proscan5.info

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

proscan5.info

#1 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 01 November 2009 - 08:15 PM

I just got this hxxp://joe-bass.com/popup.jpg and firefox just randomly opened up this tab hxxp://proscan5.info/25/26-088wLzQzL1EzL==

I wasn't doing anything at the time, I had firefox minimized, and the popup just appeared, and I noticed the firefox tab was open.
I am currently running a spybot scan. Please let me know of any further actions I should take.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:09, on 11/1/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Curse\CurseClient.exe
C:\Program Files (x86)\mirc\mirc.exe
C:\Users\Joe\Desktop\toolbox\realtemp\RealTemp.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{505667FC-1BB3-4DBD-AF13-34012DBDCCD0}: NameServer = 68.87.85.98,68.87.69.146
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8117 bytes

This post has been edited by Orange Blossom: 03 November 2009 - 12:16 AM
Reason for edit: Deactivate links. ~ OB

#2 sempai

noypi

Group: Malware Response Team
Posts: 4,831
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 08 November 2009 - 06:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

#3 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 09 November 2009 - 10:59 AM

I haven't done anything except run the spybot scan, which just removed some cookies. The problem hasn't popped up since, but I would still like to know if my PC is 100% clean. I will perform the steps when I get home in about 9 hours. I'm currently at school.

#4 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 11 November 2009 - 04:02 PM

Hello, jab416171
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image

button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

I am awaiting your logfiles

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#5 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 12 November 2009 - 09:14 PM

DDS (Ver_09-10-26.01) - NTFSX64
Run by Joe at 19:13:00.00 on Thu 11/12/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6143.3694 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\mirc\mirc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Users\Joe\Downloads\PvPGN-1.8.5-0-Win32-MySQL-5.1.31-BIN\pvpgn-1.8.5\d2dbsConsole.exe
C:\Windows\system32\perfmon.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
G:\procexp64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joe\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Desktop Software] "c:\program files (x86)\common files\supportsoft\bin\bcont.exe" /ini "c:\program files (x86)\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [FileZilla Server Interface] "c:\program files (x86)\filezilla server\FileZilla Server Interface.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\msi\star key bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\program files (x86)\apache software foundation\apache2.2\bin\ApacheMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {505667FC-1BB3-4DBD-AF13-34012DBDCCD0} = 68.87.85.98,68.87.69.146
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files (x86)\daemon tools toolbar\DTToolbar64.dll
mRun-x64: [(Default)]
mRun-x64: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\tx3gz40j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tomshardware.com/us/
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\joe\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys [2009-8-4 241696]
R1 vpcnfltr;Virtual PC Network Filter Driver;c:\windows\system32\drivers\vpcnfltr.sys [2009-10-22 66304]
R1 vpcvmm;Virtual PC Virtual Machine Monitor;c:\windows\system32\drivers\vpcvmm.sys [2009-10-22 359552]
R2 Apache2.2;Apache2.2;c:\program files (x86)\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2009-10-29 1767816]
R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-11-1 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 TeamViewer4;TeamViewer 4;c:\program files (x86)\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 vpcbus;Virtual PC Host Bus Service;c:\windows\system32\drivers\vpchbus.sys [2009-10-22 187904]
R3 vpcusb;USB Virtualization Connector Service;c:\windows\system32\drivers\vpcusb.sys [2009-10-22 95232]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-4 25832]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\joe\desktop\toolbox\realtemp\WinRing0x64.sys [2009-9-19 14544]

