proscan5.info

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

proscan5.info

Options

jab416171 View Member Profile	Nov 1 2009, 08:15 PM Post #1
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	I just got this hxxp://joe-bass.com/popup.jpg and firefox just randomly opened up this tab hxxp://proscan5.info/25/26-088wLzQzL1EzL== I wasn't doing anything at the time, I had firefox minimized, and the popup just appeared, and I noticed the firefox tab was open. I am currently running a spybot scan. Please let me know of any further actions I should take. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:09, on 11/1/2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Xfire\Xfire.exe C:\Program Files (x86)\Curse\CurseClient.exe C:\Program Files (x86)\mirc\mirc.exe C:\Users\Joe\Desktop\toolbox\realtemp\RealTemp.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\Notepad++\notepad++.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\foobar2000\foobar2000.exe C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8117 bytes This post has been edited by Orange Blossom: Nov 3 2009, 12:16 AM Reason for edit: Deactivate links. ~ OB

sempai View Member Profile	Nov 8 2009, 06:10 AM Post #2
Bleepin Pinoy Group: Malware Response Team Posts: 2,747 Joined: 30-June 06 From: 3 stars and the sun Member No.: 74,094	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE -------------------- Please consider a donation. Thank you. Please don't PM asking for support. Post on the Forums instead. Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

jab416171 View Member Profile	Nov 9 2009, 10:59 AM Post #3
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	I haven't done anything except run the spybot scan, which just removed some cookies. The problem hasn't popped up since, but I would still like to know if my PC is 100% clean. I will perform the steps when I get home in about 9 hours. I'm currently at school.

schrauber View Member Profile	Nov 11 2009, 04:02 PM Post #4
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hello, jab416171 Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. If you do not make a reply in 5 days, we will have to close your topic. You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here. Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here. Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. I am awaiting your logfiles -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 12 2009, 09:14 PM Post #5
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	DDS (Ver_09-10-26.01) - NTFSX64 Run by Joe at 19:13:00.00 on Thu 11/12/2009 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6143.3694 [GMT -7:00] SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\mirc\mirc.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\conhost.exe C:\Users\Joe\Downloads\PvPGN-1.8.5-0-Win32-MySQL-5.1.31-BIN\pvpgn-1.8.5\d2dbsConsole.exe C:\Windows\system32\perfmon.exe C:\Program Files (x86)\Notepad++\notepad++.exe C:\Windows\system32\mmc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE G:\procexp64.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\Explorer.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Joe\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm mWinlogon: Userinit=userinit.exe BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized uRun: [Desktop Software] "c:\program files (x86)\common files\supportsoft\bin\bcont.exe" /ini "c:\program files (x86)\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [FileZilla Server Interface] "c:\program files (x86)\filezilla server\FileZilla Server Interface.exe" StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\msi\star key bluetooth software\BTTray.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files (x86)\apache software foundation\apache2.2\bin\ApacheMonitor.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Send image to &Bluetooth Device... - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\msi\star key bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab TCP: {505667FC-1BB3-4DBD-AF13-34012DBDCCD0} = 68.87.85.98,68.87.69.146 TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll mRun-x64: [(Default)] mRun-x64: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE mRun-x64: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe" mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm ================= FIREFOX =================== FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\tx3gz40j.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.tomshardware.com/us/ FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\users\joe\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys [2009-8-4 241696] R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\system32\drivers\vpcnfltr.sys [2009-10-22 66304] R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\system32\drivers\vpcvmm.sys [2009-10-22 359552] R2 Apache2.2;Apache2.2;c:\program files (x86)\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2009-10-29 1767816] R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-11-1 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232] R2 TeamViewer4;TeamViewer 4;c:\program files (x86)\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640] R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\drivers\Rtnic64.sys [2009-6-10 51712] R3 vpcbus;Virtual PC Host Bus Service;c:\windows\system32\drivers\vpchbus.sys [2009-10-22 187904] R3 vpcusb;USB Virtualization Connector Service;c:\windows\system32\drivers\vpcusb.sys [2009-10-22 95232] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-4 25832] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\joe\desktop\toolbox\realtemp\WinRing0x64.sys [2009-9-19 14544] =============== Created Last 30 ================ 2009-11-12 20:38:01 0 d-----w- c:\programdata\MySQL 2009-11-12 20:38:01 0 d-----w- c:\program files\MySQL 2009-11-10 23:17:18 0 d-----w- c:\program files (x86)\TeamViewer 2009-11-10 23:15:46 0 d-----w- c:\users\joe\appdata\roaming\TeamViewer 2009-11-10 23:15:43 0 d-----w- c:\users\joe\temp 2009-11-09 19:51:27 0 d-----w- c:\program files (x86)\DAEMON Tools Lite 2009-11-09 03:56:21 0 d-----w- c:\program files\Realtek 2009-11-09 03:56:12 0 d-----w- c:\program files (x86)\Realtek 2009-11-09 03:56:04 0 d--h--w- c:\program files (x86)\Temp 2009-11-09 03:42:17 0 d-----w- c:\program files (x86)\LogMeIn Hamachi 2009-11-08 20:07:32 0 d-----w- c:\program files (x86)\Audacity 2009-11-06 05:21:17 0 d-----w- c:\users\joe\appdata\roaming\.easytag 2009-11-06 05:21:15 0 d-----w- c:\program files (x86)\EasyTAG 2009-11-06 05:20:33 0 d-----w- c:\program files (x86)\common files\GTK 2009-11-05 00:25:38 0 d-----w- c:\programdata\BioWare 2009-11-05 00:13:35 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2009-11-05 00:13:31 0 d-----w- c:\programdata\Media Center Programs 2009-11-05 00:06:06 0 d-----w- c:\program files (x86)\Dragon Age 2009-11-05 00:02:24 0 d-----w- c:\program files (x86)\common files\BioWare 2009-11-03 01:26:21 21840 ----a-w- c:\windows\syswow64\SIntfNT.dll 2009-11-03 01:26:21 17212 ----a-w- c:\windows\syswow64\SIntf32.dll 2009-11-03 01:26:21 12067 ----a-w- c:\windows\syswow64\SIntf16.dll 2009-11-03 01:20:02 39600 ----a-w- c:\windows\DIIUnin.dat 2009-11-03 01:19:59 94208 ----a-w- c:\windows\DIIUnin.exe 2009-11-03 01:19:59 2829 ----a-w- c:\windows\DIIUnin.pif 2009-11-03 01:12:59 0 d-----w- c:\program files (x86)\Diablo II 2009-11-02 05:28:59 0 d-----w- c:\program files (x86)\VideoLAN 2009-11-02 01:15:03 0 d-----w- c:\program files (x86)\Trend Micro 2009-11-02 01:02:54 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-02 01:02:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy 2009-11-01 00:24:44 0 d-----w- c:\program files (x86)\Oblivion 2009-10-30 15:20:41 0 d-----w- c:\program files (x86)\Tunatic 2009-10-25 03:11:51 0 d-----w- c:\program files (x86)\Curse 2009-10-23 01:34:34 0 d-----r- c:\users\joe\Virtual Machines 2009-10-23 01:25:22 0 d-----w- c:\program files (x86)\Windows Virtual PC 2009-10-23 01:23:56 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll 2009-10-23 01:23:51 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys 2009-10-23 01:23:51 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys 2009-10-23 01:23:50 793600 ----a-w- c:\windows\syswow64\vmsal.exe 2009-10-23 01:23:50 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys 2009-10-23 01:23:50 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll 2009-10-23 01:23:50 359552 ----a-w- c:\windows\system32\drivers\vpcvmm.sys 2009-10-23 01:23:50 2262016 ----a-w- c:\windows\system32\VPCWizard.exe 2009-10-23 01:23:50 1369600 ----a-w- c:\windows\system32\VPCSettings.exe 2009-10-23 01:23:49 936448 ----a-w- c:\windows\system32\vmsal.exe 2009-10-23 01:23:49 4513792 ----a-w- c:\windows\system32\vpc.exe 2009-10-23 01:23:49 1209856 ----a-w- c:\windows\system32\VMWindow.exe 2009-10-23 01:22:59 0 d-----w- c:\program files\Windows XP Mode 2009-10-18 01:41:27 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe 2009-10-18 01:41:26 669184 ----a-w- c:\windows\syswow64\pbsvc.exe 2009-10-18 01:41:26 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe 2009-10-18 01:37:27 0 d-----w- c:\program files (x86)\Crysis 2009-10-18 01:08:56 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll 2009-10-18 01:08:17 0 dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2009-10-18 01:05:57 0 d-----w- c:\program files (x86)\Crysis WARHEAD 2009-10-18 01:04:56 662 ----a-w- c:\windows\syswow64\ealregsnapshot1.reg 2009-10-17 22:42:48 0 d-----w- c:\users\joe\appdata\roaming\The Creative Assembly 2009-10-17 22:26:36 0 d-----w- c:\program files (x86)\Empire Total War 2009-10-17 21:10:13 311808 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-17 21:10:13 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2009-10-17 18:37:10 0 d--h--w- c:\programdata\{0E8E33D8-193A-414A-A909-0F101A142D26} 2009-10-17 18:32:04 0 d-----w- c:\windows\Sins of a Solar Empire 2009-10-17 18:32:04 0 d-----w- c:\program files (x86)\Sins of a Solar Empire 2009-10-16 03:17:27 46592 ----a-w- c:\windows\system32\msasn1.dll 2009-10-16 03:17:27 34816 ----a-w- c:\windows\syswow64\msasn1.dll 2009-10-14 23:58:08 27536 ----a-w- c:\windows\system32\xfcodec64.dll 2009-10-14 23:58:06 41872 ----a-w- c:\windows\syswow64\xfcodec.dll ==================== Find3M ==================== 2009-11-09 19:51:42 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-10 10:01:48 150528 ----a-w- c:\windows\syswow64\TLBINF32.DLL 2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-28 01:23:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-28 01:23:00 3746920 ----a-w- c:\windows\system32\nvwss.dll 2009-09-28 01:23:00 289896 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-28 01:23:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-28 01:23:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll 2009-09-28 01:22:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll 2009-09-28 01:22:00 82536 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-28 01:22:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-28 01:22:00 5208168 ----a-w- c:\windows\system32\nvgames.dll 2009-09-28 01:22:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe 2009-09-28 01:22:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-28 00:24:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-23 16:42:58 33856 ---ha-w- c:\windows\system32\hamachi.sys 2009-09-05 05:56:23 5958656 ----a-w- c:\windows\syswow64\mshtml.dll 2009-09-05 05:56:22 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll 2009-09-01 01:32:58 1422368 ----a-w- c:\windows\system32\RtPgEx64.dll 2009-09-01 01:32:42 436768 ----a-w- c:\windows\system32\RtkApi64.dll 2009-09-01 01:32:42 1664544 ----a-w- c:\windows\system32\RtkAPO64.dll 2009-09-01 01:32:42 1178656 ----a-w- c:\windows\system32\RTCOM64.dll 2009-09-01 01:32:30 64544 ----a-w- c:\windows\system32\RCoInst64.dll 2009-09-01 01:32:06 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2009-09-01 01:32:06 149536 ----a-w- c:\windows\system32\RtkCfg64.dll 2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll 2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL 2009-08-21 02:49:12 294400 ----a-w- c:\windows\system32\FMAPO64.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:13:34.77 ===============

