔.mp4.lnk not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_165612

OTL follow-up (with custom scripts recommended in first post + requested settings for this run):

OTL logfile created on: 28-Mar-12 16:59:12 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Haven\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.86 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 30.96% Memory free
7.73 Gb Paging File | 4.92 Gb Available in Paging File | 63.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = X:\Skyylife\. Biosphere\- Fauna
Drive C: | 25.05 Gb Total Space | 3.75 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive E: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 272.94 Gb Total Space | 10.70 Gb Free Space | 3.92% Space Free | Partition Type: NTFS

Computer Name: SKYY | User Name: Haven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Haven\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - X:\Skyylife\. Biosphere\- Fauna\utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - X:\Skyylife\. Biosphere\- Fauna\Firefox 4\firefox.exe (Mozilla Corporation)
PRC - X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugin-container.exe (Mozilla Corporation)
PRC - X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - X:\Skyylife\. Biosphere\- Fauna\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - X:\Skyylife\. Biosphere\- Fauna\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Haven\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Haven\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jnetlib.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_local.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_pmp.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\auth.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\jpeg.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_ipod.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_online.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_p4s.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\xml.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\png.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\playlist.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\tataki.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_playlists.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_plg.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_impex.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_history.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_android.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_ds.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\zlib.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_usb.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\timer.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_rg.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_transcode.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\albumart.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_disk.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\tagz.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\pmp_njb.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gif.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\bmp.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\out_wave.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\dlmgr.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\gracenote.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\filereader.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\System\primo.w5s ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ff.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wm.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_ml.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp3.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\libsndfile.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_vorbis.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_disc.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_jumpex.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mod.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_midi.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_cdda.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\nde.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_flac.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\nsutil.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_mp4.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_autotag.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\ml_bookmarks.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_hotkeys.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\gen_tray.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_wave.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Winamp\Plugins\in_linein.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Firefox 4\mozjs.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - X:\Skyylife\. Biosphere\- Fauna\Alarm Clock\Alarm Clock.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (MSCamSvc) -- X:\Skyylife\. Biosphere\- Fauna\Microsoft LifeCam\MSCamS64.exe File not found
SRV:64bit: - (MBAMService) -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV:64bit: - (avgfws) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV:64bit: - (AVGIDSAgent) -- X:\Skyylife\. Biosphere\- Fauna\AVG\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV:64bit: - (avgwd) -- X:\Skyylife\. Biosphere\- Fauna\AVG\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV:64bit: - (SbieSvc) -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- X:\Skyylife\. Biosphere\- Fauna\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) Logitech HD Webcam C310(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SbieDrv) -- X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pbfilter) -- X:\Skyylife\. Biosphere\- Fauna\PeerBlock\pbfilter.sys ()
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1&ucc=IT&dcc=IT&opt=0
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C B3 67 BA 19 DD CC 01 [binary data]
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: {c0bcf963-624b-47fe-aa78-8cc02434cf32}:0.5.3.1Build201101051500
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.21.0.11
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1387
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: X:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: E:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Haven\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: X:\Skyylife\. Biosphere\- Fauna\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: E:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\components [2011-12-31 05:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins [2012-01-29 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: X:\Skyylife\. Biosphere\- Fauna\ESET\ESET Smart Security\Mozilla Thunderbird

[2011-05-05 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Extensions
[2011-05-05 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012-03-23 22:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions
[2011-09-12 04:40:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012-01-16 17:31:30 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011-12-26 01:48:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-05-05 19:47:31 | 000,000,000 | ---D | M] (Mouseless Browsing) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{c0bcf963-624b-47fe-aa78-8cc02434cf32}
[2011-11-06 23:59:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2011-08-12 16:22:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\extensions\DeviceDetection@logitech.com
[2011-03-21 22:12:42 | 000,000,863 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\conduit.xml
[2011-06-25 08:51:59 | 000,001,597 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Mozilla\Firefox\Profiles\wnd5rlvl.default\searchplugins\the-pirate-bay.xml
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\CUSTOMGOOGLE@MAFIAAFIRE.COM.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\HAVEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WND5RLVL.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={FD9804C6-BAA1-4A42-B2F0-E03A18D0E57F}&mid=cb39e8c84d1447d6ace704b37b1962bf-0143183d975daa9ce1d0d148af05da7ef4577935&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Haven\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe Reader\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\Firefox 4\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = X:\SKYYLIFE\. BIOSPHERE\- FAUNA\FOXIT READER\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = X:\Skyylife\. Biosphere\- Fauna\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = X:\Skyylife\. Biosphere\- Fauna\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = X:\Skyylife\. Biosphere\- Fauna\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: 20 Things I Learned About Browsers & the Web = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg\0.91_0\
CHR - Extension: Google Calendar = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Planetarium = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Gestures for Chrome™ = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Scratchpad = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\2.4.1_0\
CHR - Extension: Clouds Theme 2 (Aero) = C:\Users\Haven\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcheeeikigmhnkchfhhpanmpclafnai\1.0_0\

O1 HOSTS File: ([2012-03-22 22:13:05 | 000,441,475 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15172 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] X:\Skyylife\. Biosphere\- Fauna\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] X:\Skyylife\. Biosphere\- Fauna\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000..\Run: [DAEMON Tools Lite] X:\Skyylife\. Biosphere\- Fauna\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000..\Run: [Google Update] C:\Users\Haven\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000..\Run: [SandboxieControl] X:\Skyylife\. Biosphere\- Fauna\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2836838903-1963640961-1259976247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://E:\Skyylife\BIOSPH~1\-FAUNA~1\MSOFFI~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - X:\Skyylife\. Biosphere\- Fauna\MSOffice 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - X:\Skyylife\. Biosphere\- Fauna\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{049C920F-77A7-42BF-969F-78373534F3AE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-04-18 17:23:00 | 000,000,041 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9ac859-80bf-11e0-ba3c-c46fa72c8bf3}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell - "" = AutoRun
O33 - MountPoints2\{873c4079-61f1-11e0-9659-ae1c97e49ad4}\Shell\AutoRun\command - "" = H:\autorun.exe -auto
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell - "" = AutoRun
O33 - MountPoints2\{b9a0e772-5c9f-11e0-9f08-d79b9f13d0ec}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2001-04-30 19:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (X:\Skyylife\BIOSPH~1\-FAUNA~1\AVG\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - X:\Skyylife\. Biosphere\- Fauna\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Haven\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAE5BA3C-8C5B-CD6D-EEFB-FBEB4CCEBA6C} - C:\Users\Haven\AppData\Roaming\update.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {UXAQ5TDT-0MCL-8WRH-X4PG-HQ28J8WNTLS0} - C:\Program Files (x86)\install\javakey.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - X:\Skyylife\. Biosphere\- Fauna\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012-03-28 16:56:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-03-28 15:38:17 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Malwarebytes
[2012-03-28 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-28 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-28 15:37:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-28 15:37:59 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\Malwarebytes' Anti-Malware
[2012-03-28 15:37:22 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Haven\Desktop\mbam--setup-1.60.1.1000.exe
[2012-03-28 14:45:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\requiem_of_sorrow_v6.00_full_install__final_version_
[2012-03-27 19:38:58 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\LEARN BODYPARTS
[2012-03-26 00:29:18 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Lug 15 - 13.00 - Registri per l'evento Rugged Maniac
[2012-03-24 22:54:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Trastevere - Civitavecchia - Pineto
[2012-03-23 23:53:14 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 23.30 - Spanking Party
[2012-03-23 01:45:27 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\AVG2012
[2012-03-23 01:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012-03-23 01:43:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012-03-23 01:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012-03-23 01:41:19 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\AVG
[2012-03-23 01:37:48 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012-03-23 01:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012-03-22 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Haven\Documents\ForceField Shared Files
[2012-03-22 22:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012-03-22 21:40:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-21 11:14:29 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\BIOGame
[2012-03-20 22:39:41 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Mar 31 - 15.00 - Deb
[2012-03-20 19:10:05 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012-03-19 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\Haven\kbpki
[2012-03-18 21:25:35 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 09.00 - David
[2012-03-18 19:18:30 | 000,159,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\PhysXExtensions.dll
[2012-03-18 01:10:13 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 6 - 10.00 - Rachel - Morning Drunk
[2012-03-16 04:01:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-03-16 04:01:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-03-16 04:01:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-03-15 19:58:12 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 20.00 - David
[2012-03-15 17:57:21 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 4 - 20.00 - Katie
[2012-03-15 15:27:28 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-03-15 15:26:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012-03-15 15:26:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012-03-15 15:26:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012-03-15 15:26:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-03-15 15:26:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-03-15 15:26:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-03-15 13:07:23 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 7 - 10a - Gran
[2012-03-15 12:16:03 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 21.00 - Eric - Bring swimsuit
[2012-03-14 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\Haven\Desktop\D2X
[2012-03-13 22:08:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe.backup
[2012-03-13 15:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012-03-13 15:14:29 | 000,125,376 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012-03-13 15:14:29 | 000,000,000 | ---D | C] -- X:\Skyylife\. Biosphere\- Fauna\PowerISO
[2012-03-13 14:16:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:26 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 18:03:04 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\dvdcss
[2012-03-12 16:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D2X Hero Editor
[2012-03-12 16:11:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-12 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\adaware
[2012-03-12 16:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012-03-12 16:06:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012-03-12 16:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012-03-12 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012-03-11 23:36:07 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\GLEE! DOWN IT ALL
[2012-03-11 23:15:04 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 5 - 13.00 - Dentist
[2012-03-11 23:14:56 | 000,000,000 | R--D | C] -- C:\Users\Haven\Desktop\Apr 3 - 6am - Parti al Fiumcino
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Roaming\ESET
[2012-03-11 21:28:14 | 000,000,000 | ---D | C] -- C:\Users\Haven\AppData\Local\ESET
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-28 17:00:09 | 000,024,166 | ---- | M] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2012-03-28 16:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000UA.job
[2012-03-28 16:34:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-28 15:55:58 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-28 15:55:58 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-28 15:48:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-28 15:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-28 15:38:01 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:37:25 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Haven\Desktop\mbam--setup-1.60.1.1000.exe
[2012-03-28 14:45:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Haven\Desktop\OTL.exe
[2012-03-28 14:44:53 | 092,861,381 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-03-28 08:50:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836838903-1963640961-1259976247-1000Core.job
[2012-03-27 21:56:20 | 000,071,304 | ---- | M] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:47 | 000,462,230 | ---- | M] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:59 | 024,898,915 | ---- | M] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:53:47 | 052,497,064 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:03:43 | 072,378,893 | ---- | M] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:03:09 | 059,720,168 | ---- | M] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 14:57:47 | 044,966,680 | ---- | M] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:50:09 | 138,405,794 | ---- | M] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-26 01:02:28 | 000,033,662 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-03-24 11:08:44 | 016,745,526 | ---- | M] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-24 10:35:20 | 000,623,281 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012-03-23 01:59:45 | 000,088,914 | ---- | M] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:34 | 000,214,098 | ---- | M] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:25 | 000,093,543 | ---- | M] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 23:01:30 | 000,013,824 | ---- | M] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-22 22:13:05 | 000,441,475 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-22 22:11:20 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:59:57 | 000,046,951 | -H-- | M] () -- C:\Users\Haven\AppData\Roaming\Havenv1.18.0 - Trial versionlog.dat
[2012-03-21 11:15:48 | 013,085,647 | ---- | M] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:29:42 | 026,418,220 | ---- | M] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-16 08:18:35 | 004,968,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-03-13 22:50:40 | 000,001,469 | ---- | M] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | M] () -- C:\Users\Haven\Documents\HE Items.lnk
[2012-03-13 14:16:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-03-12 20:20:22 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012-03-12 16:11:50 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012-03-12 16:11:46 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012-03-04 16:23:59 | 000,002,234 | ---- | M] () -- C:\Windows\Sandboxie.ini
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-28 15:38:01 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-27 21:56:19 | 000,071,304 | ---- | C] () -- C:\Users\Haven\Desktop\SI - EF - Mollena - Tell Me You Want Me.htm
[2012-03-27 21:53:46 | 000,462,230 | ---- | C] () -- C:\Users\Haven\Desktop\PlugY_The_Survival_Kit_v10.00.exe
[2012-03-27 20:53:21 | 024,898,915 | ---- | C] () -- C:\Users\Haven\Desktop\How Advertising Works on Facebook.mp4
[2012-03-27 20:52:55 | 052,497,064 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Facebook Employees.mp4
[2012-03-27 20:02:30 | 072,378,893 | ---- | C] () -- C:\Users\Haven\Desktop\It Gets Better_ Google Employees.mp4
[2012-03-27 20:02:07 | 059,720,168 | ---- | C] () -- C:\Users\Haven\Desktop\it gets better-----a music video by rebecca drysdale.mp4
[2012-03-27 13:48:37 | 044,966,680 | ---- | C] () -- C:\Users\Haven\Desktop\7 Days a Cappella - ICCA SemiFinals 2012.flv
[2012-03-27 13:48:14 | 138,405,794 | ---- | C] () -- C:\Users\Haven\Desktop\JM - My Neighbor Is A bleep.mp4
[2012-03-24 11:08:43 | 016,745,526 | ---- | C] () -- C:\Users\Haven\Desktop\Move-On.Org - Lauren Zuniga - War On Women.flv
[2012-03-23 01:59:33 | 000,214,098 | ---- | C] () -- C:\Users\Haven\Desktop\B.F._Skinner.htm
[2012-03-23 01:59:27 | 000,088,914 | ---- | C] () -- C:\Users\Haven\Desktop\Viktor_Frankl.htm
[2012-03-23 01:59:18 | 000,093,543 | ---- | C] () -- C:\Users\Haven\Desktop\Steven_Pinker.htm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012-03-23 01:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012-03-22 22:11:20 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2012-03-22 22:11:20 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2012-03-22 22:11:20 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2012-03-21 11:12:39 | 013,085,647 | ---- | C] () -- C:\Users\Haven\Desktop\Slum Village - Turning Me Off feat. De La Soul (Prod. by You.flv
[2012-03-21 00:27:01 | 026,418,220 | ---- | C] () -- C:\Users\Haven\Desktop\LALEH _Some Die Young_ (official video).flv
[2012-03-19 16:09:00 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012-03-19 16:09:00 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012-03-13 22:50:40 | 000,001,469 | ---- | C] () -- C:\Users\Haven\Documents\HeroEditor.lnk
[2012-03-13 22:50:24 | 000,001,515 | ---- | C] () -- C:\Users\Haven\Documents\HE Items.lnk
[2011-12-16 23:52:07 | 000,109,419 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-12-16 07:50:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011-12-16 07:50:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011-12-16 07:50:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011-12-06 12:09:58 | 000,004,416 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamStudio.cfg
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamShapes.ini
[2011-12-06 12:09:58 | 000,000,408 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\CamLayout.ini
[2011-12-06 12:09:58 | 000,000,118 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Camdata.ini
[2011-08-19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011-08-19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011-08-19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011-08-05 08:30:10 | 000,013,824 | ---- | C] () -- C:\Users\Haven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-13 01:56:29 | 001,651,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-07-10 23:27:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011-06-28 18:21:31 | 000,695,578 | ---- | C] () -- C:\Windows\unins001.exe
[2011-06-28 18:21:31 | 000,000,896 | ---- | C] () -- C:\Windows\unins001.dat
[2011-06-28 18:19:23 | 000,696,858 | ---- | C] () -- C:\Windows\unins000.exe
[2011-06-28 18:19:23 | 000,002,261 | ---- | C] () -- C:\Windows\unins000.dat
[2011-05-28 22:09:57 | 000,024,166 | ---- | C] () -- C:\Users\Haven\AppData\Roaming\Notepad2.ini
[2011-05-25 21:23:02 | 000,000,011 | ---- | C] () -- C:\Windows\OSA.INI
[2011-05-25 06:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-05-22 22:54:58 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011-05-22 22:54:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-05-22 22:54:56 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011-05-22 22:54:56 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-05-22 22:54:56 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-05-22 22:54:55 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011-04-10 01:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2011-04-06 05:33:20 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2011-04-06 05:33:19 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2011-04-06 05:21:56 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011-04-06 05:21:56 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011-04-01 20:26:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-03-31 04:44:48 | 000,002,234 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011-03-30 22:31:15 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-03-30 22:27:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-03-30 22:01:23 | 000,000,090 | ---- | C] () -- C:\Windows\ob1.INI
[2011-03-30 04:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-05-20 22:26:30 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: WININIT.EXE >
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009-07-14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009-07-14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Computer seems to be doing alright. Haven't, of course, had time to put it through its paces or anything, but what I have noticed seems to have normalized.