=============== Created Last 30 ================

2009-11-12 20:38:01 0 d-----w- c:\programdata\MySQL
2009-11-12 20:38:01 0 d-----w- c:\program files\MySQL
2009-11-10 23:17:18 0 d-----w- c:\program files (x86)\TeamViewer
2009-11-10 23:15:46 0 d-----w- c:\users\joe\appdata\roaming\TeamViewer
2009-11-10 23:15:43 0 d-----w- c:\users\joe\temp
2009-11-09 19:51:27 0 d-----w- c:\program files (x86)\DAEMON Tools Lite
2009-11-09 03:56:21 0 d-----w- c:\program files\Realtek
2009-11-09 03:56:12 0 d-----w- c:\program files (x86)\Realtek
2009-11-09 03:56:04 0 d--h--w- c:\program files (x86)\Temp
2009-11-09 03:42:17 0 d-----w- c:\program files (x86)\LogMeIn Hamachi
2009-11-08 20:07:32 0 d-----w- c:\program files (x86)\Audacity
2009-11-06 05:21:17 0 d-----w- c:\users\joe\appdata\roaming\.easytag
2009-11-06 05:21:15 0 d-----w- c:\program files (x86)\EasyTAG
2009-11-06 05:20:33 0 d-----w- c:\program files (x86)\common files\GTK
2009-11-05 00:25:38 0 d-----w- c:\programdata\BioWare
2009-11-05 00:13:35 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-11-05 00:13:31 0 d-----w- c:\programdata\Media Center Programs
2009-11-05 00:06:06 0 d-----w- c:\program files (x86)\Dragon Age
2009-11-05 00:02:24 0 d-----w- c:\program files (x86)\common files\BioWare
2009-11-03 01:26:21 21840 ----a-w- c:\windows\syswow64\SIntfNT.dll
2009-11-03 01:26:21 17212 ----a-w- c:\windows\syswow64\SIntf32.dll
2009-11-03 01:26:21 12067 ----a-w- c:\windows\syswow64\SIntf16.dll
2009-11-03 01:20:02 39600 ----a-w- c:\windows\DIIUnin.dat
2009-11-03 01:19:59 94208 ----a-w- c:\windows\DIIUnin.exe
2009-11-03 01:19:59 2829 ----a-w- c:\windows\DIIUnin.pif
2009-11-03 01:12:59 0 d-----w- c:\program files (x86)\Diablo II
2009-11-02 05:28:59 0 d-----w- c:\program files (x86)\VideoLAN
2009-11-02 01:15:03 0 d-----w- c:\program files (x86)\Trend Micro
2009-11-02 01:02:54 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-02 01:02:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-11-01 00:24:44 0 d-----w- c:\program files (x86)\Oblivion
2009-10-30 15:20:41 0 d-----w- c:\program files (x86)\Tunatic
2009-10-25 03:11:51 0 d-----w- c:\program files (x86)\Curse
2009-10-23 01:34:34 0 d-----r- c:\users\joe\Virtual Machines
2009-10-23 01:25:22 0 d-----w- c:\program files (x86)\Windows Virtual PC
2009-10-23 01:23:56 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-10-23 01:23:51 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-10-23 01:23:51 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-10-23 01:23:50 793600 ----a-w- c:\windows\syswow64\vmsal.exe
2009-10-23 01:23:50 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-10-23 01:23:50 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-10-23 01:23:50 359552 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-10-23 01:23:50 2262016 ----a-w- c:\windows\system32\VPCWizard.exe
2009-10-23 01:23:50 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2009-10-23 01:23:49 936448 ----a-w- c:\windows\system32\vmsal.exe
2009-10-23 01:23:49 4513792 ----a-w- c:\windows\system32\vpc.exe
2009-10-23 01:23:49 1209856 ----a-w- c:\windows\system32\VMWindow.exe
2009-10-23 01:22:59 0 d-----w- c:\program files\Windows XP Mode
2009-10-18 01:41:27 103736 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2009-10-18 01:41:26 669184 ----a-w- c:\windows\syswow64\pbsvc.exe
2009-10-18 01:41:26 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2009-10-18 01:37:27 0 d-----w- c:\program files (x86)\Crysis
2009-10-18 01:08:56 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2009-10-18 01:08:17 0 dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-10-18 01:05:57 0 d-----w- c:\program files (x86)\Crysis WARHEAD
2009-10-18 01:04:56 662 ----a-w- c:\windows\syswow64\ealregsnapshot1.reg
2009-10-17 22:42:48 0 d-----w- c:\users\joe\appdata\roaming\The Creative Assembly
2009-10-17 22:26:36 0 d-----w- c:\program files (x86)\Empire Total War
2009-10-17 21:10:13 311808 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-17 21:10:13 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-10-17 18:37:10 0 d--h--w- c:\programdata\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-10-17 18:32:04 0 d-----w- c:\windows\Sins of a Solar Empire
2009-10-17 18:32:04 0 d-----w- c:\program files (x86)\Sins of a Solar Empire
2009-10-16 03:17:27 46592 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 03:17:27 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-14 23:58:08 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2009-10-14 23:58:06 41872 ----a-w- c:\windows\syswow64\xfcodec.dll

==================== Find3M ====================

2009-11-09 19:51:42 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-10 10:01:48 150528 ----a-w- c:\windows\syswow64\TLBINF32.DLL
2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-28 01:23:00 4546152 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 01:23:00 3746920 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 01:23:00 289896 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 01:23:00 1647720 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 01:23:00 1646696 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-28 01:22:00 991848 ----a-w- c:\windows\system32\nvsvc64.dll
2009-09-28 01:22:00 82536 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 01:22:00 5426792 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 01:22:00 5208168 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 01:22:00 383592 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-28 01:22:00 16666728 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-28 00:24:22 3778664 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-23 16:42:58 33856 ---ha-w- c:\windows\system32\hamachi.sys
2009-09-05 05:56:23 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-09-05 05:56:22 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll
2009-09-01 01:32:58 1422368 ----a-w- c:\windows\system32\RtPgEx64.dll
2009-09-01 01:32:42 436768 ----a-w- c:\windows\system32\RtkApi64.dll
2009-09-01 01:32:42 1664544 ----a-w- c:\windows\system32\RtkAPO64.dll
2009-09-01 01:32:42 1178656 ----a-w- c:\windows\system32\RTCOM64.dll
2009-09-01 01:32:30 64544 ----a-w- c:\windows\system32\RCoInst64.dll
2009-09-01 01:32:06 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2009-09-01 01:32:06 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll
2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-08-21 02:49:12 294400 ----a-w- c:\windows\system32\FMAPO64.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:13:34.77 ===============

#6 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 13 November 2009 - 01:45 PM

Hi,

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#7 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 13 November 2009 - 10:21 PM

OTL.txt

OTL logfile created on: 11/13/2009 20:18:15 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 86.97% Memory free
4.00 Gb Paging File | 3.24 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): c:\pagefile.sys 1024 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 57.89 Gb Free Space | 24.87% Space Free | Partition Type: NTFS
Drive D: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 186.31 Gb Total Space | 35.87 Gb Free Space | 19.25% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 124.31 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 28.83 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2009/11/10 20:51:37 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2009/11/06 08:35:41 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/05 00:00:00 | 01,875,296 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2009/10/26 05:54:03 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/07 06:04:44 | 03,872,552 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe
PRC - [2009/10/07 05:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/14 09:16:57 | 09,239,808 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009/09/14 09:16:57 | 09,239,808 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009/09/14 09:16:57 | 09,239,808 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009/09/14 09:16:57 | 09,239,808 | ---- | M] (Foxit Software) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 10:13:21 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/09/06 07:26:04 | 01,230,336 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/08/07 12:20:53 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Program Files (x86)\Warcraft III\war3.exe
PRC - [2009/08/06 12:51:30 | 00,041,051 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/07/25 02:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/02/26 23:22:34 | 02,418,176 | ---- | M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe
PRC - [2009/02/26 23:22:34 | 02,418,176 | ---- | M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe
PRC - [2009/02/26 23:22:34 | 02,418,176 | ---- | M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe
PRC - [2009/02/26 23:22:34 | 02,418,176 | ---- | M] () -- C:\Program Files (x86)\pvpgn-1.8.5\PvPGN.exe
PRC - [2009/02/02 17:32:24 | 00,974,848 | ---- | M] (Octopussy) -- C:\Users\Joe\Desktop\BNetGatewayEditor.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/03/06 08:15:42 | 00,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
PRC - [2006/03/06 08:15:42 | 00,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe

========== Modules (SafeList) ==========

MOD - [2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2009/07/13 18:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/07/13 18:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/13 18:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/13 18:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/13 18:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/13 18:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/12 04:40:50 | 07,607,296 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL51)
SRV:64bit: - [2009/07/13 18:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:54 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2009/11/10 20:51:37 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/29 12:27:56 | 01,767,816 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/07 05:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 18:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 18:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 14:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 13:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 13:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 13:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/09 12:51:42 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/22 18:46:18 | 00,066,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 00,359,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:33 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 18:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 18:48:04 | 00,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 00,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 18:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 17:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 17:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 17:07:00 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan)
DRV:64bit: - [2009/07/13 17:06:57 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 17:06:56 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM)
DRV:64bit: - [2009/07/13 17:06:53 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 17:06:52 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 17:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 13:35:53 | 00,051,712 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 13:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/23 10:15:06 | 00,033,856 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/20 11:00:02 | 00,086,832 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/20 11:00:00 | 00,095,024 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/20 10:59:56 | 00,020,016 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/11 22:20:45 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 18:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/07/26 20:30:36 | 00,014,544 | ---- | M] (OpenLibSys.org) -- C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 9F 6F 07 44 49 CA 01 [binary data]
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.tomshardware.com/us/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 08:35:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 08:35:42 | 00,000,000 | ---D | M]