schrauber View Member Profile	Nov 13 2009, 01:45 PM Post #6
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Please download OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Push the button. Two reports will open, copy and paste them in a reply here: OTListIt.txt <-- Will be opened Extra.txt <-- Will be minimized -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 13 2009, 10:21 PM Post #7
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	OTL.txt OTL logfile created on: 11/13/2009 20:18:15 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 3.48 Gb Available Physical Memory \| 86.97% Memory free 4.00 Gb Paging File \| 3.24 Gb Available in Paging File \| 81.10% Paging File free Paging file location(s): c:\pagefile.sys 1024 6144 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 232.79 Gb Total Space \| 57.89 Gb Free Space \| 24.87% Space Free \| Partition Type: NTFS Drive D: \| 549.52 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive E: \| 186.31 Gb Total Space \| 35.87 Gb Free Space \| 19.25% Space Free \| Partition Type: NTFS Drive F: \| 931.51 Gb Total Space \| 124.31 Gb Free Space \| 13.35% Space Free \| Partition Type: NTFS Drive G: \| 149.05 Gb Total Space \| 28.83 Gb Free Space \| 19.34% Space Free \| Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOE-PC Current User Name: Joe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe PRC - [2009/11/10 20:51:37 \| 00,320,760 \| ---- \| M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2009/11/06 08:35:41 \| 00,908,248 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/11/05 00:00:00 \| 01,875,296 \| ---- \| M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2009/10/26 05:54:03 \| 01,217,808 \| ---- \| M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009/10/07 06:04:44 \| 03,872,552 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe PRC - [2009/10/07 05:50:26 \| 00,185,640 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009/09/27 16:48:00 \| 00,240,232 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/09/14 09:16:57 \| 09,239,808 \| ---- \| M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2009/09/14 09:16:57 \| 09,239,808 \| ---- \| M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2009/09/14 09:16:57 \| 09,239,808 \| ---- \| M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2009/09/14 09:16:57 \| 09,239,808 \| ---- \| M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 10:13:21 \| 00,288,048 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe PRC - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe PRC - [2009/09/06 07:26:04 \| 01,230,336 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/08/07 12:20:53 \| 00,471,040 \| ---- \| M] (Blizzard Entertainment) -- C:\Program Files (x86)\Warcraft III\war3.exe PRC - [2009/08/06 12:51:30 \| 00,041,051 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/07/25 02:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe PRC - [2009/02/26 23:22:34 \| 02,418,176 \| ---- \| M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe PRC - [2009/02/26 23:22:34 \| 02,418,176 \| ---- \| M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe PRC - [2009/02/26 23:22:34 \| 02,418,176 \| ---- \| M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe PRC - [2009/02/26 23:22:34 \| 02,418,176 \| ---- \| M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe PRC - [2009/02/02 17:32:24 \| 00,974,848 \| ---- \| M] (Octopussy) -- C:\Users\Joe\Desktop\BNetGatewayEditor.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/03/06 08:15:42 \| 00,289,792 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe PRC - [2006/03/06 08:15:42 \| 00,289,792 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe ========== Modules (SafeList) ========== MOD - [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe MOD - [2009/07/13 18:16:17 \| 01,123,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009/07/13 18:16:17 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/07/13 18:16:15 \| 00,171,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009/07/13 18:16:15 \| 00,043,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/13 18:14:57 \| 00,070,144 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/13 18:03:50 \| 01,680,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/12 04:40:50 \| 07,607,296 \| ---- \| M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL51) SRV:64bit: - [2009/07/13 18:41:59 \| 00,229,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009/07/13 18:41:56 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009/07/13 18:41:56 \| 00,195,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009/07/13 18:41:56 \| 00,163,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009/07/13 18:41:55 \| 00,044,544 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009/07/13 18:41:54 \| 00,065,536 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009/07/13 18:41:54 \| 00,029,184 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009/07/13 18:41:54 \| 00,017,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc) SRV:64bit: - [2009/07/13 18:41:53 \| 01,361,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,327,168 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,327,168 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,187,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009/07/13 18:41:53 \| 00,067,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009/07/13 18:41:53 \| 00,025,088 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009/07/13 18:41:27 \| 01,011,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:41:18 \| 00,231,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009/07/13 18:40:54 \| 01,127,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/13 18:40:28 \| 00,314,368 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009/07/13 18:40:28 \| 00,291,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009/07/13 18:40:24 \| 00,689,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009/07/13 18:40:13 \| 00,083,968 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009/07/13 18:40:10 \| 00,100,864 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009/07/13 18:40:05 \| 00,114,688 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009/07/13 18:40:01 \| 00,193,536 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/13 18:40:01 \| 00,032,256 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009/07/13 18:39:56 \| 01,525,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV:64bit: - [2009/07/13 18:39:51 \| 01,503,744 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009/07/13 18:39:28 \| 03,524,608 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009/07/13 18:39:11 \| 00,689,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2009/11/10 20:51:37 \| 00,320,760 \| ---- \| M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/10/29 12:27:56 \| 01,767,816 \| ---- \| M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/10/07 05:50:26 \| 00,185,640 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009/09/27 16:48:00 \| 00,240,232 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2) SRV - [2009/07/26 06:43:14 \| 00,025,832 \| ---- \| M] (BioWare) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/07/13 20:20:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 20:20:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 18:39:09 \| 00,696,832 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2009/07/13 18:39:09 \| 00,127,488 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2009/07/13 18:16:12 \| 00,165,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 18:15:11 \| 00,253,440 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 13:30:11 \| 00,061,056 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/06/10 14:23:09 \| 00,066,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 13:39:58 \| 00,089,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/06/10 13:30:59 \| 00,042,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2009/06/10 13:30:45 \| 00,856,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2005/04/03 23:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009/11/09 12:51:42 \| 00,834,544 \| ---- \| M] () -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/09/22 18:46:18 \| 00,066,304 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/22 18:46:17 \| 00,359,552 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/22 18:32:39 \| 00,095,232 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/22 18:32:33 \| 00,187,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/13 18:52:21 \| 00,106,576 \| ---- \| M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 18:52:21 \| 00,028,752 \| ---- \| M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 18:52:20 \| 00,194,128 \| ---- \| M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 \| 00,153,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009/07/13 18:48:04 \| 00,065,600 \| ---- \| M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:48:04 \| 00,014,416 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009/07/13 18:47:49 \| 00,055,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 18:47:48 \| 00,077,888 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 18:45:56 \| 00,022,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 18:45:55 \| 00,217,680 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009/07/13 18:45:55 \| 00,200,272 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:64bit: - [2009/07/13 18:45:55 \| 00,046,672 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:64bit: - [2009/07/13 18:45:55 \| 00,036,432 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 18:45:55 \| 00,034,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:64bit: - [2009/07/13 18:45:55 \| 00,024,656 \| ---- \| M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:45:46 \| 00,214,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009/07/13 18:45:45 \| 00,050,768 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 18:43:14 \| 00,460,504 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009/07/13 18:43:13 \| 00,223,448 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009/07/13 17:17:46 \| 00,024,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 17:16:35 \| 00,008,192 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 17:10:24 \| 00,060,416 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) DRV:64bit: - [2009/07/13 17:09:26 \| 00,012,800 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 17:08:13 \| 00,035,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 17:07:21 \| 00,024,576 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 17:07:13 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009/07/13 17:07:00 \| 00,350,208 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009/07/13 17:07:00 \| 00,118,784 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) DRV:64bit: - [2009/07/13 17:06:57 \| 00,551,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT) DRV:64bit: - [2009/07/13 17:06:56 \| 00,158,720 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) DRV:64bit: - [2009/07/13 17:06:53 \| 00,041,984 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum) DRV:64bit: - [2009/07/13 17:06:52 \| 00,079,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB) DRV:64bit: - [2009/07/13 17:06:52 \| 00,009,728 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 17:06:24 \| 00,008,192 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 17:05:37 \| 00,112,128 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009/07/13 17:02:08 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 17:00:34 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009/07/13 17:00:13 \| 00,006,656 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 16:52:39 \| 00,061,440 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009/07/13 16:50:17 \| 00,029,696 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009/07/13 16:42:58 \| 00,006,656 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:64bit: - [2009/07/13 16:42:44 \| 00,021,760 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:64bit: - [2009/07/13 16:37:18 \| 00,040,448 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 16:31:06 \| 00,026,624 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 16:31:03 \| 00,017,664 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 16:27:17 \| 00,012,288 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009/07/13 16:24:27 \| 00,514,048 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009/07/13 16:19:25 \| 00,060,928 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/06/10 13:35:53 \| 00,051,712 \| ---- \| M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009/06/10 13:34:33 \| 03,286,016 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 \| 00,468,480 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 \| 00,270,848 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 \| 00,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/23 10:15:06 \| 00,033,856 \| -H-- \| M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/20 11:00:02 \| 00,086,832 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2006/11/20 11:00:00 \| 00,095,024 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2006/11/20 10:59:56 \| 00,020,016 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV - [2009/09/11 22:20:45 \| 00,000,000 \| ---D \| M] -- C:\Windows\CSC -- (CSC) DRV - [2009/07/13 18:19:10 \| 00,019,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 18:16:02 \| 00,014,336 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009/06/10 14:28:14 \| 00,001,088 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 14:15:18 \| 00,003,066 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2008/07/26 20:30:36 \| 00,014,544 \| ---- \| M] (OpenLibSys.org) -- C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 9F 6F 07 44 49 CA 01 [binary data] IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.tomshardware.com/us/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9 FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] [2009/09/12 05:43:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions [2009/09/12 05:43:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/11 19:18:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions [2009/11/11 19:18:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\dave2x@download [2009/09/12 05:44:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\foxmarks@kei.com [2009/09/13 18:56:36 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\tabsopenrelative@jomel.me.uk [2009/10/10 10:29:10 \| 00,002,399 \| ---- \| M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\searchplugins\daemon-search.xml [2009/11/11 19:18:16 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/12 07:43:53 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/09/12 11:28:09 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/06 08:35:41 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2009/11/06 08:35:41 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2009/07/25 02:23:01 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll [2009/09/14 09:16:57 \| 00,072,960 \| ---- \| M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009/11/06 08:35:41 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2009/08/24 11:45:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/24 11:45:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml [2009/08/24 11:45:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/24 11:45:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml [2009/08/24 11:45:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml [2009/08/24 11:45:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/24 11:45:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/04/18 08:23:00 \| 00,000,041 \| R--- \| M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{eefc1607-9f5b-11de-a546-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eefc1607-9f5b-11de-a546-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001/04/30 10:33:00 \| 00,032,768 \| R--- \| M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2009/11/13 19:55:48 \| 00,974,848 \| ---- \| C] (Octopussy) -- C:\Users\Joe\Desktop\BNetGatewayEditor.exe [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\MySQL [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\MySQL [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MySQL [2009/11/12 10:00:53 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\pvpgn-1.8.5 [2009/11/10 16:17:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\TeamViewer [2009/11/10 16:15:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\TeamViewer [2009/11/10 16:15:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\temp [2009/11/09 12:51:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\DAEMON Tools Lite [2009/11/08 20:56:21 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysWow64\RTCOM [2009/11/08 20:56:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Realtek [2009/11/08 20:56:12 \| 01,992,352 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTKVHD64.sys [2009/11/08 20:56:12 \| 01,664,544 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2009/11/08 20:56:12 \| 01,422,368 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2009/11/08 20:56:12 \| 01,178,656 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2009/11/08 20:56:12 \| 00,611,872 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2009/11/08 20:56:12 \| 00,513,536 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2009/11/08 20:56:12 \| 00,436,768 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2009/11/08 20:56:12 \| 00,363,008 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/08 20:56:12 \| 00,332,320 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/08 20:56:12 \| 00,311,296 \| ---- \| C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2009/11/08 20:56:12 \| 00,304,640 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2009/11/08 20:56:12 \| 00,304,640 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2009/11/08 20:56:12 \| 00,294,400 \| ---- \| C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2009/11/08 20:56:12 \| 00,211,376 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2009/11/08 20:56:12 \| 00,198,656 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/08 20:56:12 \| 00,193,536 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2009/11/08 20:56:12 \| 00,166,400 \| ---- \| C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2009/11/08 20:56:12 \| 00,150,528 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2009/11/08 20:56:12 \| 00,149,536 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/08 20:56:12 \| 00,108,032 \| ---- \| C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2009/11/08 20:56:12 \| 00,095,744 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/08 20:56:12 \| 00,073,216 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/08 20:56:12 \| 00,064,544 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2009/11/08 20:56:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Realtek [2009/11/08 20:56:04 \| 00,000,000 \| -H-D \| C] -- C:\Program Files (x86)\Temp [2009/11/08 20:56:03 \| 00,831,488 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2009/11/08 20:42:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\LogMeIn Hamachi [2009/11/08 13:07:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Audacity [2009/11/08 13:02:27 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Still Alive [2009/11/05 22:21:17 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\.easytag [2009/11/05 22:21:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\EasyTAG [2009/11/05 22:20:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\GTK [2009/11/05 22:06:12 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\AlbumArt Extracter for Rockbox v2 [2009/11/05 21:46:28 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Copy to iPod [2009/11/04 17:25:38 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\BioWare [2009/11/04 17:25:38 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\BioWare [2009/11/04 17:23:29 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Documents\BioWare [2009/11/04 17:13:35 \| 00,000,000 \| ---D \| C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2009/11/04 17:13:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/11/04 17:13:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/11/04 17:06:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Dragon Age [2009/11/04 17:02:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\BioWare [2009/11/02 18:19:59 \| 00,094,208 \| ---- \| C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2009/11/02 18:12:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Diablo II [2009/11/01 22:29:21 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\vlc [2009/11/01 22:28:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\VideoLAN [2009/11/01 18:15:03 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2009/10/31 17:24:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Oblivion [2009/10/31 16:56:07 \| 00,000,000 \| RH-D \| C] -- C:\Users\Joe\AppData\Roaming\SecuROM [2009/10/31 16:55:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Oblivion [2009/10/30 08:20:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Tunatic [2009/10/29 18:37:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Yahoo! [2009/10/29 17:46:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Halo CE [2009/10/29 17:20:55 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\ImgBurn [2009/10/29 17:20:10 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\ImgBurn [2009/10/24 20:11:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\CurseClient [2009/10/24 20:11:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Curse [2009/10/22 18:34:34 \| 00,000,000 \| R--D \| C] -- C:\Users\Joe\Virtual Machines [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\zh-TW [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\zh-CN [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\tr-TR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\th-TH [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\sv-SE [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ru-RU [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ro-RO [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pt-PT [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pt-BR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pl-PL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\nl-NL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\nb-NO [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ko-KR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ja-JP [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\it-IT [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\hu-HU [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\he-IL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\fr-FR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\fi-FI [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\es-ES [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\el-GR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\de-DE [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\da-DK [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\cs-CZ [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ar-SA [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Windows Virtual PC [2009/10/22 18:23:58 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui [2009/10/22 18:23:58 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpchbus.sys.mui [2009/10/22 18:23:58 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,015,872 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui [2009/10/22 18:23:52 \| 00,014,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,187,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys [2009/10/22 18:23:51 \| 00,095,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui [2009/10/22 18:23:50 \| 02,262,016 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe [2009/10/22 18:23:50 \| 01,369,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe [2009/10/22 18:23:50 \| 00,793,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe [2009/10/22 18:23:50 \| 00,562,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll [2009/10/22 18:23:50 \| 00,359,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys [2009/10/22 18:23:50 \| 00,066,304 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys [2009/10/22 18:23:49 \| 04,513,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe [2009/10/22 18:23:49 \| 01,209,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe [2009/10/22 18:23:49 \| 00,936,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe [2009/10/22 18:22:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows XP Mode [2009/10/17 18:37:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Crysis [2009/10/17 18:15:58 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Documents\My Games [2009/10/17 18:08:56 \| 00,178,800 \| ---- \| C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2009/10/17 18:08:17 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2009/10/17 18:08:17 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2009/10/17 18:05:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Crysis WARHEAD [2009/10/17 18:04:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Downloaded Installations [2009/10/17 18:04:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\InstallShield [2009/10/17 15:42:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly [2009/10/17 15:26:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Empire Total War [2009/10/17 14:57:49 \| 14,629,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2009/10/17 14:57:48 \| 11,406,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009/10/17 14:57:47 \| 02,868,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2009/10/17 14:57:47 \| 02,613,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2009/10/17 14:57:47 \| 01,975,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2009/10/17 14:57:47 \| 01,320,960 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2009/10/17 14:57:47 \| 00,982,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys [2009/10/17 14:57:47 \| 00,366,080 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2009/10/17 14:57:47 \| 00,293,888 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2009/10/17 14:57:47 \| 00,148,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2009/10/17 14:57:47 \| 00,108,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2009/10/17 14:57:47 \| 00,100,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2009/10/17 14:57:47 \| 00,071,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2009/10/17 14:57:46 \| 12,625,920 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2009/10/17 14:57:46 \| 12,625,408 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009/10/17 14:57:37 \| 09,272,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2009/10/17 14:57:37 \| 05,958,656 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/17 14:57:37 \| 00,082,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/17 14:57:37 \| 00,064,512 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/17 14:10:13 \| 00,311,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2009/10/17 14:10:13 \| 00,257,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/17 11:43:09 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Stardock [2009/10/17 11:37:55 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Ironclad Games [2009/10/17 11:37:10 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26} [2009/10/17 11:37:10 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26} [2009/10/17 11:32:04 \| 00,000,000 \| ---D \| C] -- C:\Windows\Sins of a Solar Empire [2009/10/17 11:32:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Sins of a Solar Empire [2009/10/15 20:17:27 \| 00,046,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2009/10/15 20:17:27 \| 00,034,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/13 20:18:48 \| 01,835,008 \| -HS- \| M] () -- C:\Users\Joe\NTUSER.DAT [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2009/11/12 16:34:07 \| 00,013,440 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/12 16:34:07 \| 00,013,440 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/12 15:45:08 \| 00,713,888 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/12 15:45:08 \| 00,616,714 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/12 15:45:08 \| 00,104,078 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/10 21:27:07 \| 00,001,998 \| -H-- \| M] () -- C:\Users\Joe\Documents\Default.rdp [2009/11/10 16:17:20 \| 00,001,168 \| ---- \| M] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk [2009/11/09 12:51:42 \| 00,834,544 \| ---- \| M] () -- C:\Windows\SysNative\drivers\sptd.sys [2009/11/08 20:58:48 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/08 20:58:47 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/08 20:57:43 \| 53,571,9935 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/08 20:56:49 \| 03,772,004 \| -H-- \| M] () -- C:\Users\Joe\AppData\Local\IconCache.db [2009/11/08 16:31:36 \| 00,094,779 \| ---- \| M] () -- C:\Users\Joe\Desktop\Untitled1.wma [2009/11/08 13:07:33 \| 00,000,949 \| ---- \| M] () -- C:\Users\Joe\Desktop\Audacity.lnk [2009/11/07 19:46:05 \| 00,002,859 \| ---- \| M] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk [2009/11/05 22:21:16 \| 00,000,997 \| ---- \| M] () -- C:\Users\Public\Desktop\EasyTAG.lnk [2009/11/02 18:31:19 \| 00,039,600 \| ---- \| M] () -- C:\Windows\DIIUnin.dat [2009/11/02 18:26:21 \| 00,021,840 \| ---- \| M] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/11/02 18:26:21 \| 00,017,212 \| ---- \| M] () -- C:\Windows\SysWow64\SIntf32.dll [2009/11/02 18:26:21 \| 00,012,067 \| ---- \| M] () -- C:\Windows\SysWow64\SIntf16.dll [2009/11/02 18:20:02 \| 00,001,907 \| ---- \| M] () -- C:\Users\Public\Desktop\Diablo II.lnk [2009/11/02 18:19:59 \| 00,094,208 \| ---- \| M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2009/11/02 18:19:59 \| 00,002,829 \| ---- \| M] () -- C:\Windows\DIIUnin.pif [2009/11/01 22:29:05 \| 00,001,072 \| ---- \| M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2009/11/01 18:15:03 \| 00,002,099 \| ---- \| M] () -- C:\Users\Joe\Desktop\HijackThis.lnk [2009/11/01 18:02:57 \| 00,001,264 \| ---- \| M] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk [2009/10/31 22:15:54 \| 00,001,931 \| ---- \| M] () -- C:\Users\Public\Desktop\Oblivion.lnk [2009/10/31 14:36:03 \| 00,001,460 \| ---- \| M] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk [2009/10/30 08:20:41 \| 00,001,809 \| ---- \| M] () -- C:\Users\Joe\Desktop\Tunatic.lnk [2009/10/29 17:20:10 \| 00,001,871 \| ---- \| M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2009/10/22 18:48:20 \| 00,001,885 \| ---- \| M] () -- C:\Users\Joe\Desktop\Killing Floor.lnk [2009/10/19 19:56:31 \| 00,059,032 \| ---- \| M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/18 16:17:07 \| 00,001,714 \| ---- \| M] () -- C:\Users\Joe\Documents\stuff [2009/10/18 11:23:50 \| 00,275,752 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/17 18:41:31 \| 00,103,736 \| ---- \| M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/10/17 18:41:26 \| 00,669,184 \| ---- \| M] () -- C:\Windows\SysWow64\pbsvc.exe [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/10/17 18:40:16 \| 00,001,300 \| ---- \| M] () -- C:\Users\Public\Desktop\Crysis.lnk [2009/10/17 18:14:32 \| 00,007,597 \| ---- \| M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg [2009/10/17 18:08:56 \| 00,178,800 \| ---- \| M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2009/10/17 18:04:56 \| 00,000,662 \| ---- \| M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2009/10/17 11:32:41 \| 00,002,206 \| ---- \| M] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk [2009/10/16 09:34:08 \| 00,001,883 \| ---- \| M] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/10 16:17:20 \| 00,001,168 \| ---- \| C] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk [2009/11/08 16:31:36 \| 00,094,779 \| ---- \| C] () -- C:\Users\Joe\Desktop\Untitled1.wma [2009/11/08 13:07:33 \| 00,000,949 \| ---- \| C] () -- C:\Users\Joe\Desktop\Audacity.lnk [2009/11/07 19:46:05 \| 00,002,859 \| ---- \| C] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk [2009/11/05 22:21:16 \| 00,000,997 \| ---- \| C] () -- C:\Users\Public\Desktop\EasyTAG.lnk [2009/11/02 18:26:21 \| 00,021,840 \| ---- \| C] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/11/02 18:26:21 \| 00,017,212 \| ---- \| C] () -- C:\Windows\SysWow64\SIntf32.dll [2009/11/02 18:26:21 \| 00,012,067 \| ---- \| C] () -- C:\Windows\SysWow64\SIntf16.dll [2009/11/02 18:20:02 \| 00,039,600 \| ---- \| C] () -- C:\Windows\DIIUnin.dat [2009/11/02 18:20:02 \| 00,001,907 \| ---- \| C] () -- C:\Users\Public\Desktop\Diablo II.lnk [2009/11/02 18:19:59 \| 00,002,829 \| ---- \| C] () -- C:\Windows\DIIUnin.pif [2009/11/01 22:29:05 \| 00,001,072 \| ---- \| C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2009/11/01 18:15:03 \| 00,002,099 \| ---- \| C] () -- C:\Users\Joe\Desktop\HijackThis.lnk [2009/11/01 18:02:57 \| 00,001,264 \| ---- \| C] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk [2009/10/31 22:15:54 \| 00,001,931 \| ---- \| C] () -- C:\Users\Public\Desktop\Oblivion.lnk [2009/10/31 14:35:41 \| 00,001,460 \| ---- \| C] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk [2009/10/30 08:20:41 \| 00,001,809 \| ---- \| C] () -- C:\Users\Joe\Desktop\Tunatic.lnk [2009/10/29 17:20:10 \| 00,001,871 \| ---- \| C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2009/10/22 18:48:20 \| 00,001,885 \| ---- \| C] () -- C:\Users\Joe\Desktop\Killing Floor.lnk [2009/10/18 16:17:06 \| 00,001,714 \| ---- \| C] () -- C:\Users\Joe\Documents\stuff [2009/10/17 18:41:27 \| 00,103,736 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/10/17 18:41:26 \| 00,669,184 \| ---- \| C] () -- C:\Windows\SysWow64\pbsvc.exe [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/10/17 18:40:16 \| 00,001,300 \| ---- \| C] () -- C:\Users\Public\Desktop\Crysis.lnk [2009/10/17 18:04:56 \| 00,000,662 \| ---- \| C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2009/10/17 11:32:41 \| 00,002,206 \| ---- \| C] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk [2009/10/16 09:34:08 \| 00,001,883 \| ---- \| C] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk [2009/10/14 16:58:06 \| 00,041,872 \| ---- \| C] () -- C:\Windows\SysWow64\xfcodec.dll [2009/09/11 19:51:54 \| 03,772,004 \| -H-- \| C] () -- C:\Users\Joe\AppData\Local\IconCache.db [2009/09/11 19:51:13 \| 00,007,597 \| ---- \| C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg [2009/09/11 19:44:52 \| 00,059,032 \| ---- \| C] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/02 23:21:54 \| 00,197,912 \| ---- \| C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/02 23:21:52 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/02 23:21:52 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/13 22:32:39 \| 00,043,318 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009/07/13 22:32:39 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/13 22:32:39 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/13 22:32:39 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/13 21:54:24 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2009/07/13 19:34:57 \| 00,000,403 \| ---- \| C] () -- C:\Windows\win.ini [2009/07/13 19:34:57 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2009/07/13 16:42:10 \| 00,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 \| 00,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/11/29 08:13:12 \| 00,015,040 \| ---- \| C] () -- C:\Windows\SysWow64\uddriver.sys < End of report > extras.txt OTL Extras logfile created on: 11/13/2009 20:18:15 - Run 1 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 3.48 Gb Available Physical Memory \| 86.97% Memory free 4.00 Gb Paging File \| 3.24 Gb Available in Paging File \| 81.10% Paging File free Paging file location(s): c:\pagefile.sys 1024 6144 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 232.79 Gb Total Space \| 57.89 Gb Free Space \| 24.87% Space Free \| Partition Type: NTFS Drive D: \| 549.52 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive E: \| 186.31 Gb Total Space \| 35.87 Gb Free Space \| 19.25% Space Free \| Partition Type: NTFS Drive F: \| 931.51 Gb Total Space \| 124.31 Gb Free Space \| 13.35% Space Free \| Partition Type: NTFS Drive G: \| 149.05 Gb Total Space \| 28.83 Gb Free Space \| 19.34% Space Free \| Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOE-PC Current User Name: Joe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* File not found batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [EasyTAG] -- "C:\Program Files (x86)\EasyTAG\EasyTAG.