Warmly,
~Haven.-

#12 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 28 March 2012 - 10:16 AM

Hi,

I'm glad to hear it's acting more normally.

There's some leftovers from a previous Ad-Aware uninstall I'd like to remove:
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:otl
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
C:\Windows\tasks\at*.job

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please also run a scan with Eset to check for leftovers:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
  
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- [list]
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

I will be gone from the 17th to the 27th of May

#13 AzureSkyy

Member

Members
26 posts

Posted 29 March 2012 - 08:07 AM

Myrti. You've been fantastic. While it is laughable to think that $10 is what the service is worth, I would like to thank you with something other than words. Let me know how I can do this via PM. I sincerely hope that you've found a way to make good money with the skills you possess and their logical application.

NGINX is back. Still getting around it by using the Italian webportals for blocked/redirected sites.

I tabbed over to OTL and accidentally hit Enter on the Run Scan button. Run4's log (the Ad-Aware item removal check) was overwritten. Sorry.

IIRC, it was successful and contained some headers plus the 4 lines of removal-confirmation text. Nothing interesting.

Doing the ESET scan on our public hostel network is a pain, especially with shared connections, but, yea.

What concerns me is that we're assuming the hacker is involved in a more or less passive way. Is this usually the case? Does it seem to be the case now? My hosts file has been modded again, and we're in like, what, the 5th round of scans? :\ It felt like we were almost done ...

Around 1 hour in, on the 99th percentile, 4 objects popped. Variants of Win32/HackTool.SystemCall.AA and Win32/HackTool.CheatEngine.AA. [ It seems that, as usual with progress bars, it means nothing. The first 98% took less than 5 minutes to complete, the remainder of the 2+ hours were at 99th. :\ ]

Around 2h15m, another object popped: Win32/PrcView application.

... CheatEngine is a program I used to mod my Mass Effect 1 & Killing Floor games. It accesses and injects processes with code in real-time, and probably does a whole bunch of other incredibly powerful, useful, and sneaky things. I forgot that it was installed after I mostly stopped playing games during university. It would be insanely useful to a hacker to already have this installed. May I please uninstall it asap? :\

ESET LOGFILE:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7cdfbf1037bcb140940254d27f2681c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-29 01:01:55
# local_time=2012-03-29 03:01:55 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 559784 559784 0 0
# compatibility_mode=5893 16776574 100 52 635536 84647490 0 0
# compatibility_mode=8192 67108863 100 0 209 209 0 0
# scanned=528470
# found=10
# cleaned=0
# scan_time=9791
X:\Skyylife\. Biosphere\- Fauna\CEngine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\- Fauna\CEngine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\- Fauna\CEngine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\- Fauna\CEngine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Hypothetical Constructs\_ Drudgery\MNTC\2011-0 - S\ByeTunes.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Intervening Variables\_ Tools\Diablo II\Applets\Eplite\Original\EasyLoad.exe a variant of Win32/HackTool.Inject.H application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Intervening Variables\_ Tools\Diablo II\Applets\Eplite\Original\EPLite_v100_Final_D2v112.zip a variant of Win32/HackTool.Inject.H application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Intervening Variables\_ Tools\Diablo II\Applets\Eplite\Per Act\EasyLoad.exe a variant of Win32/HackTool.Inject.H application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Intervening Variables\_ Tools\Diablo II\Applets\Eplite\Per Game\EasyLoad.exe a variant of Win32/HackTool.Inject.H application (unable to clean) 00000000000000000000000000000000 I
X:\Skyylife\. Biosphere\_ Intervening Variables\_ Tools\Diablo II\Applets\WardenWatcher\RemoteDll.exe a variant of Win32/RemoteDLL.A application (unable to clean) 00000000000000000000000000000000 I

Argh. Stupid computer games.

~H.-

#14 myrti

Animin made me do it...

Malware Response Instructor
29,580 posts

Gender:Female
Location:At home

Posted 29 March 2012 - 12:23 PM

Hi,

it would seem that all those hits are found in games, I would remove them and, yes go ahead and uninstall that application.

Do you use a router of some sort? Do other PCs on the same router experience this as well?

Can you please run a scan with aswmbr:

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Regarding the donation, I have a paypal account you can donate to, by clicking on the banner in my signature (the big green picture). Thanks!

regards myrti

I will be gone from the 17th to the 27th of May

#15 AzureSkyy

Member

Members
26 posts

Posted 30 March 2012 - 04:03 AM

Am currently living in a youth hostel in Roma, Italia, from January to April and leaving in 6 days. The only other dedicated computer here is public, and neither the staff nor 98% of the hostel-goers have any idea about informatics. I did meet one optics engineer, but he left long ago and had his own laptop. When one saw me taking apart my laptop to clean it, she blanched.

I don't use that computer, and have no idea what sorts of issues it might have - lots, I imagine. However, I do share the network with that computer, and I seriously doubt that the network is anywhere near secure - how can I protect myself from the same things propagating over again? I don't have administrator rights to that machine or the network.

Uninstalled and shift+delete'd the contents of the ESET-identified folders. CCleaner is currently doing a triple-pass wipe of freespace on both drives.

aswMBR running. It requested to download avast! definitions to improve results. As it was from your link, I trusted the source and accepted.

aswMBR RESULTS:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 22:10:36
-----------------------------
22:10:36.799 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:36.799 Number of processors: 4 586 0x2502
22:10:36.801 ComputerName: SKYY UserName:
22:10:40.405 Initialize success
22:11:48.104 AVAST engine defs: 12032901
22:13:32.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:13:32.156 Disk 0 Vendor: WDC_WD3200BEKT-00KA9T0 01.01A01 Size: 305245MB BusType: 11
22:13:32.247 Disk 0 MBR read successfully
22:13:32.250 Disk 0 MBR scan
22:13:32.257 Disk 0 Windows 7 default MBR code
22:13:32.302 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:13:32.366 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 25650 MB offset 206848
22:13:32.511 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 279492 MB offset 52738048
22:13:32.694 Disk 0 scanning C:\Windows\system32\drivers
22:14:50.560 Service scanning
22:16:31.880 Modules scanning
22:16:31.892 Disk 0 trace - called modules:
22:16:31.958 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80044762c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:16:32.299 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
22:16:32.309 3 CLASSPNP.SYS[fffff88001b8243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004947060]
22:16:32.316 \Driver\atapi[0xfffffa8004915060] -> IRP_MJ_CREATE -> 0xfffffa80044762c0
22:16:35.249 AVAST engine scan C:\Windows
22:16:43.344 AVAST engine scan C:\Windows\system32
22:35:07.416 AVAST engine scan C:\Windows\system32\drivers
22:36:04.032 AVAST engine scan C:\Users\Haven
22:55:42.417 AVAST engine scan C:\ProgramData
23:02:33.031 Scan finished successfully
23:04:06.990 Disk 0 MBR has been saved successfully to "C:\Users\Haven\Desktop\MBR.dat"
23:04:07.082 The log file has been saved successfully to "C:\Users\Haven\Desktop\aswMBR.txt"

Mhm.
~H.-