[2009/09/12 05:43:55 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2009/09/12 05:43:55 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:18:16 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions
[2009/11/11 19:18:13 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\dave2x@download
[2009/09/12 05:44:35 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\foxmarks@kei.com
[2009/09/13 18:56:36 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\tabsopenrelative@jomel.me.uk
[2009/10/10 10:29:10 | 00,002,399 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\searchplugins\daemon-search.xml
[2009/11/11 19:18:16 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 08:35:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/12 07:43:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/12 11:28:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 08:35:41 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 08:35:41 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/25 02:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/14 09:16:57 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/06 08:35:41 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/04/18 08:23:00 | 00,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eefc1607-9f5b-11de-a546-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eefc1607-9f5b-11de-a546-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001/04/30 10:33:00 | 00,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/13 20:17:51 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2009/11/13 19:55:48 | 00,974,848 | ---- | C] (Octopussy) -- C:\Users\Joe\Desktop\BNetGatewayEditor.exe
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\Program Files\MySQL
[2009/11/12 10:00:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\pvpgn-1.8.5
[2009/11/10 16:17:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2009/11/10 16:15:46 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\TeamViewer
[2009/11/10 16:15:43 | 00,000,000 | ---D | C] -- C:\Users\Joe\temp
[2009/11/09 12:51:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/08 20:56:21 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/11/08 20:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/11/08 20:56:12 | 01,992,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTKVHD64.sys
[2009/11/08 20:56:12 | 01,664,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2009/11/08 20:56:12 | 01,422,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2009/11/08 20:56:12 | 01,178,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2009/11/08 20:56:12 | 00,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2009/11/08 20:56:12 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2009/11/08 20:56:12 | 00,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2009/11/08 20:56:12 | 00,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2009/11/08 20:56:12 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2009/11/08 20:56:12 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2009/11/08 20:56:12 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2009/11/08 20:56:12 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2009/11/08 20:56:12 | 00,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2009/11/08 20:56:12 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2009/11/08 20:56:12 | 00,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2009/11/08 20:56:12 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2009/11/08 20:56:12 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2009/11/08 20:56:12 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2009/11/08 20:56:12 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2009/11/08 20:56:12 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2009/11/08 20:56:12 | 00,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2009/11/08 20:56:12 | 00,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2009/11/08 20:56:12 | 00,064,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2009/11/08 20:56:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2009/11/08 20:56:04 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2009/11/08 20:56:03 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/11/08 20:42:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2009/11/08 13:07:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2009/11/08 13:02:27 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Still Alive
[2009/11/05 22:21:17 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\.easytag
[2009/11/05 22:21:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EasyTAG
[2009/11/05 22:20:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GTK
[2009/11/05 22:06:12 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\AlbumArt Extracter for Rockbox v2
[2009/11/05 21:46:28 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Copy to iPod
[2009/11/04 17:25:38 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/04 17:25:38 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/04 17:23:29 | 00,000,000 | ---D | C] -- C:\Users\Joe\Documents\BioWare
[2009/11/04 17:13:35 | 00,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2009/11/04 17:13:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/04 17:13:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/04 17:06:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2009/11/04 17:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2009/11/02 18:19:59 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/11/02 18:12:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2009/11/01 22:29:21 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\vlc
[2009/11/01 22:28:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/11/01 18:15:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/31 17:24:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion
[2009/10/31 16:56:07 | 00,000,000 | RH-D | C] -- C:\Users\Joe\AppData\Roaming\SecuROM
[2009/10/31 16:55:51 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Oblivion
[2009/10/30 08:20:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tunatic
[2009/10/29 18:37:56 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Yahoo!
[2009/10/29 17:46:48 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Halo CE
[2009/10/29 17:20:55 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ImgBurn
[2009/10/29 17:20:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2009/10/24 20:11:51 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\CurseClient
[2009/10/24 20:11:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Curse
[2009/10/22 18:34:34 | 00,000,000 | R--D | C] -- C:\Users\Joe\Virtual Machines
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2009/10/22 18:23:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2009/10/22 18:23:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpchbus.sys.mui
[2009/10/22 18:23:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2009/10/22 18:23:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2009/10/22 18:23:51 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2009/10/22 18:23:50 | 02,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2009/10/22 18:23:50 | 01,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2009/10/22 18:23:50 | 00,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2009/10/22 18:23:50 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2009/10/22 18:23:50 | 00,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2009/10/22 18:23:50 | 00,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2009/10/22 18:23:49 | 04,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2009/10/22 18:23:49 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2009/10/22 18:23:49 | 00,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2009/10/22 18:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2009/10/17 18:37:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Crysis
[2009/10/17 18:15:58 | 00,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Games
[2009/10/17 18:08:56 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/17 18:08:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/10/17 18:08:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/10/17 18:05:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Crysis WARHEAD
[2009/10/17 18:04:43 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Downloaded Installations
[2009/10/17 18:04:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/10/17 15:42:48 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly
[2009/10/17 15:26:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Total War
[2009/10/17 14:57:49 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/17 14:57:48 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/17 14:57:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/17 14:57:47 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009/10/17 14:57:47 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009/10/17 14:57:47 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009/10/17 14:57:47 | 00,982,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/17 14:57:47 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/10/17 14:57:47 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/10/17 14:57:47 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/10/17 14:57:47 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/10/17 14:57:47 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/10/17 14:57:47 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/10/17 14:57:46 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/17 14:57:46 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/17 14:57:37 | 09,272,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/17 14:57:37 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/17 14:57:37 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/17 14:57:37 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/17 14:10:13 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/17 14:10:13 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/17 11:43:09 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Stardock
[2009/10/17 11:37:55 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Ironclad Games
[2009/10/17 11:37:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/10/17 11:37:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/10/17 11:32:04 | 00,000,000 | ---D | C] -- C:\Windows\Sins of a Solar Empire
[2009/10/17 11:32:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sins of a Solar Empire
[2009/10/15 20:17:27 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/15 20:17:27 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/13 20:18:48 | 01,835,008 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT
[2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2009/11/12 16:34:07 | 00,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 16:34:07 | 00,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 15:45:08 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/12 15:45:08 | 00,616,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/12 15:45:08 | 00,104,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/10 21:27:07 | 00,001,998 | -H-- | M] () -- C:\Users\Joe\Documents\Default.rdp
[2009/11/10 16:17:20 | 00,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/11/09 12:51:42 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/11/08 20:58:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/08 20:58:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/08 20:57:43 | 53,571,9935 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/08 20:56:49 | 03,772,004 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2009/11/08 16:31:36 | 00,094,779 | ---- | M] () -- C:\Users\Joe\Desktop\Untitled1.wma
[2009/11/08 13:07:33 | 00,000,949 | ---- | M] () -- C:\Users\Joe\Desktop\Audacity.lnk
[2009/11/07 19:46:05 | 00,002,859 | ---- | M] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk
[2009/11/05 22:21:16 | 00,000,997 | ---- | M] () -- C:\Users\Public\Desktop\EasyTAG.lnk
[2009/11/02 18:31:19 | 00,039,600 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2009/11/02 18:26:21 | 00,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/11/02 18:26:21 | 00,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/11/02 18:26:21 | 00,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/11/02 18:20:02 | 00,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/11/02 18:19:59 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/11/02 18:19:59 | 00,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2009/11/01 22:29:05 | 00,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/11/01 18:15:03 | 00,002,099 | ---- | M] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/11/01 18:02:57 | 00,001,264 | ---- | M] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 22:15:54 | 00,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2009/10/31 14:36:03 | 00,001,460 | ---- | M] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk
[2009/10/30 08:20:41 | 00,001,809 | ---- | M] () -- C:\Users\Joe\Desktop\Tunatic.lnk
[2009/10/29 17:20:10 | 00,001,871 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 18:48:20 | 00,001,885 | ---- | M] () -- C:\Users\Joe\Desktop\Killing Floor.lnk
[2009/10/19 19:56:31 | 00,059,032 | ---- | M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/18 16:17:07 | 00,001,714 | ---- | M] () -- C:\Users\Joe\Documents\stuff
[2009/10/18 11:23:50 | 00,275,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/17 18:41:31 | 00,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/17 18:41:26 | 00,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/17 18:40:16 | 00,001,300 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2009/10/17 18:14:32 | 00,007,597 | ---- | M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2009/10/17 18:08:56 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/17 18:04:56 | 00,000,662 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2009/10/17 11:32:41 | 00,002,206 | ---- | M] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk
[2009/10/16 09:34:08 | 00,001,883 | ---- | M] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/10 16:17:20 | 00,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/11/08 16:31:36 | 00,094,779 | ---- | C] () -- C:\Users\Joe\Desktop\Untitled1.wma
[2009/11/08 13:07:33 | 00,000,949 | ---- | C] () -- C:\Users\Joe\Desktop\Audacity.lnk
[2009/11/07 19:46:05 | 00,002,859 | ---- | C] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk
[2009/11/05 22:21:16 | 00,000,997 | ---- | C] () -- C:\Users\Public\Desktop\EasyTAG.lnk
[2009/11/02 18:26:21 | 00,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/11/02 18:26:21 | 00,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/11/02 18:26:21 | 00,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/11/02 18:20:02 | 00,039,600 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/11/02 18:20:02 | 00,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/11/02 18:19:59 | 00,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2009/11/01 22:29:05 | 00,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/11/01 18:15:03 | 00,002,099 | ---- | C] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/11/01 18:02:57 | 00,001,264 | ---- | C] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 22:15:54 | 00,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2009/10/31 14:35:41 | 00,001,460 | ---- | C] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk
[2009/10/30 08:20:41 | 00,001,809 | ---- | C] () -- C:\Users\Joe\Desktop\Tunatic.lnk
[2009/10/29 17:20:10 | 00,001,871 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 18:48:20 | 00,001,885 | ---- | C] () -- C:\Users\Joe\Desktop\Killing Floor.lnk
[2009/10/18 16:17:06 | 00,001,714 | ---- | C] () -- C:\Users\Joe\Documents\stuff
[2009/10/17 18:41:27 | 00,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/17 18:41:26 | 00,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/17 18:41:26 | 00,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/17 18:40:16 | 00,001,300 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2009/10/17 18:04:56 | 00,000,662 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2009/10/17 11:32:41 | 00,002,206 | ---- | C] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk
[2009/10/16 09:34:08 | 00,001,883 | ---- | C] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk
[2009/10/14 16:58:06 | 00,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/09/11 19:51:54 | 03,772,004 | -H-- | C] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2009/09/11 19:51:13 | 00,007,597 | ---- | C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2009/09/11 19:44:52 | 00,059,032 | ---- | C] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 23:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 22:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/13 19:34:57 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009/07/13 19:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 16:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/29 08:13:12 | 00,015,040 | ---- | C] () -- C:\Windows\SysWow64\uddriver.sys
< End of report >

extras.txt

OTL Extras logfile created on: 11/13/2009 20:18:15 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 86.97% Memory free
4.00 Gb Paging File | 3.24 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): c:\pagefile.sys 1024 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 57.89 Gb Free Space | 24.87% Space Free | Partition Type: NTFS
Drive D: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 186.31 Gb Total Space | 35.87 Gb Free Space | 19.25% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 124.31 Gb Free Space | 13.35% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 28.83 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [EasyTAG] -- "C:\Program Files (x86)\EasyTAG\EasyTAG.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [EasyTAG] -- "C:\Program Files (x86)\EasyTAG\EasyTAG.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{228CE6A0-25FD-44CB-BDE0-98E817AD8809}" = MySQL Server 5.1
"{3705C708-1B8A-43A3-8E94-6BAB33A3384B}" = Logitech G-series Keyboard Software
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.13
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Crysis WARHEAD®" = Crysis WARHEAD®
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo II" = Diablo II
"EasyTAG_is1" = EasyTAG 2.1
"FileZilla Client" = FileZilla Client 3.2.7.1
"FileZilla Server" = FileZilla Server (remove only)
"foobar2000" = foobar2000 v0.9.6.9
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"IrfanView" = IrfanView (remove only)
"Left 4 Dead" = Left 4 Dead
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"StarCraft" = StarCraft
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Steam App 1250" = Killing Floor
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 410" = Portal: The First Slice
"Steam App 440" = Team Fortress 2
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 9890" = Champions Online: Bloodmoon Free Weekend
"TeamViewer 4" = TeamViewer 4
"Trillian" = Trillian
"Tunatic" = Tunatic
"UltimateDefrag 2008" = UltimateDefrag 2008
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2009 21:14:04 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Warning:
DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.joe-bass.com]
does not exist .

Error - 11/12/2009 21:14:04 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Warning:
DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host2.joe-bass.com]
does not exist .

Error - 11/12/2009 21:14:04 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.1.110
for ServerName .

Error - 11/12/2009 21:14:04 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Thu Nov
12 18:14:04 2009] [warn] NameVirtualHost *:80 has no VirtualHosts .

Error - 11/12/2009 21:18:18 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Warning:
DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.joe-bass.com]
does not exist .

Error - 11/12/2009 21:18:18 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Warning:
DocumentRoot [C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host2.joe-bass.com]
does not exist .

Error - 11/12/2009 21:18:18 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.1.110
for ServerName .

Error - 11/12/2009 21:18:18 | Computer Name = Joe-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Thu Nov
12 18:18:18 2009] [warn] NameVirtualHost *:80 has no VirtualHosts .

Error - 11/12/2009 22:12:28 | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: USER32.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be088 Exception code: 0xc000041d Fault offset: 0x000000000001c315
Faulting
process id: 0xbfc Faulting application start time: 0x01ca60f107bc4bf0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\USER32.dll
Report
Id: fd3d6880-cff9-11de-aa3d-0002720e55ef

Error - 11/13/2009 3:30:47 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 11/12/2009 18:41:49 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR10.

Error - 11/12/2009 18:41:49 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR10.

Error - 11/12/2009 18:41:50 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR10.

Error - 11/12/2009 20:18:41 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR11.

Error - 11/12/2009 20:18:42 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR11.

Error - 11/12/2009 20:18:42 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR11.

Error - 11/12/2009 20:18:43 | Computer Name = Joe-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR11.

Error - 11/13/2009 10:23:49 | Computer Name = Joe-PC | Source = TermDD | ID = 655416
Description =

Error - 11/13/2009 11:44:20 | Computer Name = Joe-PC | Source = TermDD | ID = 655416
Description =

Error - 11/13/2009 12:48:29 | Computer Name = Joe-PC | Source = TermDD | ID = 655416
Description =

< End of report >

#8 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 14 November 2009 - 08:47 AM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step 1

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Deamon Tools Toolbar

Additional instructions can be found here if needed.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#9 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 14 November 2009 - 01:51 PM

I have uninstalled daemon tools toolbar.

Your MWB Alternate 1 link doesn't work.

Yes, I am aware of the risks of P2P software, and I am certain that I was not infected via that.

Malwarebytes' Anti-Malware 1.41
Database version: 3171
Windows 6.1.7600

11/14/2009 11:50:04
mbam-log-2009-11-14 (11-50-04).txt

Scan type: Quick Scan
Objects scanned: 84896
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joe\Desktop\BNetGatewayEditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully.

Can there be any ill effects for leaving a PC on 24/7 (for like 20 days straight)?

#10 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 14 November 2009 - 03:15 PM

Hi,

please post back with a fresh OTL-Logfile. How is your system running?

Quote

Can there be any ill effects for leaving a PC on 24/7 (for like 20 days straight)?

As an example, server systems running everyday for years, so the only problem should be hardware-related, if you become any problems

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#11 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 14 November 2009 - 05:06 PM

OTL.txt

OTL logfile created on: 11/14/2009 15:05:24 - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Joe\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.71 Gb Available in Paging File | 92.63% Paging File free
Paging file location(s): c:\pagefile.sys 1024 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 44.99 Gb Free Space | 19.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 186.31 Gb Total Space | 35.33 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 114.56 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 28.83 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
Drive H: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: JOE-PC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2009/11/06 08:35:41 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/05 19:14:36 | 03,152,272 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2009/11/05 19:14:36 | 03,152,272 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2009/11/05 19:14:36 | 03,152,272 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2009/11/05 19:14:36 | 03,152,272 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2009/11/05 19:14:36 | 03,152,272 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2009/11/05 00:00:00 | 01,875,296 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2009/10/30 04:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/30 04:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/07 05:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/12 11:39:47 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mirc\mirc.exe
PRC - [2009/09/12 10:13:21 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
PRC - [2009/09/06 07:26:04 | 01,230,336 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:19:24 | 25,626,408 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009/08/06 12:51:30 | 00,041,051 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2009/08/06 12:51:30 | 00,041,051 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
PRC - [2009/07/25 02:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/07/14 11:51:44 | 01,245,184 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/11/21 12:20:02 | 00,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2006/03/06 08:15:42 | 00,289,792 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe

========== Modules (SafeList) ==========

MOD - [2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2009/07/13 18:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2009/07/13 18:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009/07/13 18:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2009/07/13 18:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2009/07/13 18:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/07/13 18:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/12 04:40:50 | 07,607,296 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL51)
SRV:64bit: - [2009/07/13 18:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:54 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2009/11/10 20:51:37 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/29 12:27:56 | 01,767,816 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/07 05:50:26 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/06 07:26:28 | 00,729,088 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/08/06 12:50:52 | 00,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2009/07/13 18:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 18:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 14:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 13:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 13:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 13:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/09 12:51:42 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/22 18:46:18 | 00,066,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 00,359,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:33 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 18:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 18:48:04 | 00,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 00,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 18:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 17:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/13 17:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 17:07:00 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan)
DRV:64bit: - [2009/07/13 17:06:57 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/13 17:06:56 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM)
DRV:64bit: - [2009/07/13 17:06:53 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/13 17:06:52 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/13 17:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 16:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 13:35:53 | 00,051,712 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 13:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/23 10:15:06 | 00,033,856 | -H-- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/20 11:00:02 | 00,086,832 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/20 11:00:00 | 00,095,024 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/20 10:59:56 | 00,020,016 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/11 22:20:45 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 18:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008/07/26 20:30:36 | 00,014,544 | ---- | M] (OpenLibSys.org) -- C:\Users\Joe\Desktop\toolbox\realtemp\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 9F 6F 07 44 49 CA 01 [binary data]
IE - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\S-1-5-21-4174676936-2142736387-3720375477-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.tomshardware.com/us/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: tabsopenrelative@jomel.me.uk:0.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 08:35:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 08:35:42 | 00,000,000 | ---D | M]

[2009/09/12 05:43:55 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2009/09/12 05:43:55 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/11 19:18:16 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions
[2009/11/11 19:18:13 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\dave2x@download
[2009/09/12 05:44:35 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\foxmarks@kei.com
[2009/09/13 18:56:36 | 00,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\extensions\tabsopenrelative@jomel.me.uk
[2009/10/10 10:29:10 | 00,002,399 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\tx3gz40j.default\searchplugins\daemon-search.xml
[2009/11/11 19:18:16 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 08:35:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/12 07:43:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/12 11:28:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 08:35:41 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 08:35:41 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/25 02:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/14 09:16:57 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/06 08:35:41 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\G-series Software\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4174676936-2142736387-3720375477-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/04/18 08:23:00 | 00,000,041 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{019fb44f-b5c2-11de-9064-0002720e55ef}\Shell - "" = AutoRun
O33 - MountPoints2\{019fb44f-b5c2-11de-9064-0002720e55ef}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- [2001/04/30 10:33:00 | 00,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/14 13:30:20 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\COPYTOLAPTOP
[2009/11/14 11:45:38 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
[2009/11/14 11:45:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/14 11:45:34 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/14 11:45:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/14 11:45:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/14 11:45:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/14 11:39:21 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe
[2009/11/13 20:17:51 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2009/11/12 13:38:01 | 00,000,000 | ---D | C] -- C:\Program Files\MySQL
[2009/11/12 10:00:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\pvpgn-1.8.5
[2009/11/10 16:17:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2009/11/10 16:15:46 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\TeamViewer
[2009/11/10 16:15:43 | 00,000,000 | ---D | C] -- C:\Users\Joe\temp
[2009/11/09 12:51:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/08 20:56:21 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/11/08 20:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/11/08 20:56:12 | 01,992,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTKVHD64.sys
[2009/11/08 20:56:12 | 01,664,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2009/11/08 20:56:12 | 01,422,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2009/11/08 20:56:12 | 01,178,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2009/11/08 20:56:12 | 00,611,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2009/11/08 20:56:12 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2009/11/08 20:56:12 | 00,436,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2009/11/08 20:56:12 | 00,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2009/11/08 20:56:12 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2009/11/08 20:56:12 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2009/11/08 20:56:12 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2009/11/08 20:56:12 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2009/11/08 20:56:12 | 00,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2009/11/08 20:56:12 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2009/11/08 20:56:12 | 00,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2009/11/08 20:56:12 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2009/11/08 20:56:12 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2009/11/08 20:56:12 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2009/11/08 20:56:12 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2009/11/08 20:56:12 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2009/11/08 20:56:12 | 00,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2009/11/08 20:56:12 | 00,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2009/11/08 20:56:12 | 00,064,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2009/11/08 20:56:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2009/11/08 20:56:04 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2009/11/08 20:56:03 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/11/08 20:42:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2009/11/08 13:07:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2009/11/08 13:02:27 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Still Alive
[2009/11/05 22:21:17 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\.easytag
[2009/11/05 22:21:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EasyTAG
[2009/11/05 22:20:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GTK
[2009/11/05 22:06:12 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\AlbumArt Extracter for Rockbox v2
[2009/11/05 21:46:28 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Copy to iPod
[2009/11/04 17:25:38 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/04 17:25:38 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2009/11/04 17:23:29 | 00,000,000 | ---D | C] -- C:\Users\Joe\Documents\BioWare
[2009/11/04 17:13:35 | 00,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2009/11/04 17:13:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/04 17:13:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/11/04 17:06:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2009/11/04 17:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2009/11/02 18:19:59 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/11/02 18:12:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2009/11/01 22:29:21 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\vlc
[2009/11/01 22:28:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/11/01 18:15:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/01 18:02:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/10/31 17:24:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion
[2009/10/31 16:56:07 | 00,000,000 | RH-D | C] -- C:\Users\Joe\AppData\Roaming\SecuROM
[2009/10/31 16:55:51 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Oblivion
[2009/10/30 08:20:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tunatic
[2009/10/29 18:37:56 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Yahoo!
[2009/10/29 17:46:48 | 00,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Halo CE
[2009/10/29 17:20:55 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ImgBurn
[2009/10/29 17:20:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2009/10/24 20:11:51 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\CurseClient
[2009/10/24 20:11:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Curse
[2009/10/22 18:34:34 | 00,000,000 | R--D | C] -- C:\Users\Joe\Virtual Machines
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2009/10/22 18:25:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2009/10/22 18:23:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2009/10/22 18:23:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpchbus.sys.mui
[2009/10/22 18:23:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2009/10/22 18:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2009/10/22 18:23:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcusb.sys.mui
[2009/10/22 18:23:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2009/10/22 18:23:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2009/10/22 18:23:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2009/10/22 18:23:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2009/10/22 18:23:51 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2009/10/22 18:23:51 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2009/10/22 18:23:50 | 02,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2009/10/22 18:23:50 | 01,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2009/10/22 18:23:50 | 00,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2009/10/22 18:23:50 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2009/10/22 18:23:50 | 00,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2009/10/22 18:23:50 | 00,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2009/10/22 18:23:49 | 04,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2009/10/22 18:23:49 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2009/10/22 18:23:49 | 00,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2009/10/22 18:22:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2009/10/17 18:37:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Crysis
[2009/10/17 18:15:58 | 00,000,000 | ---D | C] -- C:\Users\Joe\Documents\My Games
[2009/10/17 18:08:56 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/17 18:08:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/10/17 18:08:17 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/10/17 18:05:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Crysis WARHEAD
[2009/10/17 18:04:43 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Downloaded Installations
[2009/10/17 18:04:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/10/17 15:42:48 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly
[2009/10/17 15:26:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Total War
[2009/10/17 14:57:49 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/10/17 14:57:48 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/17 14:57:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/17 14:57:47 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009/10/17 14:57:47 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009/10/17 14:57:47 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009/10/17 14:57:47 | 00,982,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/10/17 14:57:47 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/10/17 14:57:47 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/10/17 14:57:47 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/10/17 14:57:47 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/10/17 14:57:47 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/10/17 14:57:47 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/10/17 14:57:46 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/10/17 14:57:46 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/17 14:57:37 | 09,272,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/10/17 14:57:37 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/17 14:57:37 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/17 14:57:37 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/17 14:10:13 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/10/17 14:10:13 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/17 11:43:09 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Stardock
[2009/10/17 11:37:55 | 00,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Ironclad Games
[2009/10/17 11:37:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/10/17 11:37:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/10/17 11:32:04 | 00,000,000 | ---D | C] -- C:\Windows\Sins of a Solar Empire
[2009/10/17 11:32:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sins of a Solar Empire
[2009/10/15 20:17:27 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2009/10/15 20:17:27 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/14 15:06:04 | 01,835,008 | -HS- | M] () -- C:\Users\Joe\NTUSER.DAT
[2009/11/14 12:01:45 | 00,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/14 12:01:45 | 00,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/14 11:58:45 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/14 11:58:45 | 00,616,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/14 11:58:45 | 00,104,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/14 11:54:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/14 11:54:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/14 11:53:31 | 53,571,9935 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/14 11:52:10 | 03,767,912 | -H-- | M] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2009/11/14 11:51:47 | 00,007,596 | ---- | M] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2009/11/14 11:50:56 | 00,001,330 | ---- | M] () -- C:\Users\Joe\Desktop\bc
[2009/11/14 11:45:37 | 00,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 11:41:53 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joe\Desktop\mbam-setup.exe
[2009/11/13 20:17:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2009/11/10 21:27:07 | 00,001,998 | -H-- | M] () -- C:\Users\Joe\Documents\Default.rdp
[2009/11/10 16:17:20 | 00,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/11/09 12:51:42 | 00,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/11/08 16:31:36 | 00,094,779 | ---- | M] () -- C:\Users\Joe\Desktop\Untitled1.wma
[2009/11/08 13:07:33 | 00,000,949 | ---- | M] () -- C:\Users\Joe\Desktop\Audacity.lnk
[2009/11/07 19:46:05 | 00,002,859 | ---- | M] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk
[2009/11/05 22:21:16 | 00,000,997 | ---- | M] () -- C:\Users\Public\Desktop\EasyTAG.lnk
[2009/11/05 19:14:42 | 00,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/11/05 19:14:42 | 00,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2009/11/02 18:31:19 | 00,039,600 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2009/11/02 18:26:21 | 00,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/11/02 18:26:21 | 00,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/11/02 18:26:21 | 00,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/11/02 18:20:02 | 00,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/11/02 18:19:59 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2009/11/02 18:19:59 | 00,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2009/11/01 22:29:05 | 00,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/11/01 18:15:03 | 00,002,099 | ---- | M] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/11/01 18:02:57 | 00,001,264 | ---- | M] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 22:15:54 | 00,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2009/10/31 14:36:03 | 00,001,460 | ---- | M] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk
[2009/10/30 08:20:41 | 00,001,809 | ---- | M] () -- C:\Users\Joe\Desktop\Tunatic.lnk
[2009/10/29 17:20:10 | 00,001,871 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 18:48:20 | 00,001,885 | ---- | M] () -- C:\Users\Joe\Desktop\Killing Floor.lnk
[2009/10/19 19:56:31 | 00,059,032 | ---- | M] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/18 16:17:07 | 00,001,714 | ---- | M] () -- C:\Users\Joe\Documents\stuff
[2009/10/18 11:23:50 | 00,275,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/17 18:41:31 | 00,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/17 18:41:26 | 00,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/17 18:41:26 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/17 18:40:16 | 00,001,300 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2009/10/17 18:08:56 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/10/17 18:04:56 | 00,000,662 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2009/10/17 11:32:41 | 00,002,206 | ---- | M] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk
[2009/10/16 09:34:08 | 00,001,883 | ---- | M] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/14 11:45:37 | 00,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 11:36:42 | 00,001,330 | ---- | C] () -- C:\Users\Joe\Desktop\bc
[2009/11/10 16:17:20 | 00,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 4.lnk
[2009/11/08 16:31:36 | 00,094,779 | ---- | C] () -- C:\Users\Joe\Desktop\Untitled1.wma
[2009/11/08 13:07:33 | 00,000,949 | ---- | C] () -- C:\Users\Joe\Desktop\Audacity.lnk
[2009/11/07 19:46:05 | 00,002,859 | ---- | C] () -- C:\Users\Joe\Desktop\StealthBot Launcher.lnk
[2009/11/05 22:21:16 | 00,000,997 | ---- | C] () -- C:\Users\Public\Desktop\EasyTAG.lnk
[2009/11/05 19:14:42 | 00,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2009/11/05 19:14:42 | 00,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009/11/02 18:26:21 | 00,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/11/02 18:26:21 | 00,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/11/02 18:26:21 | 00,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/11/02 18:20:02 | 00,039,600 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/11/02 18:20:02 | 00,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2009/11/02 18:19:59 | 00,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2009/11/01 22:29:05 | 00,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/11/01 18:15:03 | 00,002,099 | ---- | C] () -- C:\Users\Joe\Desktop\HijackThis.lnk
[2009/11/01 18:02:57 | 00,001,264 | ---- | C] () -- C:\Users\Joe\Desktop\Spybot - Search & Destroy.lnk
[2009/10/31 22:15:54 | 00,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2009/10/31 14:35:41 | 00,001,460 | ---- | C] () -- C:\Users\Joe\Desktop\war3.exe - Shortcut.lnk
[2009/10/30 08:20:41 | 00,001,809 | ---- | C] () -- C:\Users\Joe\Desktop\Tunatic.lnk
[2009/10/29 17:20:10 | 00,001,871 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/10/22 18:48:20 | 00,001,885 | ---- | C] () -- C:\Users\Joe\Desktop\Killing Floor.lnk
[2009/10/18 16:17:06 | 00,001,714 | ---- | C] () -- C:\Users\Joe\Documents\stuff
[2009/10/17 18:41:27 | 00,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/17 18:41:26 | 00,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/17 18:41:26 | 00,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/17 18:40:16 | 00,001,300 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2009/10/17 18:04:56 | 00,000,662 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2009/10/17 11:32:41 | 00,002,206 | ---- | C] () -- C:\Users\Joe\Desktop\Sins of a Solar Empire Entrenchment.lnk
[2009/10/16 09:34:08 | 00,001,883 | ---- | C] () -- C:\Users\Joe\Desktop\Team Fortress 2.lnk
[2009/09/11 19:51:54 | 03,767,912 | -H-- | C] () -- C:\Users\Joe\AppData\Local\IconCache.db
[2009/09/11 19:51:13 | 00,007,596 | ---- | C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2009/09/11 19:44:52 | 00,059,032 | ---- | C] () -- C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/02 23:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 22:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/13 22:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/13 19:34:57 | 00,000,403 | ---- | C] () -- C:\Windows\win.ini
[2009/07/13 19:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 16:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/11/29 08:13:12 | 00,015,040 | ---- | C] () -- C:\Windows\SysWow64\uddriver.sys
< End of report >

Extras.text never opened?

#12 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 15 November 2009 - 08:42 AM

How is your system running right now?

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#13 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 15 November 2009 - 06:41 PM

Ok I guess.
Just want to make sure everything's fine.
Is there an easy way to make sure all of my drivers are up-to-date?

#14 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 16 November 2009 - 03:40 PM

Best way is to search by hand, that needs time, but you will have the newest drivers.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#15 jab416171

Member

Group: Members
Posts: 87
Joined: 04-July 07

Posted 16 November 2009 - 08:43 PM

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6b5bff258abe70459929ca993caee457
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-17 01:41:34
# local_time=2009-11-16 06:41:34 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 379591 379591 0 0
# compatibility_mode=5893 16776574 100 94 4777231 9965544 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0