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [EasyTAG] -- "C:\Program Files (x86)\EasyTAG\EasyTAG.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{228CE6A0-25FD-44CB-BDE0-98E817AD8809}" = MySQL Server 5.1 "{3705C708-1B8A-43A3-8E94-6BAB33A3384B}" = Logitech G-series Keyboard Software "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15 "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD® "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™ "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9) "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "Crysis WARHEAD®" = Crysis WARHEAD® "CurseClient" = Curse Client "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Diablo II" = Diablo II "EasyTAG_is1" = EasyTAG 2.1 "FileZilla Client" = FileZilla Client 3.2.7.1 "FileZilla Server" = FileZilla Server (remove only) "foobar2000" = foobar2000 v0.9.6.9 "Foxit Reader" = Foxit Reader "HijackThis" = HijackThis 2.0.2 "ImgBurn" = ImgBurn "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™ "IrfanView" = IrfanView (remove only) "Left 4 Dead" = Left 4 Dead "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Sins of a Solar Empire" = Sins of a Solar Empire "StarCraft" = StarCraft "StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only) "Steam App 1250" = Killing Floor "Steam App 320" = Half-Life 2: Deathmatch "Steam App 340" = Half-Life 2: Lost Coast "Steam App 410" = Portal: The First Slice "Steam App 440" = Team Fortress 2 "Steam App 590" = Left 4 Dead 2 Demo "Steam App 9890" = Champions Online: Bloodmoon Free Weekend "TeamViewer 4" = TeamViewer 4 "Trillian" = Trillian "Tunatic" = Tunatic "UltimateDefrag 2008" = UltimateDefrag 2008 "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "WinGimp-2.0_is1" = GIMP 2.6.7 "WinGTK-2_is1" = GTK+ 2.10.13 runtime environment "World of Warcraft" = World of Warcraft "Xfire" = Xfire (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "uTorrent" = µTorrent "Yahoo! BrowserPlus" = Yahoo! BrowserPlus ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/12/2009 21:14:04 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> Warning: DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.joe-bass.com] does not exist . Error - 11/12/2009 21:14:04 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> Warning: DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host2.joe-bass.com] does not exist . Error - 11/12/2009 21:14:04 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.110 for ServerName . Error - 11/12/2009 21:14:04 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> [Thu Nov 12 18:14:04 2009] [warn] NameVirtualHost :80 has no VirtualHosts . Error - 11/12/2009 21:18:18 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> Warning: DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.joe-bass.com] does not exist . Error - 11/12/2009 21:18:18 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> Warning: DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host2.joe-bass.com] does not exist . Error - 11/12/2009 21:18:18 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.110 for ServerName . Error - 11/12/2009 21:18:18 \| Computer Name = Joe-PC \| Source = Apache Service \| ID = 3299 Description = The Apache service named reported the following error: >>> [Thu Nov 12 18:18:18 2009] [warn] NameVirtualHost :80 has no VirtualHosts . Error - 11/12/2009 22:12:28 \| Computer Name = Joe-PC \| Source = Application Error \| ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16404, time stamp: 0x4a765771 Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp: 0x4a5be088 Exception code: 0xc000041d Fault offset: 0x000000000001c315 Faulting process id: 0xbfc Faulting application start time: 0x01ca60f107bc4bf0 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\USER32.dll Report Id: fd3d6880-cff9-11de-aa3d-0002720e55ef Error - 11/13/2009 3:30:47 \| Computer Name = Joe-PC \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for "c:\program files (x86)\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. [ System Events ] Error - 11/12/2009 18:41:49 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR10. Error - 11/12/2009 18:41:49 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR10. Error - 11/12/2009 18:41:50 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR10. Error - 11/12/2009 20:18:41 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR11. Error - 11/12/2009 20:18:42 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR11. Error - 11/12/2009 20:18:42 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR11. Error - 11/12/2009 20:18:43 \| Computer Name = Joe-PC \| Source = Disk \| ID = 262155 Description = The driver detected a controller error on \Device\Harddisk4\DR11. Error - 11/13/2009 10:23:49 \| Computer Name = Joe-PC \| Source = TermDD \| ID = 655416 Description = Error - 11/13/2009 11:44:20 \| Computer Name = Joe-PC \| Source = TermDD \| ID = 655416 Description = Error - 11/13/2009 12:48:29 \| Computer Name = Joe-PC \| Source = TermDD \| ID = 655416 Description = < End of report >

schrauber View Member Profile	Nov 14 2009, 08:47 AM Post #8
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Step 1 Click "start" on the taskbar and then click on the "Control Panel" icon. Please doubleclick the "Add or Remove Programs" icon A list of programs installed will be "populated" this may take a bit of time. If they exist, uninstall the following by clicking on the following entries and selecting "remove": Deamon Tools Toolbar Additional instructions can be found here if needed. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done. Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 14 2009, 01:51 PM Post #9
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	I have uninstalled daemon tools toolbar. Your MWB Alternate 1 link doesn't work. Yes, I am aware of the risks of P2P software, and I am certain that I was not infected via that. Malwarebytes' Anti-Malware 1.41 Database version: 3171 Windows 6.1.7600 11/14/2009 11:50:04 mbam-log-2009-11-14 (11-50-04).txt Scan type: Quick Scan Objects scanned: 84896 Time elapsed: 2 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Users\Joe\Desktop\BNetGatewayEditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully. Can there be any ill effects for leaving a PC on 24/7 (for like 20 days straight)?

schrauber View Member Profile	Nov 14 2009, 03:15 PM Post #10
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Hi, please post back with a fresh OTL-Logfile. How is your system running? QUOTE Can there be any ill effects for leaving a PC on 24/7 (for like 20 days straight)? As an example, server systems running everyday for years, so the only problem should be hardware-related, if you become any problems . -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 14 2009, 05:06 PM Post #11
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	OTL.txt OTL logfile created on: 11/14/2009 15:05:24 - Run 2 OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 4.00 Gb Total Physical Memory \| 4.00 Gb Available Physical Memory \| 100.00% Memory free 4.00 Gb Paging File \| 3.71 Gb Available in Paging File \| 92.63% Paging File free Paging file location(s): c:\pagefile.sys 1024 6144 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 232.79 Gb Total Space \| 44.99 Gb Free Space \| 19.33% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 186.31 Gb Total Space \| 35.33 Gb Free Space \| 18.96% Space Free \| Partition Type: NTFS Drive F: \| 931.51 Gb Total Space \| 114.56 Gb Free Space \| 12.30% Space Free \| Partition Type: NTFS Drive G: \| 149.05 Gb Total Space \| 28.83 Gb Free Space \| 19.34% Space Free \| Partition Type: NTFS Drive H: \| 549.52 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS I: Drive not present or media not loaded Computer Name: JOE-PC Current User Name: Joe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe PRC - [2009/11/06 08:35:41 \| 00,908,248 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/11/05 19:14:36 \| 03,152,272 \| ---- \| M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2009/11/05 19:14:36 \| 03,152,272 \| ---- \| M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2009/11/05 19:14:36 \| 03,152,272 \| ---- \| M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2009/11/05 19:14:36 \| 03,152,272 \| ---- \| M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2009/11/05 19:14:36 \| 03,152,272 \| ---- \| M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe PRC - [2009/11/05 00:00:00 \| 01,875,296 \| ---- \| M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2009/10/30 04:57:08 \| 00,369,200 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2009/10/30 04:57:08 \| 00,369,200 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009/10/07 05:50:26 \| 00,185,640 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009/09/27 16:48:00 \| 00,240,232 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009/09/12 11:39:47 \| 02,810,880 \| ---- \| M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe PRC - [2009/09/12 10:13:21 \| 00,288,048 \| ---- \| M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe PRC - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe PRC - [2009/09/06 07:26:04 \| 01,230,336 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/09/02 14:19:24 \| 25,626,408 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe PRC - [2009/08/06 12:51:30 \| 00,041,051 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe PRC - [2009/08/06 12:51:30 \| 00,041,051 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe PRC - [2009/07/25 02:23:12 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe PRC - [2009/07/14 11:51:44 \| 01,245,184 \| ---- \| M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/11/21 12:20:02 \| 00,014,640 \| ---- \| M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2006/03/06 08:15:42 \| 00,289,792 \| ---- \| M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe ========== Modules (SafeList) ========== MOD - [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe MOD - [2009/07/13 18:16:17 \| 01,123,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll MOD - [2009/07/13 18:16:17 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll MOD - [2009/07/13 18:16:15 \| 00,171,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll MOD - [2009/07/13 18:16:15 \| 00,043,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll MOD - [2009/07/13 18:14:57 \| 00,070,144 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll MOD - [2009/07/13 18:03:50 \| 01,680,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/12 04:40:50 \| 07,607,296 \| ---- \| M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL51) SRV:64bit: - [2009/07/13 18:41:59 \| 00,229,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:64bit: - [2009/07/13 18:41:56 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:64bit: - [2009/07/13 18:41:56 \| 00,195,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009/07/13 18:41:56 \| 00,163,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:64bit: - [2009/07/13 18:41:55 \| 00,044,544 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:64bit: - [2009/07/13 18:41:54 \| 00,065,536 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:64bit: - [2009/07/13 18:41:54 \| 00,029,184 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:64bit: - [2009/07/13 18:41:54 \| 00,017,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc) SRV:64bit: - [2009/07/13 18:41:53 \| 01,361,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,327,168 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,327,168 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:64bit: - [2009/07/13 18:41:53 \| 00,187,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:64bit: - [2009/07/13 18:41:53 \| 00,067,072 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:64bit: - [2009/07/13 18:41:53 \| 00,025,088 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:64bit: - [2009/07/13 18:41:27 \| 01,011,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:41:18 \| 00,231,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:64bit: - [2009/07/13 18:40:54 \| 01,127,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:64bit: - [2009/07/13 18:40:28 \| 00,314,368 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:64bit: - [2009/07/13 18:40:28 \| 00,291,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:64bit: - [2009/07/13 18:40:24 \| 00,689,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009/07/13 18:40:13 \| 00,083,968 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:64bit: - [2009/07/13 18:40:10 \| 00,100,864 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:64bit: - [2009/07/13 18:40:05 \| 00,114,688 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:64bit: - [2009/07/13 18:40:01 \| 00,193,536 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/13 18:40:01 \| 00,032,256 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:64bit: - [2009/07/13 18:39:56 \| 01,525,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV:64bit: - [2009/07/13 18:39:51 \| 01,503,744 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:64bit: - [2009/07/13 18:39:28 \| 03,524,608 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:64bit: - [2009/07/13 18:39:11 \| 00,689,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV - [2009/11/10 20:51:37 \| 00,320,760 \| ---- \| M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/10/29 12:27:56 \| 01,767,816 \| ---- \| M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/10/07 05:50:26 \| 00,185,640 \| ---- \| M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009/09/27 16:48:00 \| 00,240,232 \| ---- \| M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009/09/06 07:26:28 \| 00,729,088 \| ---- \| M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2009/08/06 12:50:52 \| 00,024,645 \| ---- \| M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2) SRV - [2009/07/26 06:43:14 \| 00,025,832 \| ---- \| M] (BioWare) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/07/13 20:20:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 20:20:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 18:39:09 \| 00,696,832 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2009/07/13 18:39:09 \| 00,127,488 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2009/07/13 18:16:12 \| 00,165,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 18:15:11 \| 00,253,440 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 13:30:11 \| 00,061,056 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/06/10 14:23:09 \| 00,066,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 13:39:58 \| 00,089,920 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/06/10 13:30:59 \| 00,042,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2009/06/10 13:30:45 \| 00,856,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2009/01/26 15:31:10 \| 01,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2005/04/03 23:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009/11/09 12:51:42 \| 00,834,544 \| ---- \| M] () -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/09/22 18:46:18 \| 00,066,304 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/22 18:46:17 \| 00,359,552 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/22 18:32:39 \| 00,095,232 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/22 18:32:33 \| 00,187,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/07/13 18:52:21 \| 00,106,576 \| ---- \| M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 18:52:21 \| 00,028,752 \| ---- \| M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 18:52:20 \| 00,194,128 \| ---- \| M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 \| 00,153,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg) DRV:64bit: - [2009/07/13 18:48:04 \| 00,065,600 \| ---- \| M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:48:04 \| 00,014,416 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy) DRV:64bit: - [2009/07/13 18:47:49 \| 00,055,376 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends) DRV:64bit: - [2009/07/13 18:47:48 \| 00,077,888 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 18:45:56 \| 00,022,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount) DRV:64bit: - [2009/07/13 18:45:55 \| 00,217,680 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp) DRV:64bit: - [2009/07/13 18:45:55 \| 00,200,272 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:64bit: - [2009/07/13 18:45:55 \| 00,046,672 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:64bit: - [2009/07/13 18:45:55 \| 00,036,432 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot) DRV:64bit: - [2009/07/13 18:45:55 \| 00,034,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:64bit: - [2009/07/13 18:45:55 \| 00,024,656 \| ---- \| M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:45:46 \| 00,214,096 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost) DRV:64bit: - [2009/07/13 18:45:45 \| 00,050,768 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw) DRV:64bit: - [2009/07/13 18:43:14 \| 00,460,504 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG) DRV:64bit: - [2009/07/13 18:43:13 \| 00,223,448 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol) DRV:64bit: - [2009/07/13 17:17:46 \| 00,024,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus) DRV:64bit: - [2009/07/13 17:16:35 \| 00,008,192 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP) DRV:64bit: - [2009/07/13 17:10:24 \| 00,060,416 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) DRV:64bit: - [2009/07/13 17:09:26 \| 00,012,800 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf) DRV:64bit: - [2009/07/13 17:08:13 \| 00,035,328 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap) DRV:64bit: - [2009/07/13 17:07:21 \| 00,024,576 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus) DRV:64bit: - [2009/07/13 17:07:13 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci) DRV:64bit: - [2009/07/13 17:07:00 \| 00,350,208 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService) DRV:64bit: - [2009/07/13 17:07:00 \| 00,118,784 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan) DRV:64bit: - [2009/07/13 17:06:57 \| 00,551,936 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT) DRV:64bit: - [2009/07/13 17:06:56 \| 00,158,720 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM) DRV:64bit: - [2009/07/13 17:06:53 \| 00,041,984 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum) DRV:64bit: - [2009/07/13 17:06:52 \| 00,079,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB) DRV:64bit: - [2009/07/13 17:06:52 \| 00,009,728 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass) DRV:64bit: - [2009/07/13 17:06:24 \| 00,008,192 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf) DRV:64bit: - [2009/07/13 17:05:37 \| 00,112,128 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf) DRV:64bit: - [2009/07/13 17:02:08 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig) DRV:64bit: - [2009/07/13 17:00:34 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2009/07/13 17:00:13 \| 00,006,656 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep) DRV:64bit: - [2009/07/13 16:52:39 \| 00,061,440 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID) DRV:64bit: - [2009/07/13 16:50:17 \| 00,029,696 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter) DRV:64bit: - [2009/07/13 16:42:58 \| 00,006,656 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:64bit: - [2009/07/13 16:42:44 \| 00,021,760 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:64bit: - [2009/07/13 16:37:18 \| 00,040,448 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache) DRV:64bit: - [2009/07/13 16:31:06 \| 00,026,624 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt) DRV:64bit: - [2009/07/13 16:31:03 \| 00,017,664 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt) DRV:64bit: - [2009/07/13 16:27:17 \| 00,012,288 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi) DRV:64bit: - [2009/07/13 16:24:27 \| 00,514,048 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009/07/13 16:19:25 \| 00,060,928 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM) DRV:64bit: - [2009/06/10 13:35:53 \| 00,051,712 \| ---- \| M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009/06/10 13:34:33 \| 03,286,016 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 \| 00,468,480 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 \| 00,270,848 \| ---- \| M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 \| 00,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/23 10:15:06 \| 00,033,856 \| -H-- \| M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006/11/20 11:00:02 \| 00,086,832 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2006/11/20 11:00:00 \| 00,095,024 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2006/11/20 10:59:56 \| 00,020,016 \| ---- \| M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV - [2009/09/11 22:20:45 \| 00,000,000 \| ---D \| M] -- C:\Windows\CSC -- (CSC) DRV - [2009/07/13 18:19:10 \| 00,019,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 18:16:02 \| 00,014,336 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS) DRV - [2009/06/10 14:28:14 \| 00,001,088 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009/06/10 14:15:18 \| 00,003,066 \| ---- \| M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2008/07/26 20:30:36 \| 00,014,544 \| ---- \| M] (OpenLibSys.org) -- C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 9F 6F 07 44 49 CA 01 [binary data] IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.tomshardware.com/us/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9 FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] [2009/09/12 05:43:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions [2009/09/12 05:43:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/11 19:18:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions [2009/11/11 19:18:13 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\dave2x@download [2009/09/12 05:44:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\foxmarks@kei.com [2009/09/13 18:56:36 \| 00,000,000 \| ---D \| M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\tabsopenrelative@jomel.me.uk [2009/10/10 10:29:10 \| 00,002,399 \| ---- \| M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\searchplugins\daemon-search.xml [2009/11/11 19:18:16 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/11/06 08:35:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/12 07:43:53 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/09/12 11:28:09 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/06 08:35:41 \| 00,023,512 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2009/11/06 08:35:41 \| 00,137,176 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2009/07/25 02:23:01 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll [2009/09/14 09:16:57 \| 00,072,960 \| ---- \| M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009/11/06 08:35:41 \| 00,064,984 \| ---- \| M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2009/08/24 11:45:46 \| 00,001,394 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/08/24 11:45:46 \| 00,002,193 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml [2009/08/24 11:45:46 \| 00,001,534 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml [2009/08/24 11:45:46 \| 00,002,344 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml [2009/08/24 11:45:46 \| 00,002,371 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml [2009/08/24 11:45:46 \| 00,001,178 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml [2009/08/24 11:45:46 \| 00,000,792 \| ---- \| M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/04/18 08:23:00 \| 00,000,041 \| R--- \| M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{019fb44f-b5c2-11de-9064-0002720e55ef}\Shell - "" = AutoRun O33 - MountPoints2\{019fb44f-b5c2-11de-9064-0002720e55ef}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- [2001/04/30 10:33:00 \| 00,032,768 \| R--- \| M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/14 13:30:20 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\COPYTOLAPTOP [2009/11/14 11:45:38 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes [2009/11/14 11:45:35 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009/11/14 11:45:34 \| 00,022,104 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009/11/14 11:45:34 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/14 11:45:34 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/11/14 11:45:34 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/11/14 11:39:21 \| 04,045,544 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\MySQL [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\MySQL [2009/11/12 13:38:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\MySQL [2009/11/12 10:00:53 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\pvpgn-1.8.5 [2009/11/10 16:17:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\TeamViewer [2009/11/10 16:15:46 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\TeamViewer [2009/11/10 16:15:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\temp [2009/11/09 12:51:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\DAEMON Tools Lite [2009/11/08 20:56:21 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysWow64\RTCOM [2009/11/08 20:56:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Realtek [2009/11/08 20:56:12 \| 01,992,352 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTKVHD64.sys [2009/11/08 20:56:12 \| 01,664,544 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2009/11/08 20:56:12 \| 01,422,368 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2009/11/08 20:56:12 \| 01,178,656 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2009/11/08 20:56:12 \| 00,611,872 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2009/11/08 20:56:12 \| 00,513,536 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2009/11/08 20:56:12 \| 00,436,768 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2009/11/08 20:56:12 \| 00,363,008 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/08 20:56:12 \| 00,332,320 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/08 20:56:12 \| 00,311,296 \| ---- \| C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2009/11/08 20:56:12 \| 00,304,640 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2009/11/08 20:56:12 \| 00,304,640 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2009/11/08 20:56:12 \| 00,294,400 \| ---- \| C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2009/11/08 20:56:12 \| 00,211,376 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2009/11/08 20:56:12 \| 00,198,656 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/08 20:56:12 \| 00,193,536 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2009/11/08 20:56:12 \| 00,166,400 \| ---- \| C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2009/11/08 20:56:12 \| 00,150,528 \| ---- \| C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2009/11/08 20:56:12 \| 00,149,536 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/08 20:56:12 \| 00,108,032 \| ---- \| C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2009/11/08 20:56:12 \| 00,095,744 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/08 20:56:12 \| 00,073,216 \| ---- \| C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/08 20:56:12 \| 00,064,544 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2009/11/08 20:56:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Realtek [2009/11/08 20:56:04 \| 00,000,000 \| -H-D \| C] -- C:\Program Files (x86)\Temp [2009/11/08 20:56:03 \| 00,831,488 \| ---- \| C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2009/11/08 20:42:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\LogMeIn Hamachi [2009/11/08 13:07:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Audacity [2009/11/08 13:02:27 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Still Alive [2009/11/05 22:21:17 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\.easytag [2009/11/05 22:21:15 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\EasyTAG [2009/11/05 22:20:33 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\GTK [2009/11/05 22:06:12 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\AlbumArt Extracter for Rockbox v2 [2009/11/05 21:46:28 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Copy to iPod [2009/11/04 17:25:38 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\BioWare [2009/11/04 17:25:38 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\BioWare [2009/11/04 17:23:29 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Documents\BioWare [2009/11/04 17:13:35 \| 00,000,000 \| ---D \| C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP [2009/11/04 17:13:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/11/04 17:13:31 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2009/11/04 17:06:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Dragon Age [2009/11/04 17:02:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\BioWare [2009/11/02 18:19:59 \| 00,094,208 \| ---- \| C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2009/11/02 18:12:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Diablo II [2009/11/01 22:29:21 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\vlc [2009/11/01 22:28:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\VideoLAN [2009/11/01 18:15:03 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009/11/01 18:02:54 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2009/10/31 17:24:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Oblivion [2009/10/31 16:56:07 \| 00,000,000 \| RH-D \| C] -- C:\Users\Joe\AppData\Roaming\SecuROM [2009/10/31 16:55:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Oblivion [2009/10/30 08:20:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Tunatic [2009/10/29 18:37:56 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Yahoo! [2009/10/29 17:46:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Desktop\Halo CE [2009/10/29 17:20:55 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\ImgBurn [2009/10/29 17:20:10 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\ImgBurn [2009/10/24 20:11:51 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\CurseClient [2009/10/24 20:11:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Curse [2009/10/22 18:34:34 \| 00,000,000 \| R--D \| C] -- C:\Users\Joe\Virtual Machines [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\zh-TW [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\zh-CN [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\tr-TR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\th-TH [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\sv-SE [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ru-RU [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ro-RO [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pt-PT [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pt-BR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\pl-PL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\nl-NL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\nb-NO [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ko-KR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ja-JP [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\it-IT [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\hu-HU [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\he-IL [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\fr-FR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\fi-FI [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\es-ES [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\el-GR [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\de-DE [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\da-DK [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\cs-CZ [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Windows\SysNative\drivers\ar-SA [2009/10/22 18:25:22 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Windows Virtual PC [2009/10/22 18:23:58 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui [2009/10/22 18:23:58 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpchbus.sys.mui [2009/10/22 18:23:58 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,003,072 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui [2009/10/22 18:23:57 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,015,872 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,003,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui [2009/10/22 18:23:56 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcusb.sys.mui [2009/10/22 18:23:54 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,560 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui [2009/10/22 18:23:53 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui [2009/10/22 18:23:52 \| 00,014,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,014,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,013,824 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui [2009/10/22 18:23:52 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,187,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys [2009/10/22 18:23:51 \| 00,095,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui [2009/10/22 18:23:51 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui [2009/10/22 18:23:50 \| 02,262,016 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe [2009/10/22 18:23:50 \| 01,369,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe [2009/10/22 18:23:50 \| 00,793,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe [2009/10/22 18:23:50 \| 00,562,176 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll [2009/10/22 18:23:50 \| 00,359,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys [2009/10/22 18:23:50 \| 00,066,304 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys [2009/10/22 18:23:49 \| 04,513,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe [2009/10/22 18:23:49 \| 01,209,856 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe [2009/10/22 18:23:49 \| 00,936,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe [2009/10/22 18:22:59 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows XP Mode [2009/10/17 18:37:27 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Crysis [2009/10/17 18:15:58 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\Documents\My Games [2009/10/17 18:08:56 \| 00,178,800 \| ---- \| C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2009/10/17 18:08:17 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2009/10/17 18:08:17 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2009/10/17 18:05:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Crysis WARHEAD [2009/10/17 18:04:43 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Downloaded Installations [2009/10/17 18:04:42 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\InstallShield [2009/10/17 15:42:48 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly [2009/10/17 15:26:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Empire Total War [2009/10/17 14:57:49 \| 14,629,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2009/10/17 14:57:48 \| 11,406,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009/10/17 14:57:47 \| 02,868,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2009/10/17 14:57:47 \| 02,613,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2009/10/17 14:57:47 \| 01,975,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2009/10/17 14:57:47 \| 01,320,960 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2009/10/17 14:57:47 \| 00,982,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys [2009/10/17 14:57:47 \| 00,366,080 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2009/10/17 14:57:47 \| 00,293,888 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2009/10/17 14:57:47 \| 00,148,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2009/10/17 14:57:47 \| 00,108,544 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2009/10/17 14:57:47 \| 00,100,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2009/10/17 14:57:47 \| 00,071,168 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2009/10/17 14:57:46 \| 12,625,920 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2009/10/17 14:57:46 \| 12,625,408 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009/10/17 14:57:37 \| 09,272,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2009/10/17 14:57:37 \| 05,958,656 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/17 14:57:37 \| 00,082,944 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/17 14:57:37 \| 00,064,512 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/17 14:10:13 \| 00,311,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2009/10/17 14:10:13 \| 00,257,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/17 11:43:09 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Stardock [2009/10/17 11:37:55 \| 00,000,000 \| ---D \| C] -- C:\Users\Joe\AppData\Local\Ironclad Games [2009/10/17 11:37:10 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26} [2009/10/17 11:37:10 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26} [2009/10/17 11:32:04 \| 00,000,000 \| ---D \| C] -- C:\Windows\Sins of a Solar Empire [2009/10/17 11:32:04 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Sins of a Solar Empire [2009/10/15 20:17:27 \| 00,046,592 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2009/10/15 20:17:27 \| 00,034,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/14 15:06:04 \| 01,835,008 \| -HS- \| M] () -- C:\Users\Joe\NTUSER.DAT [2009/11/14 12:01:45 \| 00,013,440 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/14 12:01:45 \| 00,013,440 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/14 11:58:45 \| 00,713,888 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/14 11:58:45 \| 00,616,714 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/14 11:58:45 \| 00,104,078 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/14 11:54:35 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/14 11:54:34 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/14 11:53:31 \| 53,571,9935 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/14 11:52:10 \| 03,767,912 \| -H-- \| M] () -- C:\Users\Joe\AppData\Local\IconCache.db [2009/11/14 11:51:47 \| 00,007,596 \| ---- \| M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg [2009/11/14 11:50:56 \| 00,001,330 \| ---- \| M] () -- C:\Users\Joe\Desktop\bc [2009/11/14 11:45:37 \| 00,001,015 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/14 11:41:53 \| 04,045,544 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe [2009/11/13 20:17:51 \| 00,529,408 \| ---- \| M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe [2009/11/10 21:27:07 \| 00,001,998 \| -H-- \| M] () -- C:\Users\Joe\Documents\Default.rdp [2009/11/10 16:17:20 \| 00,001,168 \| ---- \| M] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk [2009/11/09 12:51:42 \| 00,834,544 \| ---- \| M] () -- C:\Windows\SysNative\drivers\sptd.sys [2009/11/08 16:31:36 \| 00,094,779 \| ---- \| M] () -- C:\Users\Joe\Desktop\Untitled1.wma [2009/11/08 13:07:33 \| 00,000,949 \| ---- \| M] () -- C:\Users\Joe\Desktop\Audacity.lnk [2009/11/07 19:46:05 \| 00,002,859 \| ---- \| M] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk [2009/11/05 22:21:16 \| 00,000,997 \| ---- \| M] () -- C:\Users\Public\Desktop\EasyTAG.lnk [2009/11/05 19:14:42 \| 00,041,872 \| ---- \| M] () -- C:\Windows\SysWow64\xfcodec.dll [2009/11/05 19:14:42 \| 00,027,536 \| ---- \| M] () -- C:\Windows\SysNative\xfcodec64.dll [2009/11/02 18:31:19 \| 00,039,600 \| ---- \| M] () -- C:\Windows\DIIUnin.dat [2009/11/02 18:26:21 \| 00,021,840 \| ---- \| M] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/11/02 18:26:21 \| 00,017,212 \| ---- \| M] () -- C:\Windows\SysWow64\SIntf32.dll [2009/11/02 18:26:21 \| 00,012,067 \| ---- \| M] () -- C:\Windows\SysWow64\SIntf16.dll [2009/11/02 18:20:02 \| 00,001,907 \| ---- \| M] () -- C:\Users\Public\Desktop\Diablo II.lnk [2009/11/02 18:19:59 \| 00,094,208 \| ---- \| M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe [2009/11/02 18:19:59 \| 00,002,829 \| ---- \| M] () -- C:\Windows\DIIUnin.pif [2009/11/01 22:29:05 \| 00,001,072 \| ---- \| M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2009/11/01 18:15:03 \| 00,002,099 \| ---- \| M] () -- C:\Users\Joe\Desktop\HijackThis.lnk [2009/11/01 18:02:57 \| 00,001,264 \| ---- \| M] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk [2009/10/31 22:15:54 \| 00,001,931 \| ---- \| M] () -- C:\Users\Public\Desktop\Oblivion.lnk [2009/10/31 14:36:03 \| 00,001,460 \| ---- \| M] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk [2009/10/30 08:20:41 \| 00,001,809 \| ---- \| M] () -- C:\Users\Joe\Desktop\Tunatic.lnk [2009/10/29 17:20:10 \| 00,001,871 \| ---- \| M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2009/10/22 18:48:20 \| 00,001,885 \| ---- \| M] () -- C:\Users\Joe\Desktop\Killing Floor.lnk [2009/10/19 19:56:31 \| 00,059,032 \| ---- \| M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/18 16:17:07 \| 00,001,714 \| ---- \| M] () -- C:\Users\Joe\Documents\stuff [2009/10/18 11:23:50 \| 00,275,752 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/17 18:41:31 \| 00,103,736 \| ---- \| M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/10/17 18:41:26 \| 00,669,184 \| ---- \| M] () -- C:\Windows\SysWow64\pbsvc.exe [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/10/17 18:40:16 \| 00,001,300 \| ---- \| M] () -- C:\Users\Public\Desktop\Crysis.lnk [2009/10/17 18:08:56 \| 00,178,800 \| ---- \| M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2009/10/17 18:04:56 \| 00,000,662 \| ---- \| M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2009/10/17 11:32:41 \| 00,002,206 \| ---- \| M] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk [2009/10/16 09:34:08 \| 00,001,883 \| ---- \| M] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk [1 C:\Windows\.tmp files -> C:\Windows\.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/14 11:45:37 \| 00,001,015 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/14 11:36:42 \| 00,001,330 \| ---- \| C] () -- C:\Users\Joe\Desktop\bc [2009/11/10 16:17:20 \| 00,001,168 \| ---- \| C] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk [2009/11/08 16:31:36 \| 00,094,779 \| ---- \| C] () -- C:\Users\Joe\Desktop\Untitled1.wma [2009/11/08 13:07:33 \| 00,000,949 \| ---- \| C] () -- C:\Users\Joe\Desktop\Audacity.lnk [2009/11/07 19:46:05 \| 00,002,859 \| ---- \| C] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk [2009/11/05 22:21:16 \| 00,000,997 \| ---- \| C] () -- C:\Users\Public\Desktop\EasyTAG.lnk [2009/11/05 19:14:42 \| 00,041,872 \| ---- \| C] () -- C:\Windows\SysWow64\xfcodec.dll [2009/11/05 19:14:42 \| 00,027,536 \| ---- \| C] () -- C:\Windows\SysNative\xfcodec64.dll [2009/11/02 18:26:21 \| 00,021,840 \| ---- \| C] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/11/02 18:26:21 \| 00,017,212 \| ---- \| C] () -- C:\Windows\SysWow64\SIntf32.dll [2009/11/02 18:26:21 \| 00,012,067 \| ---- \| C] () -- C:\Windows\SysWow64\SIntf16.dll [2009/11/02 18:20:02 \| 00,039,600 \| ---- \| C] () -- C:\Windows\DIIUnin.dat [2009/11/02 18:20:02 \| 00,001,907 \| ---- \| C] () -- C:\Users\Public\Desktop\Diablo II.lnk [2009/11/02 18:19:59 \| 00,002,829 \| ---- \| C] () -- C:\Windows\DIIUnin.pif [2009/11/01 22:29:05 \| 00,001,072 \| ---- \| C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2009/11/01 18:15:03 \| 00,002,099 \| ---- \| C] () -- C:\Users\Joe\Desktop\HijackThis.lnk [2009/11/01 18:02:57 \| 00,001,264 \| ---- \| C] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk [2009/10/31 22:15:54 \| 00,001,931 \| ---- \| C] () -- C:\Users\Public\Desktop\Oblivion.lnk [2009/10/31 14:35:41 \| 00,001,460 \| ---- \| C] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk [2009/10/30 08:20:41 \| 00,001,809 \| ---- \| C] () -- C:\Users\Joe\Desktop\Tunatic.lnk [2009/10/29 17:20:10 \| 00,001,871 \| ---- \| C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2009/10/22 18:48:20 \| 00,001,885 \| ---- \| C] () -- C:\Users\Joe\Desktop\Killing Floor.lnk [2009/10/18 16:17:06 \| 00,001,714 \| ---- \| C] () -- C:\Users\Joe\Documents\stuff [2009/10/17 18:41:27 \| 00,103,736 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009/10/17 18:41:26 \| 00,669,184 \| ---- \| C] () -- C:\Windows\SysWow64\pbsvc.exe [2009/10/17 18:41:26 \| 00,066,872 \| ---- \| C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009/10/17 18:40:16 \| 00,001,300 \| ---- \| C] () -- C:\Users\Public\Desktop\Crysis.lnk [2009/10/17 18:04:56 \| 00,000,662 \| ---- \| C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2009/10/17 11:32:41 \| 00,002,206 \| ---- \| C] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk [2009/10/16 09:34:08 \| 00,001,883 \| ---- \| C] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk [2009/09/11 19:51:54 \| 03,767,912 \| -H-- \| C] () -- C:\Users\Joe\AppData\Local\IconCache.db [2009/09/11 19:51:13 \| 00,007,596 \| ---- \| C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg [2009/09/11 19:44:52 \| 00,059,032 \| ---- \| C] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT [2009/08/02 23:21:54 \| 00,197,912 \| ---- \| C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/02 23:21:54 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/02 23:21:52 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/02 23:21:52 \| 00,058,648 \| ---- \| C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/13 22:32:39 \| 00,043,318 \| ---- \| C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009/07/13 22:32:39 \| 00,029,779 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/13 22:32:39 \| 00,026,489 \| ---- \| C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/13 22:32:39 \| 00,026,040 \| ---- \| C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/13 21:54:24 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2009/07/13 19:34:57 \| 00,000,403 \| ---- \| C] () -- C:\Windows\win.ini [2009/07/13 19:34:57 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2009/07/13 16:42:10 \| 00,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 \| 00,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/11/29 08:13:12 \| 00,015,040 \| ---- \| C] () -- C:\Windows\SysWow64\uddriver.sys < End of report > Extras.text never opened?

schrauber View Member Profile	Nov 15 2009, 08:42 AM Post #12
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	How is your system running right now? -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 15 2009, 06:41 PM Post #13
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	Ok I guess. Just want to make sure everything's fine. Is there an easy way to make sure all of my drivers are up-to-date?

schrauber View Member Profile	Nov 16 2009, 03:40 PM Post #14
Mr.Mechanic Group: Malware Response Team Posts: 20,487 Joined: 3-May 08 From: Saarland,Germany Member No.: 206,858	Best way is to search by hand, that needs time, but you will have the newest drivers. I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt -------------------- regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you! Unavailable at mondays and thursdays! If I have helped you then please consider donating to continue the fight against malware

jab416171 View Member Profile	Nov 16 2009, 08:43 PM Post #15
Member Group: Members Posts: 72 Joined: 4-July 07 Member No.: 141,441	ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=0 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=6b5bff258abe70459929ca993caee457 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-17 01:41:34 # local_time=2009-11-16 06:41:34 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 379591 379591 0 0 # compatibility_mode=5893 16776574 100 94 4777231 9965544 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 29th July 2010 - 09:31 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides