Google/Browser Redirect Virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Google/Browser Redirect Virus

#1 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 01 December 2011 - 10:57 AM

I really need help here. This is my second encounter with the slightly infamous Browser/Google Redirect virus, the first time I was forced to reformat to fix it and for certain reasons that's simply not an option this time. I've tried the following and all have failed:

Advanced System Care 5
CCleaner
TDSSKiller
IOBit Malware Fighter
Disabling Javascript in Firefox

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller attempting to use this as a guide has also failed up to the area i'm comfortable doing.

Examples of the places i'm being redirected (Not sure if it helps):
hxxp://www.theclickcheck.com/?sub=46732120&rm=aHR0cDovLzIuNTAzNjYwNDcuYW1wbmV0d29yay5uZXQ%3D&pub=10154&cid=1824875156&ds=aHR0cDovL3d3dy55ZWxsb3dwYWdlcy5jb20vbm9nZW8vUGh5c2ljaWFucy1TdXJnZW9ucz9mcm9t%0APVNFTVBTX2FtcF9ud19QaHlzaWNpYW5zX1N1cmdlb25zXzE4MjQ4NzUxNTY%3D

hxxp://the-consumer-reporter.org/jobs3/?from=US_1_113594_5_${SUBID

My Computer specs:
Windows 7 Home Premium
Manufacturer: Acer
Model: Aspire 5532
Rating: 3.0
Processor: AMD Athlon™ Processor TF-20 1.60 GHz
Installed memory (RAM): 3.00 GB (2.75 GB usable)
System type: 64-bit Operating System

And the HijackThis report;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:39 AM, on 12/1/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Users\KS\AppData\Roaming\B8983\832FC.exe
C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\KS\Downloads\HijackThis.exe

R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
F3 - REG:win.ini: load=C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: Community Smart Bar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll (file missing)
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8638 bytes

Any help you can provide at this point would be a godsend, i'm at my wit's end. Thanks in advance.

This post has been edited by Orange Blossom: 01 December 2011 - 02:28 PM
Reason for edit: Deactivated links. ~ OB

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 02 December 2011 - 03:12 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTS Scan
Download OTS to your Desktop

Double-click on OTS.exe to start the program. Make sure you close all other programs.
Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 03 December 2011 - 07:50 AM

The wait time is no trouble ^^. I understand that if it looks like a thousand lines of complete gibberish to me it must take a long time to sift through and eat into much of your personal free time. Thanks so much for taking the time out of your day to help me with my virus problem ^^.

Here's the log you requested from the program OTS, downloaded from the link you gave me:

OTS logfile created on: 12/3/2011 7:41:04 AM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\KS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 38.90 Gb Free Space | 28.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: UNERRINGPC
Current User Name: KS
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:03 | 000,646,144 | ---- | M] (OldTimer Tools)
lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
ascservice.exe -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
imfsrv.exe -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -> [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit)
bchelper.exe -> C:\Program Files (x86)\BrowserCompanion\BCHelper.exe -> [2011/08/08 09:15:46 | 000,182,576 | ---- | M] (Blabbers Communications LTD)
mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 12:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.)
updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer)
greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Modules - No Company Name]
lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
sqlite3.dll -> C:\Program Files (x86)\BrowserCompanion\sqlite3.dll -> [2011/08/07 06:54:44 | 000,362,029 | ---- | M] ()
mswsock.dll -> \\.\globalroot\systemroot\syswow64\mswsock.dll -> [2009/07/13 20:15:51 | 000,232,448 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(ePowerSvc)  [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD)
64bit-(Updater Service)  [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer)
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -> [2011/11/17 20:24:37 | 003,313,752 | ---- | M] ()
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2011/11/14 18:04:51 | 003,767,240 | ---- | M] (INCA Internet Co., Ltd.)
(AdvancedSystemCareService5) Advanced SystemCare Service 5 [Auto | Running] -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
(IMFservice) IMF Service [Auto | Running] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -> [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit)
(Hamachi2Svc) LogMeIn Hamachi Tunneling Engine [Auto | Running] -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -> [2011/08/04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 12:18:54 | 000,311,592 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Driver Services - Safe List]
64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | M] (DT Soft Ltd)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(SmartDefragDriver) SmartDefragDriver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/02/23 15:50:14 | 000,018,232 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.)
64bit-(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/16 06:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions)
64bit-(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Apfiltr.sys -> [2009/06/15 05:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices)
64bit-(ScreamBAudioSvc) ScreamBee Audio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -> [2009/03/27 13:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC)
64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.)
64bit-(VCSVADHWSer) Avnex Virtual Audio Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vcsvad.sys -> [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex)
(FileMonitor) FileMonitor [File_System | Disabled | Stopped] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -> [2011/10/08 17:04:08 | 000,020,336 | ---- | M] ()
(UrlFilter) UrlFilter [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -> [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com)
(RegFilter) RegFilter [Kernel | On_Demand | Running] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -> [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mystart.incredimail.com/mb59?u=92823160855208439 -> 
HKEY_CURRENT_USER\: Main\\"Start Page Restore" -> http://dragonnest.nexon.net/ -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: SearchURL\\"Default" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{90eee664-34b1-422a-a782-779af65cdf6d}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:52404 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\KS\AppData\Roaming\Mozilla\FireFox\Profiles\4ls7dpgo.default\prefs.js -> 
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 52404 ->
network.proxy.type -> 1 ->
< FireFox Settings [User.js] > -> C:\Users\KS\AppData\Roaming\Mozilla\FireFox\Profiles\4ls7dpgo.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\5.0.1449.0\FIREFOX] -> [2011/09/06 11:14:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2011/09/07 02:01:10 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/11/11 00:51:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011/11/20 02:08:03 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\KS\AppData\Roaming\mozilla\Extensions -> [2011/11/23 04:37:31 | 000,000,000 | ---D | M]
  -> C:\Users\KS\AppData\Roaming\mozilla\Firefox\Profiles\4ls7dpgo.default\extensions -> [2011/11/24 16:19:53 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/11/11 00:51:33 | 000,000,000 | ---D | M]
Skype Click to Call   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} -> [2011/10/08 11:03:50 | 000,000,000 | ---D | M]
Hosts file not found -> -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00cbb66b-1d3b-46d3-9577-323a336acb50} [HKLM] -> C:\Program Files (x86)\BrowserCompanion\jsloader.dll [Browser Companion Helper] -> [2011/07/21 05:10:40 | 000,225,584 | ---- | M] ( )
{963B125B-8B21-49A2-A3A8-E37092276531} [HKLM] -> C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll [Browser Companion Helper Verifier] -> [2011/07/21 05:10:54 | 000,141,104 | ---- | M] ( )
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [Bing Bar BHO] -> [2010/04/27 15:39:36 | 000,550,744 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100] -> [2010/04/27 15:39:36 | 000,550,744 | ---- | M] (Microsoft Corporation)
"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/05 23:30:58 | 000,828,960 | ---- | M] (Acer Incorporated)
"mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 12:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/28 08:14:20 | 007,982,112 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Browser companion helper" -> C:\Program Files (x86)\BrowserCompanion\BCHelper.exe [C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3] -> [2011/08/08 09:15:46 | 000,182,576 | ---- | M] (Blabbers Communications LTD)
"IObit Malware Fighter" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ["C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart] -> [2011/10/08 17:34:22 | 004,441,944 | ---- | M] (IObit)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"622.exe" -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe [C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe] -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
"Advanced SystemCare 5" -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe ["C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart] -> [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit)
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
*MultiFile Done* -> -> 
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
*MultiFile Done* -> -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"HideSCAHealth" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Free YouTube Download ->  [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm] -> File not found
Free YouTube to MP3 Converter ->  [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm] -> File not found
Google Sidewiki... ->  [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4814 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{25B43BE2-156C-41BE-82C5-21FD7D02B0DA}\\DhcpNameServer -> 143.88.8.100 143.88.8.101   (Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)) -> 
{AA02F30D-1924-4DAE-AACC-A30072CA068D}\\DhcpNameServer -> 192.168.1.1   (Atheros AR5B93 Wireless Network Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klartew -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll -> [2011/11/29 17:45:51 | 000,011,264 | ---- | M] ()
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{06EBF9FB-5866-4B26-9B70-2CDC793C5690} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{0E0E447F-892C-46F7-AB23-824C266257C5} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{192489A9-CDD8-4153-A9A7-83448670E9B6} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{6829750B-E963-4C52-9F59-A8F74D5B5730} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{858319DB-E1A9-4667-AB9F-0424BEE8FB84} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{B8A71CAB-394C-48AF-94D6-42F7693F7EA3} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{BA04D7B7-D67E-497A-A0C0-B6CE79DF1D03} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{BD645CF1-AF28-4EE6-8A50-51DE28C564D6} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{C62DE62D-E4A2-4CB9-9E4E-AFEE95A9B730} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{E32065B6-7EEC-4C00-AB67-52671B157E94} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | 
{E90B1C92-F8FB-46D5-8A86-0FE847515362} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{FA3A0EBE-1403-4626-AC79-112C80283E17} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{00D49416-52AC-4542-9A65-6F025E6E4B45} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{012A94B9-5DC4-497D-A493-D250F107FC90} -> profile=private | protocol=17 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | 
{151A96DE-291D-4BA1-B415-40388E87868C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{172844EB-A516-47A0-A790-28CC228C6495} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{1D4C47E7-4BD5-48B1-A57E-101A37276B66} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{28D196AB-7C2D-4A17-8FDF-CDE2F1DF8009} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{2976E300-F7C0-48F7-A792-61D6A9CE3A17} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{2A5BF73D-A994-4A5D-A234-018D16972E50} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{2EBE566A-3E75-4EFF-913D-E988AE7F455E} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{31BF55BC-4FFD-4884-8A9B-4611D4118392} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{393F48A2-D596-46C3-9D0A-0AF21AD0CBDC} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{3B446CDF-A1B0-496E-8310-DF3331CD407C} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{41AE4D63-4DB8-4A05-B98C-A709F2715BC7} -> profile=public | protocol=17 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{47CF0354-EFB7-4BAD-8AEE-B3A0D8D98051} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
{4C8CD7AA-5008-4302-9DB5-CFB49F783C5F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{635CFCC9-133E-4699-94A0-82EEE0230D7E} -> dir=out | action=block | name=voicemorph | app=%programfiles% (x86)\av vcs 7.0 diamond\vcscore.exe | 
{65771DDD-0B2B-43BD-8054-AAE42D8EB84F} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{67882914-383D-4941-87F0-00DA732ADCF7} -> dir=in | action=allow | name=acer arcade deluxe | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
{7AB3FA7F-DFA6-4DAE-B068-6C939ECBE0D3} -> dir=in | action=allow | name=acer play movie resident program | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
{7CD82FB5-7FEE-42AF-8778-2AF6881409D3} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{7F9BF6C1-87C1-4E49-8545-1CA7813AF92C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{826F980C-29A9-439D-AD43-13406704ED12} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{8331ECE7-351D-4FBE-A6D5-8517AD46C62D} -> profile=public | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{83A3728A-EC70-43E0-89B3-5008E0452F69} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{884E7AF8-DAF8-4BA4-962A-E90B75725176} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{88BFE2C3-C328-4B06-A0EC-152E03348F57} -> profile=public | protocol=17 | dir=in | action=block | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
{8936C921-7B2B-4829-BFC4-9194BD6F426A} -> profile=public | protocol=17 | dir=in | action=block | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
{8A136641-B8B4-4C74-BA5E-3C147E1C361D} -> profile=public | protocol=6 | dir=in | action=block | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
{9388070E-4A77-4FB4-9011-16F4515C5EEB} -> profile=private | protocol=6 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{95611BA9-2CA4-4B60-A4B1-6C16CF1AF56D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{95FE41E7-4F68-40F7-A752-9EE61531DEB9} -> profile=private | protocol=17 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{A19B6CFE-0D6C-49D3-8362-E7C2FAB89349} -> profile=public | protocol=6 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
{AA690D43-98D5-4401-8B2B-6127F00B4E84} -> profile=public | protocol=17 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
{AD27C6F4-9994-4C03-8A0B-A4135792345B} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B1816B0E-F3F4-4A30-BA57-893C579F0416} -> profile=public | protocol=17 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
{B23CEE74-8D84-4121-9213-C91B944739FE} -> profile=public | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{BC308456-99F8-4F8A-AF60-1F4A62536846} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{CCD77D5B-DABA-43E6-A993-33295C56E323} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{D214E35D-2973-4586-BF7B-56B9600516D7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D2423D9D-09F2-4098-8C2B-6C9EA58991C9} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{D9927512-7BDE-45BE-AD6F-D8EEC3FEA838} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{DA6D6252-992B-4BBE-AADD-6BBD4A5711D5} -> profile=private | protocol=6 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | 
{DE018E67-F20F-4C82-BED7-5E1C5C6B40F8} -> dir=in | action=allow | name=acer homemedia | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
{DF318281-100E-492C-978F-EE976922EB88} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{E1F685F4-C9C7-46F8-85B1-89A9E22B8705} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{E61B4D61-FEE7-4076-94A4-2383DF4DF441} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{E98460D2-B7C8-4E7A-933A-991BCDD33010} -> dir=in | action=allow | name=acer play movie | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
{EFA45400-286D-4EB3-80A7-CDCC0DDDB9FB} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
{F055B670-78B9-4C70-BCF0-264B24239590} -> profile=public | protocol=6 | dir=in | action=block | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
{F2D00EEE-6C58-47DB-9875-904FC581D84D} -> profile=public | protocol=6 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{F4AB3727-A6E3-44B1-A0F6-971923FCD775} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{F5727B86-7898-432A-B384-54AAE912039E} -> profile=public | protocol=6 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
{FCCCC01E-AF19-4584-B6CF-8180E77BFFE0} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
TCP Query User{645DA46F-3B3D-4FCB-9FFE-7E5B5E0F0C1C}C:\users\ks\desktop\common\touhou12.3\th123.exe -> profile=private | protocol=6 | dir=in | action=allow | name=th123.exe | app=c:\users\ks\desktop\common\touhou12.3\th123.exe | 
TCP Query User{ABBC2C42-D175-4271-A792-5274C90F6451}C:\program files (x86)\byond\bin\byond.exe -> profile=private | protocol=6 | dir=in | action=allow | name=byond | app=c:\program files (x86)\byond\bin\byond.exe | 
TCP Query User{AFCD504F-B035-48AB-8917-4752B4B1AD3A}C:\users\ks\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=6 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
TCP Query User{B5A8280E-A126-4BD3-9E49-0F208EEC5567}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
TCP Query User{EF680736-F399-4BA2-8F84-90428F7E2CA5}C:\windows\syswow64\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
UDP Query User{289F3AE6-DA0E-41CC-9944-6235CDD34497}C:\users\ks\desktop\common\touhou12.3\th123.exe -> profile=private | protocol=17 | dir=in | action=allow | name=th123.exe | app=c:\users\ks\desktop\common\touhou12.3\th123.exe | 
UDP Query User{38528EB0-CAD0-4E8B-A99E-B3C7F980379A}C:\users\ks\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=17 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
UDP Query User{84809ABC-1E71-4CC4-9613-BDB40D7B4221}C:\windows\syswow64\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
UDP Query User{9B959446-6367-4082-88A2-4F3BB16037D0}C:\program files (x86)\byond\bin\byond.exe -> profile=private | protocol=17 | dir=in | action=allow | name=byond | app=c:\program files (x86)\byond\bin\byond.exe | 
UDP Query User{CC582387-949E-491C-8978-261035DCE2BC}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\AutoRun\command
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\AutoRun\command\\"" ->  [E:\LaunchU3.exe -a] -> File not found
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\AutoRun\command
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\AutoRun\command\\"" ->  [E:\INSTALL.EXE] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:01 | 000,646,144 | ---- | C] (OldTimer Tools)
 3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z -> [2011/12/01 09:59:01 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2011/12/01 09:56:24 | 000,000,000 | ---D | C]
 Advanced SystemCare 5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 -> [2011/12/01 08:20:56 | 000,000,000 | ---D | C]
 Shadowrun Campaign -> C:\Users\KS\Desktop\Shadowrun Campaign -> [2011/12/01 07:52:16 | 000,000,000 | ---D | C]
 Unlocker -> C:\Program Files (x86)\Unlocker -> [2011/11/27 00:41:01 | 000,000,000 | ---D | C]
 GameMon.des -> C:\Windows\SysWow64\GameMon.des -> [2011/11/26 23:42:54 | 003,767,240 | ---- | C] (INCA Internet Co., Ltd.)
 INCA Shared -> C:\Program Files\Common Files\INCA Shared -> [2011/11/26 23:42:17 | 000,000,000 | ---D | C]
 SD GUNDAM Online -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD GUNDAM Online -> [2011/11/26 00:17:07 | 000,000,000 | ---D | C]
 Skyrim -> C:\Users\KS\AppData\Local\Skyrim -> [2011/11/25 23:06:05 | 000,000,000 | ---D | C]
 Opera -> C:\Users\KS\AppData\Roaming\Opera -> [2011/11/25 22:44:45 | 000,000,000 | ---D | C]
 Razor 1911 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 -> [2011/11/25 22:32:32 | 000,000,000 | ---D | C]
 XAudio2_6.dll -> C:\Windows\SysNative\XAudio2_6.dll -> [2011/11/25 22:32:13 | 000,530,776 | ---- | C] (Microsoft Corporation)
 XAudio2_6.dll -> C:\Windows\SysWow64\XAudio2_6.dll -> [2011/11/25 22:32:13 | 000,528,216 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysWow64\xactengine3_6.dll -> [2011/11/25 22:32:13 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysNative\xactengine3_6.dll -> [2011/11/25 22:32:13 | 000,176,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysNative\XAPOFX1_4.dll -> [2011/11/25 22:32:13 | 000,078,680 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysWow64\XAPOFX1_4.dll -> [2011/11/25 22:32:13 | 000,074,072 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysNative\X3DAudio1_7.dll -> [2011/11/25 22:32:12 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysWow64\X3DAudio1_7.dll -> [2011/11/25 22:32:12 | 000,022,360 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysNative\XAudio2_5.dll -> [2011/11/25 22:32:11 | 000,517,960 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysWow64\XAudio2_5.dll -> [2011/11/25 22:32:11 | 000,515,416 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysWow64\xactengine3_5.dll -> [2011/11/25 22:32:10 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysNative\xactengine3_5.dll -> [2011/11/25 22:32:10 | 000,176,968 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysNative\D3DCompiler_42.dll -> [2011/11/25 22:32:08 | 002,582,888 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysWow64\D3DCompiler_42.dll -> [2011/11/25 22:32:08 | 001,974,616 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysNative\d3dcsx_42.dll -> [2011/11/25 22:32:05 | 005,554,512 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysWow64\d3dcsx_42.dll -> [2011/11/25 22:32:05 | 005,501,792 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysNative\d3dx11_42.dll -> [2011/11/25 22:32:04 | 000,285,024 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysWow64\d3dx11_42.dll -> [2011/11/25 22:32:04 | 000,235,344 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysNative\d3dx10_42.dll -> [2011/11/25 22:32:03 | 000,523,088 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2011/11/25 22:32:03 | 000,453,456 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysNative\D3DX9_42.dll -> [2011/11/25 22:32:01 | 002,475,352 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysWow64\D3DX9_42.dll -> [2011/11/25 22:32:01 | 001,892,184 | ---- | C] (Microsoft Corporation)
 D3DCompiler_41.dll -> C:\Windows\SysNative\D3DCompiler_41.dll -> [2011/11/25 22:31:59 | 002,430,312 | ---- | C] (Microsoft Corporation)
 d3dx10_41.dll -> C:\Windows\SysNative\d3dx10_41.dll -> [2011/11/25 22:31:59 | 000,520,544 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysNative\D3DX9_41.dll -> [2011/11/25 22:31:55 | 005,425,496 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysWow64\D3DX9_41.dll -> [2011/11/25 22:31:55 | 004,178,264 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysNative\XAudio2_4.dll -> [2011/11/25 22:31:53 | 000,521,560 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysWow64\XAudio2_4.dll -> [2011/11/25 22:31:53 | 000,517,448 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysNative\XAPOFX1_3.dll -> [2011/11/25 22:31:53 | 000,073,544 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2011/11/25 22:31:53 | 000,069,464 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysWow64\xactengine3_4.dll -> [2011/11/25 22:31:52 | 000,235,352 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysNative\xactengine3_4.dll -> [2011/11/25 22:31:52 | 000,174,936 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysNative\X3DAudio1_6.dll -> [2011/11/25 22:31:52 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysWow64\X3DAudio1_6.dll -> [2011/11/25 22:31:52 | 000,022,360 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysNative\D3DCompiler_40.dll -> [2011/11/25 22:31:49 | 002,605,920 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysWow64\D3DCompiler_40.dll -> [2011/11/25 22:31:49 | 002,036,576 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysNative\d3dx10_40.dll -> [2011/11/25 22:31:49 | 000,519,000 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysWow64\d3dx10_40.dll -> [2011/11/25 22:31:49 | 000,452,440 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysNative\D3DX9_40.dll -> [2011/11/25 22:31:45 | 005,631,312 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysWow64\D3DX9_40.dll -> [2011/11/25 22:31:45 | 004,379,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysNative\XAPOFX1_2.dll -> [2011/11/25 22:31:44 | 000,074,576 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysWow64\XAPOFX1_2.dll -> [2011/11/25 22:31:44 | 000,070,992 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysNative\XAudio2_3.dll -> [2011/11/25 22:31:43 | 000,518,480 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysWow64\XAudio2_3.dll -> [2011/11/25 22:31:43 | 000,514,384 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysWow64\xactengine3_3.dll -> [2011/11/25 22:31:43 | 000,235,856 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysNative\xactengine3_3.dll -> [2011/11/25 22:31:43 | 000,175,440 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysNative\X3DAudio1_5.dll -> [2011/11/25 22:31:43 | 000,025,936 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysWow64\X3DAudio1_5.dll -> [2011/11/25 22:31:43 | 000,023,376 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysNative\XAudio2_2.dll -> [2011/11/25 22:31:42 | 000,513,544 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysWow64\XAudio2_2.dll -> [2011/11/25 22:31:42 | 000,509,448 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysNative\XAPOFX1_1.dll -> [2011/11/25 22:31:42 | 000,072,200 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysWow64\XAPOFX1_1.dll -> [2011/11/25 22:31:42 | 000,068,616 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysWow64\xactengine3_2.dll -> [2011/11/25 22:31:41 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysNative\xactengine3_2.dll -> [2011/11/25 22:31:41 | 000,177,672 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysNative\D3DCompiler_39.dll -> [2011/11/25 22:31:39 | 001,942,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2011/11/25 22:31:39 | 001,493,528 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysNative\d3dx10_39.dll -> [2011/11/25 22:31:39 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2011/11/25 22:31:39 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysNative\D3DX9_39.dll -> [2011/11/25 22:31:36 | 004,992,520 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2011/11/25 22:31:36 | 003,851,784 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysNative\XAudio2_1.dll -> [2011/11/25 22:31:34 | 000,511,496 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysWow64\XAudio2_1.dll -> [2011/11/25 22:31:34 | 000,507,400 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysNative\XAPOFX1_0.dll -> [2011/11/25 22:31:34 | 000,068,104 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysWow64\XAPOFX1_0.dll -> [2011/11/25 22:31:34 | 000,065,032 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysWow64\xactengine3_1.dll -> [2011/11/25 22:31:32 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysNative\xactengine3_1.dll -> [2011/11/25 22:31:32 | 000,177,672 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysNative\X3DAudio1_4.dll -> [2011/11/25 22:31:32 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysWow64\X3DAudio1_4.dll -> [2011/11/25 22:31:32 | 000,025,608 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysNative\D3DCompiler_38.dll -> [2011/11/25 22:31:30 | 001,941,528 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysWow64\D3DCompiler_38.dll -> [2011/11/25 22:31:30 | 001,491,992 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysNative\d3dx10_38.dll -> [2011/11/25 22:31:30 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysWow64\d3dx10_38.dll -> [2011/11/25 22:31:30 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysNative\D3DX9_38.dll -> [2011/11/25 22:31:26 | 004,991,496 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysWow64\D3DX9_38.dll -> [2011/11/25 22:31:26 | 003,850,760 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysNative\XAudio2_0.dll -> [2011/11/25 22:31:25 | 000,489,480 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysWow64\XAudio2_0.dll -> [2011/11/25 22:31:25 | 000,479,752 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysWow64\xactengine3_0.dll -> [2011/11/25 22:31:25 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysNative\xactengine3_0.dll -> [2011/11/25 22:31:25 | 000,177,672 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysNative\X3DAudio1_3.dll -> [2011/11/25 22:31:24 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysWow64\X3DAudio1_3.dll -> [2011/11/25 22:31:24 | 000,025,608 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysNative\D3DCompiler_37.dll -> [2011/11/25 22:31:22 | 001,860,120 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysWow64\D3DCompiler_37.dll -> [2011/11/25 22:31:22 | 001,420,824 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysNative\d3dx10_37.dll -> [2011/11/25 22:31:22 | 000,529,424 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysWow64\d3dx10_37.dll -> [2011/11/25 22:31:22 | 000,462,864 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysNative\D3DX9_37.dll -> [2011/11/25 22:31:20 | 004,910,088 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysWow64\D3DX9_37.dll -> [2011/11/25 22:31:20 | 003,786,760 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysNative\xactengine2_10.dll -> [2011/11/25 22:31:19 | 000,411,656 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysWow64\xactengine2_10.dll -> [2011/11/25 22:31:19 | 000,267,272 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysNative\D3DCompiler_36.dll -> [2011/11/25 22:31:17 | 002,006,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysWow64\D3DCompiler_36.dll -> [2011/11/25 22:31:17 | 001,374,232 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysNative\d3dx10_36.dll -> [2011/11/25 22:31:17 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysWow64\d3dx10_36.dll -> [2011/11/25 22:31:17 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysNative\d3dx9_36.dll -> [2011/11/25 22:31:14 | 005,081,608 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysWow64\d3dx9_36.dll -> [2011/11/25 22:31:14 | 003,734,536 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysNative\xactengine2_9.dll -> [2011/11/25 22:31:13 | 000,411,496 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysWow64\xactengine2_9.dll -> [2011/11/25 22:31:13 | 000,267,112 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysNative\D3DCompiler_35.dll -> [2011/11/25 22:31:11 | 001,985,904 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysWow64\D3DCompiler_35.dll -> [2011/11/25 22:31:11 | 001,358,192 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysNative\d3dx10_35.dll -> [2011/11/25 22:31:11 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysWow64\d3dx10_35.dll -> [2011/11/25 22:31:11 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysNative\d3dx9_35.dll -> [2011/11/25 22:31:06 | 005,073,256 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysWow64\d3dx9_35.dll -> [2011/11/25 22:31:06 | 003,727,720 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2011/11/25 22:31:04 | 000,409,960 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2011/11/25 22:31:04 | 000,266,088 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysNative\X3DAudio1_2.dll -> [2011/11/25 22:31:04 | 000,021,000 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysWow64\X3DAudio1_2.dll -> [2011/11/25 22:31:04 | 000,017,928 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2011/11/25 22:31:02 | 001,401,200 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2011/11/25 22:31:02 | 001,124,720 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2011/11/25 22:31:02 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2011/11/25 22:31:02 | 000,443,752 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2011/11/25 22:31:00 | 004,496,232 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2011/11/25 22:31:00 | 003,497,832 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2011/11/25 22:30:59 | 000,107,368 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2011/11/25 22:30:59 | 000,081,768 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2011/11/25 22:30:56 | 000,403,304 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2011/11/25 22:30:56 | 000,261,480 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2011/11/25 22:30:54 | 001,400,176 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2011/11/25 22:30:54 | 001,123,696 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2011/11/25 22:30:54 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2011/11/25 22:30:54 | 000,443,752 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2011/11/25 22:30:49 | 004,494,184 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2011/11/25 22:30:49 | 003,495,784 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2011/11/25 22:30:48 | 000,393,576 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2011/11/25 22:30:48 | 000,255,848 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2011/11/25 22:30:45 | 000,390,424 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2011/11/25 22:30:45 | 000,251,672 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2011/11/25 22:30:40 | 000,469,264 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2011/11/25 22:30:40 | 000,440,080 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysNative\d3dx9_32.dll -> [2011/11/25 22:30:36 | 004,398,360 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysWow64\d3dx9_32.dll -> [2011/11/25 22:30:36 | 003,426,072 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2011/11/25 22:30:34 | 000,364,824 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2011/11/25 22:30:34 | 000,237,848 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2011/11/25 22:30:34 | 000,017,688 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2011/11/25 22:30:34 | 000,015,128 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2011/11/25 22:30:32 | 003,977,496 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2011/11/25 22:30:32 | 002,414,360 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2011/11/25 22:30:31 | 000,363,288 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2011/11/25 22:30:31 | 000,236,824 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2011/11/25 22:30:30 | 000,083,736 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2011/11/25 22:30:30 | 000,062,744 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2011/11/25 22:30:28 | 000,354,072 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2011/11/25 22:30:28 | 000,230,168 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2011/11/25 22:30:28 | 000,083,664 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2011/11/25 22:30:28 | 000,062,672 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2011/11/25 22:30:27 | 000,352,464 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2011/11/25 22:30:27 | 000,229,584 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2011/11/25 22:30:11 | 003,927,248 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2011/11/25 22:30:11 | 002,388,176 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2011/11/25 22:30:09 | 000,355,536 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2011/11/25 22:30:09 | 000,230,096 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2011/11/25 22:30:09 | 000,016,592 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2011/11/25 22:30:09 | 000,014,032 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2011/11/25 22:30:07 | 003,830,992 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2011/11/25 22:30:07 | 002,332,368 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2011/11/25 22:30:04 | 003,815,120 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2011/11/25 22:30:04 | 002,323,664 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2011/11/25 22:30:03 | 003,807,440 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2011/11/25 22:30:03 | 002,319,568 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2011/11/25 22:30:00 | 003,767,504 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2011/11/25 22:30:00 | 002,297,552 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2011/11/25 22:29:54 | 003,823,312 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2011/11/25 22:29:54 | 002,337,488 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2011/11/25 22:29:50 | 003,544,272 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2011/11/25 22:29:50 | 002,222,800 | ---- | C] (Microsoft Corporation)
 The Elder Scrolls V Skyrim -> C:\Program Files (x86)\The Elder Scrolls V Skyrim -> [2011/11/25 22:16:02 | 000,000,000 | ---D | C]
 dtsoftbus01.sys -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | C] (DT Soft Ltd)
 DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2011/11/25 21:41:51 | 000,000,000 | ---D | C]
 DAEMON Tools Lite -> C:\Users\KS\AppData\Roaming\DAEMON Tools Lite -> [2011/11/25 21:41:34 | 000,000,000 | ---D | C]
 XSplit -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit -> [2011/11/25 21:01:00 | 000,000,000 | ---D | C]
 SplitMediaLabs -> C:\Program Files (x86)\SplitMediaLabs -> [2011/11/25 21:01:00 | 000,000,000 | ---D | C]
 SplitMediaLabs -> C:\Users\KS\AppData\Roaming\SplitMediaLabs -> [2011/11/25 20:59:58 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2011/11/25 20:11:41 | 000,000,000 | -HSD | C]
 uTorrent -> C:\Users\KS\AppData\Roaming\uTorrent -> [2011/11/24 20:27:19 | 000,000,000 | ---D | C]
 MPG4c32.dll -> C:\Windows\SysWow64\MPG4c32.dll -> [2011/11/24 16:26:43 | 000,413,760 | ---- | C] (Microsoft Corporation)
 mpg4ds32.ax -> C:\Windows\SysWow64\mpg4ds32.ax -> [2011/11/24 16:26:43 | 000,262,144 | ---- | C] (Microsoft Corporation)
 SourceTec -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec -> [2011/11/24 16:26:43 | 000,000,000 | ---D | C]
 SourceTec -> C:\Program Files (x86)\SourceTec -> [2011/11/24 16:19:39 | 000,000,000 | ---D | C]
 Media Player Classic -> C:\Users\KS\AppData\Roaming\Media Player Classic -> [2011/11/24 15:28:00 | 000,000,000 | ---D | C]
 Audacity -> C:\Users\KS\AppData\Roaming\Audacity -> [2011/11/24 15:22:50 | 000,000,000 | ---D | C]
 SYSTEMAX Software Development -> C:\Users\KS\AppData\Roaming\SYSTEMAX Software Development -> [2011/11/23 23:19:49 | 000,000,000 | ---D | C]
 Acer -> C:\Users\KS\AppData\Roaming\Acer -> [2011/11/23 18:45:03 | 000,000,000 | ---D | C]
 e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com -> [2011/11/23 13:13:55 | 000,032,256 | ---- | C] (TWX Corp.)
 Mozilla -> C:\Users\KS\AppData\Roaming\Mozilla -> [2011/11/23 04:33:06 | 000,000,000 | ---D | C]
 WinRAR -> C:\Users\KS\AppData\Roaming\WinRAR -> [2011/11/23 04:10:00 | 000,000,000 | ---D | C]
 IObit -> C:\Users\KS\AppData\Roaming\IObit -> [2011/11/23 04:09:52 | 000,000,000 | ---D | C]
 Macromedia -> C:\Users\KS\AppData\Roaming\Macromedia -> [2011/11/23 04:08:00 | 000,000,000 | ---D | C]
 Adobe -> C:\Users\KS\AppData\Roaming\Adobe -> [2011/11/23 04:07:56 | 000,000,000 | ---D | C]
 IObit Malware Fighter -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter -> [2011/11/22 10:42:49 | 000,000,000 | ---D | C]
 LP -> C:\Program Files (x86)\LP -> [2011/11/22 03:47:02 | 000,000,000 | ---D | C]
 83AE3 -> C:\Users\KS\AppData\Roaming\83AE3 -> [2011/11/22 03:21:25 | 000,000,000 | ---D | C]
 B8983 -> C:\Users\KS\AppData\Roaming\B8983 -> [2011/11/22 03:20:47 | 000,000,000 | ---D | C]
 AV Protection 2011 -> C:\Users\KS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011 -> [2011/11/22 03:20:38 | 000,000,000 | ---D | C]
 system64 -> C:\Windows\system64 -> [2011/11/22 03:19:49 | 000,000,000 | ---D | C]
 The_Elder_Scrolls_V_Skyrim-Razor1911 -> C:\Users\KS\Desktop\The_Elder_Scrolls_V_Skyrim-Razor1911 -> [2011/11/21 21:20:15 | 000,000,000 | ---D | C]
 .maptool -> C:\Users\KS\.maptool -> [2011/11/19 14:40:13 | 000,000,000 | ---D | C]
 {2EBBC7D6-9981-4455-8544-F886CD8F3760} -> C:\Users\KS\AppData\Local\{2EBBC7D6-9981-4455-8544-F886CD8F3760} -> [2011/11/10 18:18:43 | 000,000,000 | ---D | C]
 {3D73CF15-D749-4CD8-97C9-37699EDF41F1} -> C:\Users\KS\AppData\Local\{3D73CF15-D749-4CD8-97C9-37699EDF41F1} -> [2011/11/10 18:18:26 | 000,000,000 | ---D | C]
 {2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2} -> C:\Users\KS\AppData\Local\{2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2} -> [2011/11/09 01:48:28 | 000,000,000 | ---D | C]
 {6714391A-4AF2-4EDF-81B2-D81ABF9E53CC} -> C:\Users\KS\AppData\Local\{6714391A-4AF2-4EDF-81B2-D81ABF9E53CC} -> [2011/11/09 01:48:01 | 000,000,000 | ---D | C]
 {B4DC5987-E282-4E97-AC31-E6B18A4FE432} -> C:\Users\KS\AppData\Local\{B4DC5987-E282-4E97-AC31-E6B18A4FE432} -> [2011/11/07 15:51:46 | 000,000,000 | ---D | C]
 {86F1A600-AA71-49F1-8324-64C6436D016C} -> C:\Users\KS\AppData\Local\{86F1A600-AA71-49F1-8324-64C6436D016C} -> [2011/11/07 15:51:30 | 000,000,000 | ---D | C]
 Allm -> C:\Allm -> [2011/11/03 10:55:04 | 000,000,000 | ---D | C]
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 07:43:21 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 07:43:21 | 000,009,920 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/12/03 07:40:31 | 000,793,646 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/12/03 07:40:31 | 000,661,714 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/12/03 07:40:31 | 000,125,800 | ---- | M] ()
 OTS.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:03 | 000,646,144 | ---- | M] (OldTimer Tools)
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/12/03 07:35:38 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/12/03 07:35:30 | 2211,483,648 | -HS- | M] ()
 At97.job -> C:\Windows\tasks\At97.job -> [2011/12/02 23:18:31 | 000,000,352 | ---- | M] ()
 At49.job -> C:\Windows\tasks\At49.job -> [2011/12/02 23:18:31 | 000,000,352 | ---- | M] ()
 At96.job -> C:\Windows\tasks\At96.job -> [2011/12/02 23:18:31 | 000,000,350 | ---- | M] ()
 At48.job -> C:\Windows\tasks\At48.job -> [2011/12/02 23:18:31 | 000,000,350 | ---- | M] ()
 At46.job -> C:\Windows\tasks\At46.job -> [2011/12/02 22:18:20 | 000,000,350 | ---- | M] ()
 At95.job -> C:\Windows\tasks\At95.job -> [2011/12/02 22:18:19 | 000,000,352 | ---- | M] ()
 At47.job -> C:\Windows\tasks\At47.job -> [2011/12/02 22:18:19 | 000,000,352 | ---- | M] ()
 At94.job -> C:\Windows\tasks\At94.job -> [2011/12/02 22:18:19 | 000,000,350 | ---- | M] ()
 At93.job -> C:\Windows\tasks\At93.job -> [2011/12/02 21:18:28 | 000,000,352 | ---- | M] ()
 At45.job -> C:\Windows\tasks\At45.job -> [2011/12/02 21:18:28 | 000,000,352 | ---- | M] ()
 At44.job -> C:\Windows\tasks\At44.job -> [2011/12/02 21:18:28 | 000,000,350 | ---- | M] ()
 At92.job -> C:\Windows\tasks\At92.job -> [2011/12/02 21:18:27 | 000,000,350 | ---- | M] ()
 At91.job -> C:\Windows\tasks\At91.job -> [2011/12/02 20:18:15 | 000,000,352 | ---- | M] ()
 At90.job -> C:\Windows\tasks\At90.job -> [2011/12/02 20:18:12 | 000,000,350 | ---- | M] ()
 At43.job -> C:\Windows\tasks\At43.job -> [2011/12/02 20:18:11 | 000,000,352 | ---- | M] ()
 At42.job -> C:\Windows\tasks\At42.job -> [2011/12/02 20:18:10 | 000,000,350 | ---- | M] ()
 At41.job -> C:\Windows\tasks\At41.job -> [2011/12/02 19:18:12 | 000,000,352 | ---- | M] ()
 At88.job -> C:\Windows\tasks\At88.job -> [2011/12/02 19:18:12 | 000,000,350 | ---- | M] ()
 At89.job -> C:\Windows\tasks\At89.job -> [2011/12/02 19:18:09 | 000,000,352 | ---- | M] ()
 At40.job -> C:\Windows\tasks\At40.job -> [2011/12/02 19:18:09 | 000,000,350 | ---- | M] ()
 At87.job -> C:\Windows\tasks\At87.job -> [2011/12/02 18:18:12 | 000,000,352 | ---- | M] ()
 At39.job -> C:\Windows\tasks\At39.job -> [2011/12/02 18:18:12 | 000,000,352 | ---- | M] ()
 At86.job -> C:\Windows\tasks\At86.job -> [2011/12/02 18:18:12 | 000,000,350 | ---- | M] ()
 At38.job -> C:\Windows\tasks\At38.job -> [2011/12/02 18:18:09 | 000,000,350 | ---- | M] ()
 At85.job -> C:\Windows\tasks\At85.job -> [2011/12/02 17:18:07 | 000,000,352 | ---- | M] ()
 At37.job -> C:\Windows\tasks\At37.job -> [2011/12/02 17:18:07 | 000,000,352 | ---- | M] ()
 At84.job -> C:\Windows\tasks\At84.job -> [2011/12/02 17:18:07 | 000,000,350 | ---- | M] ()
 At36.job -> C:\Windows\tasks\At36.job -> [2011/12/02 17:18:07 | 000,000,350 | ---- | M] ()
 At83.job -> C:\Windows\tasks\At83.job -> [2011/12/02 16:18:11 | 000,000,352 | ---- | M] ()
 At35.job -> C:\Windows\tasks\At35.job -> [2011/12/02 16:18:11 | 000,000,352 | ---- | M] ()
 At82.job -> C:\Windows\tasks\At82.job -> [2011/12/02 16:18:11 | 000,000,350 | ---- | M] ()
 At34.job -> C:\Windows\tasks\At34.job -> [2011/12/02 16:18:11 | 000,000,350 | ---- | M] ()
 At81.job -> C:\Windows\tasks\At81.job -> [2011/12/02 15:18:32 | 000,000,352 | ---- | M] ()
 At32.job -> C:\Windows\tasks\At32.job -> [2011/12/02 15:18:32 | 000,000,350 | ---- | M] ()
 At33.job -> C:\Windows\tasks\At33.job -> [2011/12/02 15:18:21 | 000,000,352 | ---- | M] ()
 At80.job -> C:\Windows\tasks\At80.job -> [2011/12/02 15:18:21 | 000,000,350 | ---- | M] ()
 At79.job -> C:\Windows\tasks\At79.job -> [2011/12/02 14:18:00 | 000,000,352 | ---- | M] ()
 At31.job -> C:\Windows\tasks\At31.job -> [2011/12/02 14:18:00 | 000,000,352 | ---- | M] ()
 At78.job -> C:\Windows\tasks\At78.job -> [2011/12/02 14:18:00 | 000,000,350 | ---- | M] ()
 At30.job -> C:\Windows\tasks\At30.job -> [2011/12/02 14:18:00 | 000,000,350 | ---- | M] ()
 At29.job -> C:\Windows\tasks\At29.job -> [2011/12/02 13:18:01 | 000,000,352 | ---- | M] ()
 At77.job -> C:\Windows\tasks\At77.job -> [2011/12/02 13:18:00 | 000,000,352 | ---- | M] ()
 At76.job -> C:\Windows\tasks\At76.job -> [2011/12/02 13:18:00 | 000,000,350 | ---- | M] ()
 At28.job -> C:\Windows\tasks\At28.job -> [2011/12/02 13:18:00 | 000,000,350 | ---- | M] ()
 At75.job -> C:\Windows\tasks\At75.job -> [2011/12/02 12:18:26 | 000,000,352 | ---- | M] ()
 At27.job -> C:\Windows\tasks\At27.job -> [2011/12/02 12:18:26 | 000,000,352 | ---- | M] ()
 At74.job -> C:\Windows\tasks\At74.job -> [2011/12/02 12:18:26 | 000,000,350 | ---- | M] ()
 At26.job -> C:\Windows\tasks\At26.job -> [2011/12/02 12:18:25 | 000,000,350 | ---- | M] ()
 At73.job -> C:\Windows\tasks\At73.job -> [2011/12/02 11:18:29 | 000,000,352 | ---- | M] ()
 At72.job -> C:\Windows\tasks\At72.job -> [2011/12/02 11:18:29 | 000,000,350 | ---- | M] ()
 At24.job -> C:\Windows\tasks\At24.job -> [2011/12/02 11:18:21 | 000,000,350 | ---- | M] ()
 At25.job -> C:\Windows\tasks\At25.job -> [2011/12/02 11:18:14 | 000,000,352 | ---- | M] ()
 Skyrim1.bmp -> C:\Users\KS\Desktop\Skyrim1.bmp -> [2011/12/02 10:36:54 | 001,082,454 | ---- | M] ()
 At71.job -> C:\Windows\tasks\At71.job -> [2011/12/02 10:18:08 | 000,000,352 | ---- | M] ()
 At23.job -> C:\Windows\tasks\At23.job -> [2011/12/02 10:18:08 | 000,000,352 | ---- | M] ()
 At22.job -> C:\Windows\tasks\At22.job -> [2011/12/02 10:18:08 | 000,000,350 | ---- | M] ()
 At70.job -> C:\Windows\tasks\At70.job -> [2011/12/02 10:18:04 | 000,000,350 | ---- | M] ()
 At69.job -> C:\Windows\tasks\At69.job -> [2011/12/02 09:18:21 | 000,000,352 | ---- | M] ()
 At21.job -> C:\Windows\tasks\At21.job -> [2011/12/02 09:18:21 | 000,000,352 | ---- | M] ()
 At68.job -> C:\Windows\tasks\At68.job -> [2011/12/02 09:18:21 | 000,000,350 | ---- | M] ()
 At20.job -> C:\Windows\tasks\At20.job -> [2011/12/02 09:18:21 | 000,000,350 | ---- | M] ()
 At67.job -> C:\Windows\tasks\At67.job -> [2011/12/02 08:18:02 | 000,000,352 | ---- | M] ()
 At19.job -> C:\Windows\tasks\At19.job -> [2011/12/02 08:18:02 | 000,000,352 | ---- | M] ()
 At66.job -> C:\Windows\tasks\At66.job -> [2011/12/02 08:18:02 | 000,000,350 | ---- | M] ()
 At18.job -> C:\Windows\tasks\At18.job -> [2011/12/02 08:18:01 | 000,000,350 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/12/01 21:10:37 | 004,896,984 | ---- | M] ()
 SWFConverter.INI -> C:\Windows\SWFConverter.INI -> [2011/12/01 20:02:10 | 000,000,037 | ---- | M] ()
 defogger_reenable -> C:\Users\KS\defogger_reenable -> [2011/12/01 10:45:44 | 000,000,000 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/12/01 09:56:25 | 000,000,826 | ---- | M] ()
 Advanced SystemCare 5.lnk -> C:\Users\Public\Desktop\Advanced SystemCare 5.lnk -> [2011/12/01 08:20:56 | 000,001,185 | ---- | M] ()
 At65.job -> C:\Windows\tasks\At65.job -> [2011/12/01 07:18:00 | 000,000,352 | ---- | M] ()
 At17.job -> C:\Windows\tasks\At17.job -> [2011/12/01 07:18:00 | 000,000,352 | ---- | M] ()
 At64.job -> C:\Windows\tasks\At64.job -> [2011/12/01 07:18:00 | 000,000,350 | ---- | M] ()
 At16.job -> C:\Windows\tasks\At16.job -> [2011/12/01 07:18:00 | 000,000,350 | ---- | M] ()
 At63.job -> C:\Windows\tasks\At63.job -> [2011/12/01 06:18:00 | 000,000,352 | ---- | M] ()
 At15.job -> C:\Windows\tasks\At15.job -> [2011/12/01 06:18:00 | 000,000,352 | ---- | M] ()
 At62.job -> C:\Windows\tasks\At62.job -> [2011/12/01 06:18:00 | 000,000,350 | ---- | M] ()
 At14.job -> C:\Windows\tasks\At14.job -> [2011/12/01 06:18:00 | 000,000,350 | ---- | M] ()
 At61.job -> C:\Windows\tasks\At61.job -> [2011/12/01 05:18:00 | 000,000,352 | ---- | M] ()
 At13.job -> C:\Windows\tasks\At13.job -> [2011/12/01 05:18:00 | 000,000,352 | ---- | M] ()
 At60.job -> C:\Windows\tasks\At60.job -> [2011/12/01 05:18:00 | 000,000,350 | ---- | M] ()
 At12.job -> C:\Windows\tasks\At12.job -> [2011/12/01 05:18:00 | 000,000,350 | ---- | M] ()
 At59.job -> C:\Windows\tasks\At59.job -> [2011/12/01 04:18:00 | 000,000,352 | ---- | M] ()
 At11.job -> C:\Windows\tasks\At11.job -> [2011/12/01 04:18:00 | 000,000,352 | ---- | M] ()
 At58.job -> C:\Windows\tasks\At58.job -> [2011/12/01 04:18:00 | 000,000,350 | ---- | M] ()
 At10.job -> C:\Windows\tasks\At10.job -> [2011/12/01 04:18:00 | 000,000,350 | ---- | M] ()
 At9.job -> C:\Windows\tasks\At9.job -> [2011/12/01 03:18:00 | 000,000,352 | ---- | M] ()
 At57.job -> C:\Windows\tasks\At57.job -> [2011/12/01 03:18:00 | 000,000,352 | ---- | M] ()
 At8.job -> C:\Windows\tasks\At8.job -> [2011/12/01 03:18:00 | 000,000,350 | ---- | M] ()
 At56.job -> C:\Windows\tasks\At56.job -> [2011/12/01 03:18:00 | 000,000,350 | ---- | M] ()
 At7.job -> C:\Windows\tasks\At7.job -> [2011/12/01 02:18:00 | 000,000,352 | ---- | M] ()
 At55.job -> C:\Windows\tasks\At55.job -> [2011/12/01 02:18:00 | 000,000,352 | ---- | M] ()
 At6.job -> C:\Windows\tasks\At6.job -> [2011/12/01 02:18:00 | 000,000,350 | ---- | M] ()
 At54.job -> C:\Windows\tasks\At54.job -> [2011/12/01 02:18:00 | 000,000,350 | ---- | M] ()
 At53.job -> C:\Windows\tasks\At53.job -> [2011/12/01 01:18:00 | 000,000,352 | ---- | M] ()
 At5.job -> C:\Windows\tasks\At5.job -> [2011/12/01 01:18:00 | 000,000,352 | ---- | M] ()
 At52.job -> C:\Windows\tasks\At52.job -> [2011/12/01 01:18:00 | 000,000,350 | ---- | M] ()
 At4.job -> C:\Windows\tasks\At4.job -> [2011/12/01 01:18:00 | 000,000,350 | ---- | M] ()
 At51.job -> C:\Windows\tasks\At51.job -> [2011/12/01 00:18:00 | 000,000,352 | ---- | M] ()
 At3.job -> C:\Windows\tasks\At3.job -> [2011/12/01 00:18:00 | 000,000,352 | ---- | M] ()
 At50.job -> C:\Windows\tasks\At50.job -> [2011/12/01 00:18:00 | 000,000,350 | ---- | M] ()
 At2.job -> C:\Windows\tasks\At2.job -> [2011/12/01 00:18:00 | 000,000,350 | ---- | M] ()
 e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com -> [2011/11/26 16:29:01 | 000,032,256 | ---- | M] (TWX Corp.)
 dtsoftbus01.sys -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | M] (DT Soft Ltd)
 H8T73GY.dat -> C:\ProgramData\H8T73GY.dat -> [2011/11/23 13:14:44 | 000,000,000 | ---- | M] ()
 At1.job -> C:\Windows\tasks\At1.job -> [2011/11/22 03:48:15 | 000,000,376 | ---- | M] ()
 GameMon.des -> C:\Windows\SysWow64\GameMon.des -> [2011/11/14 18:04:51 | 003,767,240 | ---- | M] (INCA Internet Co., Ltd.)
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 Skyrim1.bmp -> C:\Users\KS\Desktop\Skyrim1.bmp -> [2011/12/02 10:36:54 | 001,082,454 | ---- | C] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/12/01 21:10:13 | 004,896,984 | ---- | C] ()
 defogger_reenable -> C:\Users\KS\defogger_reenable -> [2011/12/01 10:45:44 | 000,000,000 | ---- | C] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/12/01 09:56:25 | 000,000,826 | ---- | C] ()
 RegistryDefragBootTime.exe -> C:\Windows\SysNative\RegistryDefragBootTime.exe -> [2011/12/01 08:52:19 | 000,022,872 | ---- | C] ()
 Advanced SystemCare 5.lnk -> C:\Users\Public\Desktop\Advanced SystemCare 5.lnk -> [2011/12/01 08:20:56 | 000,001,185 | ---- | C] ()
 At97.job -> C:\Windows\tasks\At97.job -> [2011/11/26 16:29:43 | 000,000,352 | ---- | C] ()
 At96.job -> C:\Windows\tasks\At96.job -> [2011/11/26 16:29:42 | 000,000,350 | ---- | C] ()
 At95.job -> C:\Windows\tasks\At95.job -> [2011/11/26 16:29:41 | 000,000,352 | ---- | C] ()
 At94.job -> C:\Windows\tasks\At94.job -> [2011/11/26 16:29:41 | 000,000,350 | ---- | C] ()
 At93.job -> C:\Windows\tasks\At93.job -> [2011/11/26 16:29:40 | 000,000,352 | ---- | C] ()
 At92.job -> C:\Windows\tasks\At92.job -> [2011/11/26 16:29:40 | 000,000,350 | ---- | C] ()
 At91.job -> C:\Windows\tasks\At91.job -> [2011/11/26 16:29:39 | 000,000,352 | ---- | C] ()
 At89.job -> C:\Windows\tasks\At89.job -> [2011/11/26 16:29:38 | 000,000,352 | ---- | C] ()
 At90.job -> C:\Windows\tasks\At90.job -> [2011/11/26 16:29:38 | 000,000,350 | ---- | C] ()
 At87.job -> C:\Windows\tasks\At87.job -> [2011/11/26 16:29:37 | 000,000,352 | ---- | C] ()
 At88.job -> C:\Windows\tasks\At88.job -> [2011/11/26 16:29:37 | 000,000,350 | ---- | C] ()
 At86.job -> C:\Windows\tasks\At86.job -> [2011/11/26 16:29:36 | 000,000,350 | ---- | C] ()
 At85.job -> C:\Windows\tasks\At85.job -> [2011/11/26 16:29:35 | 000,000,352 | ---- | C] ()
 At83.job -> C:\Windows\tasks\At83.job -> [2011/11/26 16:29:34 | 000,000,352 | ---- | C] ()
 At84.job -> C:\Windows\tasks\At84.job -> [2011/11/26 16:29:34 | 000,000,350 | ---- | C] ()
 At82.job -> C:\Windows\tasks\At82.job -> [2011/11/26 16:29:33 | 000,000,350 | ---- | C] ()
 At81.job -> C:\Windows\tasks\At81.job -> [2011/11/26 16:29:32 | 000,000,352 | ---- | C] ()
 At80.job -> C:\Windows\tasks\At80.job -> [2011/11/26 16:29:32 | 000,000,350 | ---- | C] ()
 At79.job -> C:\Windows\tasks\At79.job -> [2011/11/26 16:29:31 | 000,000,352 | ---- | C] ()
 At78.job -> C:\Windows\tasks\At78.job -> [2011/11/26 16:29:30 | 000,000,350 | ---- | C] ()
 At77.job -> C:\Windows\tasks\At77.job -> [2011/11/26 16:29:29 | 000,000,352 | ---- | C] ()
 At76.job -> C:\Windows\tasks\At76.job -> [2011/11/26 16:29:29 | 000,000,350 | ---- | C] ()
 At75.job -> C:\Windows\tasks\At75.job -> [2011/11/26 16:29:28 | 000,000,352 | ---- | C] ()
 At73.job -> C:\Windows\tasks\At73.job -> [2011/11/26 16:29:27 | 000,000,352 | ---- | C] ()
 At74.job -> C:\Windows\tasks\At74.job -> [2011/11/26 16:29:27 | 000,000,350 | ---- | C] ()
 At71.job -> C:\Windows\tasks\At71.job -> [2011/11/26 16:29:26 | 000,000,352 | ---- | C] ()
 At72.job -> C:\Windows\tasks\At72.job -> [2011/11/26 16:29:26 | 000,000,350 | ---- | C] ()
 At70.job -> C:\Windows\tasks\At70.job -> [2011/11/26 16:29:25 | 000,000,350 | ---- | C] ()
 At69.job -> C:\Windows\tasks\At69.job -> [2011/11/26 16:29:24 | 000,000,352 | ---- | C] ()
 At68.job -> C:\Windows\tasks\At68.job -> [2011/11/26 16:29:24 | 000,000,350 | ---- | C] ()
 At67.job -> C:\Windows\tasks\At67.job -> [2011/11/26 16:29:23 | 000,000,352 | ---- | C] ()
 At65.job -> C:\Windows\tasks\At65.job -> [2011/11/26 16:29:22 | 000,000,352 | ---- | C] ()
 At66.job -> C:\Windows\tasks\At66.job -> [2011/11/26 16:29:22 | 000,000,350 | ---- | C] ()
 At63.job -> C:\Windows\tasks\At63.job -> [2011/11/26 16:29:21 | 000,000,352 | ---- | C] ()
 At64.job -> C:\Windows\tasks\At64.job -> [2011/11/26 16:29:21 | 000,000,350 | ---- | C] ()
 At61.job -> C:\Windows\tasks\At61.job -> [2011/11/26 16:29:20 | 000,000,352 | ---- | C] ()
 At62.job -> C:\Windows\tasks\At62.job -> [2011/11/26 16:29:20 | 000,000,350 | ---- | C] ()
 At60.job -> C:\Windows\tasks\At60.job -> [2011/11/26 16:29:19 | 000,000,350 | ---- | C] ()
 At59.job -> C:\Windows\tasks\At59.job -> [2011/11/26 16:29:18 | 000,000,352 | ---- | C] ()
 At58.job -> C:\Windows\tasks\At58.job -> [2011/11/26 16:29:18 | 000,000,350 | ---- | C] ()
 At57.job -> C:\Windows\tasks\At57.job -> [2011/11/26 16:29:17 | 000,000,352 | ---- | C] ()
 At56.job -> C:\Windows\tasks\At56.job -> [2011/11/26 16:29:17 | 000,000,350 | ---- | C] ()
 At55.job -> C:\Windows\tasks\At55.job -> [2011/11/26 16:29:16 | 000,000,352 | ---- | C] ()
 At54.job -> C:\Windows\tasks\At54.job -> [2011/11/26 16:29:16 | 000,000,350 | ---- | C] ()
 At53.job -> C:\Windows\tasks\At53.job -> [2011/11/26 16:29:15 | 000,000,352 | ---- | C] ()
 At51.job -> C:\Windows\tasks\At51.job -> [2011/11/26 16:29:14 | 000,000,352 | ---- | C] ()
 At52.job -> C:\Windows\tasks\At52.job -> [2011/11/26 16:29:14 | 000,000,350 | ---- | C] ()
 At50.job -> C:\Windows\tasks\At50.job -> [2011/11/26 16:29:13 | 000,000,350 | ---- | C] ()
 SWFConverter.INI -> C:\Windows\SWFConverter.INI -> [2011/11/24 16:26:51 | 000,000,037 | ---- | C] ()
 H8T73GY.dat -> C:\ProgramData\H8T73GY.dat -> [2011/11/23 13:14:44 | 000,000,000 | ---- | C] ()
 At49.job -> C:\Windows\tasks\At49.job -> [2011/11/23 13:14:43 | 000,000,352 | ---- | C] ()
 At48.job -> C:\Windows\tasks\At48.job -> [2011/11/23 13:14:42 | 000,000,350 | ---- | C] ()
 At47.job -> C:\Windows\tasks\At47.job -> [2011/11/23 13:14:41 | 000,000,352 | ---- | C] ()
 At46.job -> C:\Windows\tasks\At46.job -> [2011/11/23 13:14:41 | 000,000,350 | ---- | C] ()
 At45.job -> C:\Windows\tasks\At45.job -> [2011/11/23 13:14:40 | 000,000,352 | ---- | C] ()
 At44.job -> C:\Windows\tasks\At44.job -> [2011/11/23 13:14:40 | 000,000,350 | ---- | C] ()
 At43.job -> C:\Windows\tasks\At43.job -> [2011/11/23 13:14:39 | 000,000,352 | ---- | C] ()
 At42.job -> C:\Windows\tasks\At42.job -> [2011/11/23 13:14:39 | 000,000,350 | ---- | C] ()
 At41.job -> C:\Windows\tasks\At41.job -> [2011/11/23 13:14:38 | 000,000,352 | ---- | C] ()
 At40.job -> C:\Windows\tasks\At40.job -> [2011/11/23 13:14:38 | 000,000,350 | ---- | C] ()
 At39.job -> C:\Windows\tasks\At39.job -> [2011/11/23 13:14:37 | 000,000,352 | ---- | C] ()
 At37.job -> C:\Windows\tasks\At37.job -> [2011/11/23 13:14:36 | 000,000,352 | ---- | C] ()
 At38.job -> C:\Windows\tasks\At38.job -> [2011/11/23 13:14:36 | 000,000,350 | ---- | C] ()
 At36.job -> C:\Windows\tasks\At36.job -> [2011/11/23 13:14:35 | 000,000,350 | ---- | C] ()
 At35.job -> C:\Windows\tasks\At35.job -> [2011/11/23 13:14:33 | 000,000,352 | ---- | C] ()
 At34.job -> C:\Windows\tasks\At34.job -> [2011/11/23 13:14:33 | 000,000,350 | ---- | C] ()
 At33.job -> C:\Windows\tasks\At33.job -> [2011/11/23 13:14:32 | 000,000,352 | ---- | C] ()
 At32.job -> C:\Windows\tasks\At32.job -> [2011/11/23 13:14:31 | 000,000,350 | ---- | C] ()
 At31.job -> C:\Windows\tasks\At31.job -> [2011/11/23 13:14:30 | 000,000,352 | ---- | C] ()
 At30.job -> C:\Windows\tasks\At30.job -> [2011/11/23 13:14:29 | 000,000,350 | ---- | C] ()
 At29.job -> C:\Windows\tasks\At29.job -> [2011/11/23 13:14:28 | 000,000,352 | ---- | C] ()
 At28.job -> C:\Windows\tasks\At28.job -> [2011/11/23 13:14:26 | 000,000,350 | ---- | C] ()
 At27.job -> C:\Windows\tasks\At27.job -> [2011/11/23 13:14:25 | 000,000,352 | ---- | C] ()
 At26.job -> C:\Windows\tasks\At26.job -> [2011/11/23 13:14:25 | 000,000,350 | ---- | C] ()
 At25.job -> C:\Windows\tasks\At25.job -> [2011/11/23 13:14:24 | 000,000,352 | ---- | C] ()
 At24.job -> C:\Windows\tasks\At24.job -> [2011/11/23 13:14:23 | 000,000,350 | ---- | C] ()
 At23.job -> C:\Windows\tasks\At23.job -> [2011/11/23 13:14:22 | 000,000,352 | ---- | C] ()
 At22.job -> C:\Windows\tasks\At22.job -> [2011/11/23 13:14:21 | 000,000,350 | ---- | C] ()
 At21.job -> C:\Windows\tasks\At21.job -> [2011/11/23 13:14:20 | 000,000,352 | ---- | C] ()
 At20.job -> C:\Windows\tasks\At20.job -> [2011/11/23 13:14:19 | 000,000,350 | ---- | C] ()
 At19.job -> C:\Windows\tasks\At19.job -> [2011/11/23 13:14:18 | 000,000,352 | ---- | C] ()
 At18.job -> C:\Windows\tasks\At18.job -> [2011/11/23 13:14:15 | 000,000,350 | ---- | C] ()
 At17.job -> C:\Windows\tasks\At17.job -> [2011/11/23 13:14:13 | 000,000,352 | ---- | C] ()
 At16.job -> C:\Windows\tasks\At16.job -> [2011/11/23 13:14:11 | 000,000,350 | ---- | C] ()
 At15.job -> C:\Windows\tasks\At15.job -> [2011/11/23 13:14:10 | 000,000,352 | ---- | C] ()
 At13.job -> C:\Windows\tasks\At13.job -> [2011/11/23 13:14:09 | 000,000,352 | ---- | C] ()
 At14.job -> C:\Windows\tasks\At14.job -> [2011/11/23 13:14:09 | 000,000,350 | ---- | C] ()
 At12.job -> C:\Windows\tasks\At12.job -> [2011/11/23 13:14:08 | 000,000,350 | ---- | C] ()
 At11.job -> C:\Windows\tasks\At11.job -> [2011/11/23 13:14:07 | 000,000,352 | ---- | C] ()
 At10.job -> C:\Windows\tasks\At10.job -> [2011/11/23 13:14:06 | 000,000,350 | ---- | C] ()
 At9.job -> C:\Windows\tasks\At9.job -> [2011/11/23 13:14:05 | 000,000,352 | ---- | C] ()
 At8.job -> C:\Windows\tasks\At8.job -> [2011/11/23 13:14:04 | 000,000,350 | ---- | C] ()
 At7.job -> C:\Windows\tasks\At7.job -> [2011/11/23 13:14:03 | 000,000,352 | ---- | C] ()
 At6.job -> C:\Windows\tasks\At6.job -> [2011/11/23 13:14:02 | 000,000,350 | ---- | C] ()
 At5.job -> C:\Windows\tasks\At5.job -> [2011/11/23 13:14:01 | 000,000,352 | ---- | C] ()
 At4.job -> C:\Windows\tasks\At4.job -> [2011/11/23 13:14:00 | 000,000,350 | ---- | C] ()
 At3.job -> C:\Windows\tasks\At3.job -> [2011/11/23 13:13:59 | 000,000,352 | ---- | C] ()
 At2.job -> C:\Windows\tasks\At2.job -> [2011/11/23 13:13:56 | 000,000,350 | ---- | C] ()
 At1.job -> C:\Windows\tasks\At1.job -> [2011/11/22 03:47:04 | 000,000,376 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011/10/23 19:12:41 | 000,761,856 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011/10/23 19:12:41 | 000,135,168 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\KS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/09/19 03:19:55 | 000,005,632 | ---- | C] ()
 ss.ini -> C:\ProgramData\ss.ini -> [2011/09/01 17:36:31 | 000,001,492 | ---- | C] ()
 DSE2_DFT.dll -> C:\Windows\SysWow64\DSE2_DFT.dll -> [2011/08/18 00:59:42 | 004,874,240 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2011/08/15 04:55:24 | 000,000,000 | ---- | C] ()
 fusioncache.dat -> C:\Users\KS\AppData\Local\fusioncache.dat -> [2011/08/08 15:29:51 | 000,000,090 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/08/03 15:18:35 | 000,779,558 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/08/21 20:46:26 | 000,000,000 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2009/01/28 13:50:44 | 000,153,088 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 929 bytes -> C:\Users\KS\AppData\Local\Temp:KSkdYBhtxZ1wLQqf0FVZIdeBT7
< End of report >

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 04 December 2011 - 01:17 AM

Good Evening UnerringFangirl!

Quote

Thanks for understanding!

It looks like you maybe infected with an infection known as ZeroAccess.

Do you recognize this file?

C:\Users\KS\Desktop\Skyrim1.bmp

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
YY -> 832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe
YY -> 622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe
[Modules - No Company Name]
YY -> lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
YY -> 832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe
YY -> 622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{90eee664-34b1-422a-a782-779af65cdf6d}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> HKEY_CURRENT_USER\: "ProxyEnable" -> 1
YN -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:52404
< FireFox Settings [Prefs.js] > -> C:\Users\KS\AppData\Roaming\Mozilla\FireFox\Profiles\4ls7dpgo.default\prefs.js
YN -> network.proxy.http -> "127.0.0.1"
YN -> network.proxy.http_port -> 52404
YN -> network.proxy.type -> 1
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "622.exe" -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe [C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe]
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
YN -> \\"NoActiveDesktopChanges" -> [1]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Free YouTube Download -> [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm]
YN -> Free YouTube to MP3 Converter -> [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm]
YN -> Google Sidewiki... -> [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07]
YN -> {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26]
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YY -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> klartew -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Files/Folders - Created Within 30 Days]
NY ->  e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com
NY ->  83AE3 -> C:\Users\KS\AppData\Roaming\83AE3
NY ->  B8983 -> C:\Users\KS\AppData\Roaming\B8983
NY ->  AV Protection 2011 -> C:\Users\KS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
NY ->  {2EBBC7D6-9981-4455-8544-F886CD8F3760} -> C:\Users\KS\AppData\Local\{2EBBC7D6-9981-4455-8544-F886CD8F3760}
NY ->  {3D73CF15-D749-4CD8-97C9-37699EDF41F1} -> C:\Users\KS\AppData\Local\{3D73CF15-D749-4CD8-97C9-37699EDF41F1}
NY ->  {2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2} -> C:\Users\KS\AppData\Local\{2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2}
NY ->  {6714391A-4AF2-4EDF-81B2-D81ABF9E53CC} -> C:\Users\KS\AppData\Local\{6714391A-4AF2-4EDF-81B2-D81ABF9E53CC}
NY ->  {B4DC5987-E282-4E97-AC31-E6B18A4FE432} -> C:\Users\KS\AppData\Local\{B4DC5987-E282-4E97-AC31-E6B18A4FE432}
NY ->  {86F1A600-AA71-49F1-8324-64C6436D016C} -> C:\Users\KS\AppData\Local\{86F1A600-AA71-49F1-8324-64C6436D016C}
[Files/Folders - Modified Within 30 Days]
NY ->  e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com
NY ->  H8T73GY.dat -> C:\ProgramData\H8T73GY.dat
[Files - No Company Name]
NY ->  H8T73GY.dat -> C:\ProgramData\H8T73GY.dat
[Alternate Data Streams]
NY -> @Alternate Data Stream - 929 bytes -> C:\Users\KS\AppData\Local\Temp:KSkdYBhtxZ1wLQqf0FVZIdeBT7
[Custom Items]
:files
C:\Windows\tasks\At*.job
:end
[Purity]
[EmptyFlash]
[CreateRestorePoint]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

NEXT:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#5 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 04 December 2011 - 11:41 AM

Good morning, ST!

I do indeed recognize that file, it's a screenshot I took while playing TES:Skyrim and never got around to sorting into a proper folder. ( http://img685.imageshack.us/img685/961/skyrim1.png ) not sure why, but there's the image uploaded to imageshack if it helps at all (Don't think it will, but being safe).

Here is the code created from the OTS File that appeared on my Desktop after I ran the fix:

OTS logfile created on: 12/3/2011 7:41:04 AM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Users\KS\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 38.90 Gb Free Space | 28.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: UNERRINGPC
Current User Name: KS
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:03 | 000,646,144 | ---- | M] (OldTimer Tools)
lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
ascservice.exe -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
imfsrv.exe -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -> [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit)
bchelper.exe -> C:\Program Files (x86)\BrowserCompanion\BCHelper.exe -> [2011/08/08 09:15:46 | 000,182,576 | ---- | M] (Blabbers Communications LTD)
mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 12:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.)
updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer)
greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Modules - No Company Name]
lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
832fc.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
622.exe -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
sqlite3.dll -> C:\Program Files (x86)\BrowserCompanion\sqlite3.dll -> [2011/08/07 06:54:44 | 000,362,029 | ---- | M] ()
mswsock.dll -> \\.\globalroot\systemroot\syswow64\mswsock.dll -> [2009/07/13 20:15:51 | 000,232,448 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(ePowerSvc)  [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated)
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD)
64bit-(Updater Service)  [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer)
(Akamai) Akamai NetSession Interface [Auto | Running] -> c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -> [2011/11/17 20:24:37 | 003,313,752 | ---- | M] ()
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2011/11/14 18:04:51 | 003,767,240 | ---- | M] (INCA Internet Co., Ltd.)
(AdvancedSystemCareService5) Advanced SystemCare Service 5 [Auto | Running] -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -> [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit)
(IMFservice) IMF Service [Auto | Running] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -> [2011/10/08 17:34:24 | 000,820,568 | ---- | M] (IObit)
(Hamachi2Svc) LogMeIn Hamachi Tunneling Engine [Auto | Running] -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -> [2011/08/04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 12:18:54 | 000,311,592 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
 
[Driver Services - Safe List]
64bit-(dtsoftbus01) DAEMON Tools Virtual Bus Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | M] (DT Soft Ltd)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(SmartDefragDriver) SmartDefragDriver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\SmartDefragDriver.sys -> [2011/02/23 15:50:14 | 000,018,232 | ---- | M] ()
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.)
64bit-(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\L1C62x64.sys -> [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/16 06:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WSDPrint.sys -> [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\PxHlpa64.sys -> [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions)
64bit-(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Apfiltr.sys -> [2009/06/15 05:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices)
64bit-(ScreamBAudioSvc) ScreamBee Audio [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -> [2009/03/27 13:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC)
64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.)
64bit-(VCSVADHWSer) Avnex Virtual Audio Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vcsvad.sys -> [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex)
(FileMonitor) FileMonitor [File_System | Disabled | Stopped] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -> [2011/10/08 17:04:08 | 000,020,336 | ---- | M] ()
(UrlFilter) UrlFilter [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -> [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com)
(RegFilter) RegFilter [Kernel | On_Demand | Running] -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -> [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mystart.incredimail.com/mb59?u=92823160855208439 -> 
HKEY_CURRENT_USER\: Main\\"Start Page Restore" -> http://dragonnest.nexon.net/ -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: SearchURL\\"Default" -> http://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{90eee664-34b1-422a-a782-779af65cdf6d}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 1 -> 
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:52404 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\KS\AppData\Roaming\Mozilla\FireFox\Profiles\4ls7dpgo.default\prefs.js -> 
network.proxy.http -> "127.0.0.1" ->
network.proxy.http_port -> 52404 ->
network.proxy.type -> 1 ->
< FireFox Settings [User.js] > -> C:\Users\KS\AppData\Roaming\Mozilla\FireFox\Profiles\4ls7dpgo.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [C:\PROGRAM FILES (X86)\MSN TOOLBAR\PLATFORM\5.0.1449.0\FIREFOX] -> [2011/09/06 11:14:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502} -> C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\ [C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION\] -> [2011/09/07 02:01:10 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2011/11/11 00:51:28 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2011/11/20 02:08:03 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\KS\AppData\Roaming\mozilla\Extensions -> [2011/11/23 04:37:31 | 000,000,000 | ---D | M]
  -> C:\Users\KS\AppData\Roaming\mozilla\Firefox\Profiles\4ls7dpgo.default\extensions -> [2011/11/24 16:19:53 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2011/11/11 00:51:33 | 000,000,000 | ---D | M]
Skype Click to Call   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} -> [2011/10/08 11:03:50 | 000,000,000 | ---D | M]
Hosts file not found -> -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00cbb66b-1d3b-46d3-9577-323a336acb50} [HKLM] -> C:\Program Files (x86)\BrowserCompanion\jsloader.dll [Browser Companion Helper] -> [2011/07/21 05:10:40 | 000,225,584 | ---- | M] ( )
{963B125B-8B21-49A2-A3A8-E37092276531} [HKLM] -> C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll [Browser Companion Helper Verifier] -> [2011/07/21 05:10:54 | 000,141,104 | ---- | M] ( )
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [Bing Bar BHO] -> [2010/04/27 15:39:36 | 000,550,744 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100] -> [2010/04/27 15:39:36 | 000,550,744 | ---- | M] (Microsoft Corporation)
"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/05 23:30:58 | 000,828,960 | ---- | M] (Acer Incorporated)
"mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 12:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/28 08:14:20 | 007,982,112 | ---- | M] (Realtek Semiconductor)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Browser companion helper" -> C:\Program Files (x86)\BrowserCompanion\BCHelper.exe [C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3] -> [2011/08/08 09:15:46 | 000,182,576 | ---- | M] (Blabbers Communications LTD)
"IObit Malware Fighter" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe ["C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart] -> [2011/10/08 17:34:22 | 004,441,944 | ---- | M] (IObit)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"622.exe" -> C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe [C:\Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe] -> [2011/12/01 16:16:50 | 000,284,160 | ---- | M] ()
"Advanced SystemCare 5" -> C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe ["C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart] -> [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit)
< 64bit-WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
64bit-*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
*MultiFile Done* -> -> 
< WinNT Load [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
*load* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load -> 
C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> C:\Users\KS\AppData\Roaming\83AE3\lvvm.exe -> [2011/12/01 17:59:40 | 000,189,440 | ---- | M] ()
*MultiFile Done* -> -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
\\"HideSCAHealth" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Free YouTube Download ->  [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm] -> File not found
Free YouTube to MP3 Converter ->  [C:\Users\KS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm] -> File not found
Google Sidewiki... ->  [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2011/09/21 08:36:02 | 003,853,984 | ---- | M] (Skype Technologies S.A.)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4814 domain(s) found. -> 
clonewarsadventures.com .[*] -> Trusted sites -> 
freerealms.com .[*] -> Trusted sites -> 
soe.com .[*] -> Trusted sites -> 
sony.com .[*] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab [Java Plug-in 1.6.0_26] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{25B43BE2-156C-41BE-82C5-21FD7D02B0DA}\\DhcpNameServer -> 143.88.8.100 143.88.8.101   (Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)) -> 
{AA02F30D-1924-4DAE-AACC-A30072CA068D}\\DhcpNameServer -> 192.168.1.1   (Atheros AR5B93 Wireless Network Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 20:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
userinit.exe -> C:\Windows\SysWow64\userinit.exe -> [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> C:\Users\KS\AppData\Roaming\B8983\832FC.exe -> [2011/12/01 17:59:00 | 000,172,032 | ---- | M] ()
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
klartew -> C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll -> [2011/11/29 17:45:51 | 000,011,264 | ---- | M] ()
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{06EBF9FB-5866-4B26-9B70-2CDC793C5690} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{0E0E447F-892C-46F7-AB23-824C266257C5} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{192489A9-CDD8-4153-A9A7-83448670E9B6} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{6829750B-E963-4C52-9F59-A8F74D5B5730} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{858319DB-E1A9-4667-AB9F-0424BEE8FB84} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{B8A71CAB-394C-48AF-94D6-42F7693F7EA3} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{BA04D7B7-D67E-497A-A0C0-B6CE79DF1D03} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{BD645CF1-AF28-4EE6-8A50-51DE28C564D6} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{C62DE62D-E4A2-4CB9-9E4E-AFEE95A9B730} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{E32065B6-7EEC-4C00-AB67-52671B157E94} -> lport=808 | protocol=6 | dir=in | action=allow | name=@c:\windows\microsoft.net\framework64\v4.0.30319\\servicemodelevents.dll,-2000 | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | svc=nettcpactivator | 
{E90B1C92-F8FB-46D5-8A86-0FE847515362} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{FA3A0EBE-1403-4626-AC79-112C80283E17} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{00D49416-52AC-4542-9A65-6F025E6E4B45} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{012A94B9-5DC4-497D-A493-D250F107FC90} -> profile=private | protocol=17 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | 
{151A96DE-291D-4BA1-B415-40388E87868C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{172844EB-A516-47A0-A790-28CC228C6495} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{1D4C47E7-4BD5-48B1-A57E-101A37276B66} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{28D196AB-7C2D-4A17-8FDF-CDE2F1DF8009} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{2976E300-F7C0-48F7-A792-61D6A9CE3A17} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{2A5BF73D-A994-4A5D-A234-018D16972E50} -> profile=domain | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{2EBE566A-3E75-4EFF-913D-E988AE7F455E} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{31BF55BC-4FFD-4884-8A9B-4611D4118392} -> protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{393F48A2-D596-46C3-9D0A-0AF21AD0CBDC} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{3B446CDF-A1B0-496E-8310-DF3331CD407C} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
{41AE4D63-4DB8-4A05-B98C-A709F2715BC7} -> profile=public | protocol=17 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{47CF0354-EFB7-4BAD-8AEE-B3A0D8D98051} -> profile=public | protocol=17 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
{4C8CD7AA-5008-4302-9DB5-CFB49F783C5F} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{635CFCC9-133E-4699-94A0-82EEE0230D7E} -> dir=out | action=block | name=voicemorph | app=%programfiles% (x86)\av vcs 7.0 diamond\vcscore.exe | 
{65771DDD-0B2B-43BD-8054-AAE42D8EB84F} -> profile=domain | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{67882914-383D-4941-87F0-00DA732ADCF7} -> dir=in | action=allow | name=acer arcade deluxe | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
{7AB3FA7F-DFA6-4DAE-B068-6C939ECBE0D3} -> dir=in | action=allow | name=acer play movie resident program | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
{7CD82FB5-7FEE-42AF-8778-2AF6881409D3} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{7F9BF6C1-87C1-4E49-8545-1CA7813AF92C} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{826F980C-29A9-439D-AD43-13406704ED12} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{8331ECE7-351D-4FBE-A6D5-8517AD46C62D} -> profile=public | protocol=6 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{83A3728A-EC70-43E0-89B3-5008E0452F69} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
{884E7AF8-DAF8-4BA4-962A-E90B75725176} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{88BFE2C3-C328-4B06-A0EC-152E03348F57} -> profile=public | protocol=17 | dir=in | action=block | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
{8936C921-7B2B-4829-BFC4-9194BD6F426A} -> profile=public | protocol=17 | dir=in | action=block | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
{8A136641-B8B4-4C74-BA5E-3C147E1C361D} -> profile=public | protocol=6 | dir=in | action=block | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
{9388070E-4A77-4FB4-9011-16F4515C5EEB} -> profile=private | protocol=6 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{95611BA9-2CA4-4B60-A4B1-6C16CF1AF56D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{95FE41E7-4F68-40F7-A752-9EE61531DEB9} -> profile=private | protocol=17 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{A19B6CFE-0D6C-49D3-8362-E7C2FAB89349} -> profile=public | protocol=6 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
{AA690D43-98D5-4401-8B2B-6127F00B4E84} -> profile=public | protocol=17 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
{AD27C6F4-9994-4C03-8A0B-A4135792345B} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{B1816B0E-F3F4-4A30-BA57-893C579F0416} -> profile=public | protocol=17 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
{B23CEE74-8D84-4121-9213-C91B944739FE} -> profile=public | protocol=17 | dir=in | action=allow | name=nexon game manager | app=c:\programdata\nexonus\ngm\ngm.exe | 
{BC308456-99F8-4F8A-AF60-1F4A62536846} -> dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{CCD77D5B-DABA-43E6-A993-33295C56E323} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{D214E35D-2973-4586-BF7B-56B9600516D7} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D2423D9D-09F2-4098-8C2B-6C9EA58991C9} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{D9927512-7BDE-45BE-AD6F-D8EEC3FEA838} -> profile=private | protocol=6 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
{DA6D6252-992B-4BBE-AADD-6BBD4A5711D5} -> profile=private | protocol=6 | dir=in | action=allow | name=opera internet browser | app=c:\program files (x86)\opera\opera.exe | 
{DE018E67-F20F-4C82-BED7-5E1C5C6B40F8} -> dir=in | action=allow | name=acer homemedia | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
{DF318281-100E-492C-978F-EE976922EB88} -> protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | 
{E1F685F4-C9C7-46F8-85B1-89A9E22B8705} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{E61B4D61-FEE7-4076-94A4-2383DF4DF441} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
{E98460D2-B7C8-4E7A-933A-991BCDD33010} -> dir=in | action=allow | name=acer play movie | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
{EFA45400-286D-4EB3-80A7-CDCC0DDDB9FB} -> profile=public | protocol=6 | dir=in | action=block | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
{F055B670-78B9-4C70-BCF0-264B24239590} -> profile=public | protocol=6 | dir=in | action=block | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
{F2D00EEE-6C58-47DB-9875-904FC581D84D} -> profile=public | protocol=6 | dir=in | action=allow | name=lunia | app=c:\program files (x86)\blastshark\lunia\blastshark.exe | 
{F4AB3727-A6E3-44B1-A0F6-971923FCD775} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{F5727B86-7898-432A-B384-54AAE912039E} -> profile=public | protocol=6 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
{FCCCC01E-AF19-4584-B6CF-8180E77BFFE0} -> profile=private | protocol=17 | dir=in | action=allow | name=pando media booster | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
TCP Query User{645DA46F-3B3D-4FCB-9FFE-7E5B5E0F0C1C}C:\users\ks\desktop\common\touhou12.3\th123.exe -> profile=private | protocol=6 | dir=in | action=allow | name=th123.exe | app=c:\users\ks\desktop\common\touhou12.3\th123.exe | 
TCP Query User{ABBC2C42-D175-4271-A792-5274C90F6451}C:\program files (x86)\byond\bin\byond.exe -> profile=private | protocol=6 | dir=in | action=allow | name=byond | app=c:\program files (x86)\byond\bin\byond.exe | 
TCP Query User{AFCD504F-B035-48AB-8917-4752B4B1AD3A}C:\users\ks\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=6 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
TCP Query User{B5A8280E-A126-4BD3-9E49-0F208EEC5567}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe -> profile=private | protocol=6 | dir=in | action=allow | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
TCP Query User{EF680736-F399-4BA2-8F84-90428F7E2CA5}C:\windows\syswow64\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
UDP Query User{289F3AE6-DA0E-41CC-9944-6235CDD34497}C:\users\ks\desktop\common\touhou12.3\th123.exe -> profile=private | protocol=17 | dir=in | action=allow | name=th123.exe | app=c:\users\ks\desktop\common\touhou12.3\th123.exe | 
UDP Query User{38528EB0-CAD0-4E8B-A99E-B3C7F980379A}C:\users\ks\appdata\local\akamai\netsession_win.exe -> profile=private | protocol=17 | dir=in | action=allow | name=netsession_win.exe | app=c:\users\ks\appdata\local\akamai\netsession_win.exe | 
UDP Query User{84809ABC-1E71-4CC4-9613-BDB40D7B4221}C:\windows\syswow64\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\windows\syswow64\javaw.exe | 
UDP Query User{9B959446-6367-4082-88A2-4F3BB16037D0}C:\program files (x86)\byond\bin\byond.exe -> profile=private | protocol=17 | dir=in | action=allow | name=byond | app=c:\program files (x86)\byond\bin\byond.exe | 
UDP Query User{CC582387-949E-491C-8978-261035DCE2BC}C:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe -> profile=private | protocol=17 | dir=in | action=allow | name=gonline | app=c:\program files (x86)\ogplanet\sd gundam capsule fighter\gonline.exe | 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\AutoRun\command
\{0282c3c0-fdf7-11e0-98a9-002622832fc6}\shell\AutoRun\command\\"" ->  [E:\LaunchU3.exe -a] -> File not found
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\AutoRun\command
\{bf63d0ef-15b3-11e1-b4e8-002622832fc6}\shell\AutoRun\command\\"" ->  [E:\INSTALL.EXE] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:01 | 000,646,144 | ---- | C] (OldTimer Tools)
 3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z -> [2011/12/01 09:59:01 | 000,000,000 | ---D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2011/12/01 09:56:24 | 000,000,000 | ---D | C]
 Advanced SystemCare 5 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 -> [2011/12/01 08:20:56 | 000,000,000 | ---D | C]
 Shadowrun Campaign -> C:\Users\KS\Desktop\Shadowrun Campaign -> [2011/12/01 07:52:16 | 000,000,000 | ---D | C]
 Unlocker -> C:\Program Files (x86)\Unlocker -> [2011/11/27 00:41:01 | 000,000,000 | ---D | C]
 GameMon.des -> C:\Windows\SysWow64\GameMon.des -> [2011/11/26 23:42:54 | 003,767,240 | ---- | C] (INCA Internet Co., Ltd.)
 INCA Shared -> C:\Program Files\Common Files\INCA Shared -> [2011/11/26 23:42:17 | 000,000,000 | ---D | C]
 SD GUNDAM Online -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD GUNDAM Online -> [2011/11/26 00:17:07 | 000,000,000 | ---D | C]
 Skyrim -> C:\Users\KS\AppData\Local\Skyrim -> [2011/11/25 23:06:05 | 000,000,000 | ---D | C]
 Opera -> C:\Users\KS\AppData\Roaming\Opera -> [2011/11/25 22:44:45 | 000,000,000 | ---D | C]
 Razor 1911 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 -> [2011/11/25 22:32:32 | 000,000,000 | ---D | C]
 XAudio2_6.dll -> C:\Windows\SysNative\XAudio2_6.dll -> [2011/11/25 22:32:13 | 000,530,776 | ---- | C] (Microsoft Corporation)
 XAudio2_6.dll -> C:\Windows\SysWow64\XAudio2_6.dll -> [2011/11/25 22:32:13 | 000,528,216 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysWow64\xactengine3_6.dll -> [2011/11/25 22:32:13 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_6.dll -> C:\Windows\SysNative\xactengine3_6.dll -> [2011/11/25 22:32:13 | 000,176,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysNative\XAPOFX1_4.dll -> [2011/11/25 22:32:13 | 000,078,680 | ---- | C] (Microsoft Corporation)
 XAPOFX1_4.dll -> C:\Windows\SysWow64\XAPOFX1_4.dll -> [2011/11/25 22:32:13 | 000,074,072 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysNative\X3DAudio1_7.dll -> [2011/11/25 22:32:12 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_7.dll -> C:\Windows\SysWow64\X3DAudio1_7.dll -> [2011/11/25 22:32:12 | 000,022,360 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysNative\XAudio2_5.dll -> [2011/11/25 22:32:11 | 000,517,960 | ---- | C] (Microsoft Corporation)
 XAudio2_5.dll -> C:\Windows\SysWow64\XAudio2_5.dll -> [2011/11/25 22:32:11 | 000,515,416 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysWow64\xactengine3_5.dll -> [2011/11/25 22:32:10 | 000,238,936 | ---- | C] (Microsoft Corporation)
 xactengine3_5.dll -> C:\Windows\SysNative\xactengine3_5.dll -> [2011/11/25 22:32:10 | 000,176,968 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysNative\D3DCompiler_42.dll -> [2011/11/25 22:32:08 | 002,582,888 | ---- | C] (Microsoft Corporation)
 D3DCompiler_42.dll -> C:\Windows\SysWow64\D3DCompiler_42.dll -> [2011/11/25 22:32:08 | 001,974,616 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysNative\d3dcsx_42.dll -> [2011/11/25 22:32:05 | 005,554,512 | ---- | C] (Microsoft Corporation)
 d3dcsx_42.dll -> C:\Windows\SysWow64\d3dcsx_42.dll -> [2011/11/25 22:32:05 | 005,501,792 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysNative\d3dx11_42.dll -> [2011/11/25 22:32:04 | 000,285,024 | ---- | C] (Microsoft Corporation)
 d3dx11_42.dll -> C:\Windows\SysWow64\d3dx11_42.dll -> [2011/11/25 22:32:04 | 000,235,344 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysNative\d3dx10_42.dll -> [2011/11/25 22:32:03 | 000,523,088 | ---- | C] (Microsoft Corporation)
 d3dx10_42.dll -> C:\Windows\SysWow64\d3dx10_42.dll -> [2011/11/25 22:32:03 | 000,453,456 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysNative\D3DX9_42.dll -> [2011/11/25 22:32:01 | 002,475,352 | ---- | C] (Microsoft Corporation)
 D3DX9_42.dll -> C:\Windows\SysWow64\D3DX9_42.dll -> [2011/11/25 22:32:01 | 001,892,184 | ---- | C] (Microsoft Corporation)
 D3DCompiler_41.dll -> C:\Windows\SysNative\D3DCompiler_41.dll -> [2011/11/25 22:31:59 | 002,430,312 | ---- | C] (Microsoft Corporation)
 d3dx10_41.dll -> C:\Windows\SysNative\d3dx10_41.dll -> [2011/11/25 22:31:59 | 000,520,544 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysNative\D3DX9_41.dll -> [2011/11/25 22:31:55 | 005,425,496 | ---- | C] (Microsoft Corporation)
 D3DX9_41.dll -> C:\Windows\SysWow64\D3DX9_41.dll -> [2011/11/25 22:31:55 | 004,178,264 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysNative\XAudio2_4.dll -> [2011/11/25 22:31:53 | 000,521,560 | ---- | C] (Microsoft Corporation)
 XAudio2_4.dll -> C:\Windows\SysWow64\XAudio2_4.dll -> [2011/11/25 22:31:53 | 000,517,448 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysNative\XAPOFX1_3.dll -> [2011/11/25 22:31:53 | 000,073,544 | ---- | C] (Microsoft Corporation)
 XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2011/11/25 22:31:53 | 000,069,464 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysWow64\xactengine3_4.dll -> [2011/11/25 22:31:52 | 000,235,352 | ---- | C] (Microsoft Corporation)
 xactengine3_4.dll -> C:\Windows\SysNative\xactengine3_4.dll -> [2011/11/25 22:31:52 | 000,174,936 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysNative\X3DAudio1_6.dll -> [2011/11/25 22:31:52 | 000,024,920 | ---- | C] (Microsoft Corporation)
 X3DAudio1_6.dll -> C:\Windows\SysWow64\X3DAudio1_6.dll -> [2011/11/25 22:31:52 | 000,022,360 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysNative\D3DCompiler_40.dll -> [2011/11/25 22:31:49 | 002,605,920 | ---- | C] (Microsoft Corporation)
 D3DCompiler_40.dll -> C:\Windows\SysWow64\D3DCompiler_40.dll -> [2011/11/25 22:31:49 | 002,036,576 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysNative\d3dx10_40.dll -> [2011/11/25 22:31:49 | 000,519,000 | ---- | C] (Microsoft Corporation)
 d3dx10_40.dll -> C:\Windows\SysWow64\d3dx10_40.dll -> [2011/11/25 22:31:49 | 000,452,440 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysNative\D3DX9_40.dll -> [2011/11/25 22:31:45 | 005,631,312 | ---- | C] (Microsoft Corporation)
 D3DX9_40.dll -> C:\Windows\SysWow64\D3DX9_40.dll -> [2011/11/25 22:31:45 | 004,379,984 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysNative\XAPOFX1_2.dll -> [2011/11/25 22:31:44 | 000,074,576 | ---- | C] (Microsoft Corporation)
 XAPOFX1_2.dll -> C:\Windows\SysWow64\XAPOFX1_2.dll -> [2011/11/25 22:31:44 | 000,070,992 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysNative\XAudio2_3.dll -> [2011/11/25 22:31:43 | 000,518,480 | ---- | C] (Microsoft Corporation)
 XAudio2_3.dll -> C:\Windows\SysWow64\XAudio2_3.dll -> [2011/11/25 22:31:43 | 000,514,384 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysWow64\xactengine3_3.dll -> [2011/11/25 22:31:43 | 000,235,856 | ---- | C] (Microsoft Corporation)
 xactengine3_3.dll -> C:\Windows\SysNative\xactengine3_3.dll -> [2011/11/25 22:31:43 | 000,175,440 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysNative\X3DAudio1_5.dll -> [2011/11/25 22:31:43 | 000,025,936 | ---- | C] (Microsoft Corporation)
 X3DAudio1_5.dll -> C:\Windows\SysWow64\X3DAudio1_5.dll -> [2011/11/25 22:31:43 | 000,023,376 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysNative\XAudio2_2.dll -> [2011/11/25 22:31:42 | 000,513,544 | ---- | C] (Microsoft Corporation)
 XAudio2_2.dll -> C:\Windows\SysWow64\XAudio2_2.dll -> [2011/11/25 22:31:42 | 000,509,448 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysNative\XAPOFX1_1.dll -> [2011/11/25 22:31:42 | 000,072,200 | ---- | C] (Microsoft Corporation)
 XAPOFX1_1.dll -> C:\Windows\SysWow64\XAPOFX1_1.dll -> [2011/11/25 22:31:42 | 000,068,616 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysWow64\xactengine3_2.dll -> [2011/11/25 22:31:41 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_2.dll -> C:\Windows\SysNative\xactengine3_2.dll -> [2011/11/25 22:31:41 | 000,177,672 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysNative\D3DCompiler_39.dll -> [2011/11/25 22:31:39 | 001,942,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2011/11/25 22:31:39 | 001,493,528 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysNative\d3dx10_39.dll -> [2011/11/25 22:31:39 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2011/11/25 22:31:39 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysNative\D3DX9_39.dll -> [2011/11/25 22:31:36 | 004,992,520 | ---- | C] (Microsoft Corporation)
 D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2011/11/25 22:31:36 | 003,851,784 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysNative\XAudio2_1.dll -> [2011/11/25 22:31:34 | 000,511,496 | ---- | C] (Microsoft Corporation)
 XAudio2_1.dll -> C:\Windows\SysWow64\XAudio2_1.dll -> [2011/11/25 22:31:34 | 000,507,400 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysNative\XAPOFX1_0.dll -> [2011/11/25 22:31:34 | 000,068,104 | ---- | C] (Microsoft Corporation)
 XAPOFX1_0.dll -> C:\Windows\SysWow64\XAPOFX1_0.dll -> [2011/11/25 22:31:34 | 000,065,032 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysWow64\xactengine3_1.dll -> [2011/11/25 22:31:32 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_1.dll -> C:\Windows\SysNative\xactengine3_1.dll -> [2011/11/25 22:31:32 | 000,177,672 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysNative\X3DAudio1_4.dll -> [2011/11/25 22:31:32 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_4.dll -> C:\Windows\SysWow64\X3DAudio1_4.dll -> [2011/11/25 22:31:32 | 000,025,608 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysNative\D3DCompiler_38.dll -> [2011/11/25 22:31:30 | 001,941,528 | ---- | C] (Microsoft Corporation)
 D3DCompiler_38.dll -> C:\Windows\SysWow64\D3DCompiler_38.dll -> [2011/11/25 22:31:30 | 001,491,992 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysNative\d3dx10_38.dll -> [2011/11/25 22:31:30 | 000,540,688 | ---- | C] (Microsoft Corporation)
 d3dx10_38.dll -> C:\Windows\SysWow64\d3dx10_38.dll -> [2011/11/25 22:31:30 | 000,467,984 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysNative\D3DX9_38.dll -> [2011/11/25 22:31:26 | 004,991,496 | ---- | C] (Microsoft Corporation)
 D3DX9_38.dll -> C:\Windows\SysWow64\D3DX9_38.dll -> [2011/11/25 22:31:26 | 003,850,760 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysNative\XAudio2_0.dll -> [2011/11/25 22:31:25 | 000,489,480 | ---- | C] (Microsoft Corporation)
 XAudio2_0.dll -> C:\Windows\SysWow64\XAudio2_0.dll -> [2011/11/25 22:31:25 | 000,479,752 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysWow64\xactengine3_0.dll -> [2011/11/25 22:31:25 | 000,238,088 | ---- | C] (Microsoft Corporation)
 xactengine3_0.dll -> C:\Windows\SysNative\xactengine3_0.dll -> [2011/11/25 22:31:25 | 000,177,672 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysNative\X3DAudio1_3.dll -> [2011/11/25 22:31:24 | 000,028,168 | ---- | C] (Microsoft Corporation)
 X3DAudio1_3.dll -> C:\Windows\SysWow64\X3DAudio1_3.dll -> [2011/11/25 22:31:24 | 000,025,608 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysNative\D3DCompiler_37.dll -> [2011/11/25 22:31:22 | 001,860,120 | ---- | C] (Microsoft Corporation)
 D3DCompiler_37.dll -> C:\Windows\SysWow64\D3DCompiler_37.dll -> [2011/11/25 22:31:22 | 001,420,824 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysNative\d3dx10_37.dll -> [2011/11/25 22:31:22 | 000,529,424 | ---- | C] (Microsoft Corporation)
 d3dx10_37.dll -> C:\Windows\SysWow64\d3dx10_37.dll -> [2011/11/25 22:31:22 | 000,462,864 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysNative\D3DX9_37.dll -> [2011/11/25 22:31:20 | 004,910,088 | ---- | C] (Microsoft Corporation)
 D3DX9_37.dll -> C:\Windows\SysWow64\D3DX9_37.dll -> [2011/11/25 22:31:20 | 003,786,760 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysNative\xactengine2_10.dll -> [2011/11/25 22:31:19 | 000,411,656 | ---- | C] (Microsoft Corporation)
 xactengine2_10.dll -> C:\Windows\SysWow64\xactengine2_10.dll -> [2011/11/25 22:31:19 | 000,267,272 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysNative\D3DCompiler_36.dll -> [2011/11/25 22:31:17 | 002,006,552 | ---- | C] (Microsoft Corporation)
 D3DCompiler_36.dll -> C:\Windows\SysWow64\D3DCompiler_36.dll -> [2011/11/25 22:31:17 | 001,374,232 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysNative\d3dx10_36.dll -> [2011/11/25 22:31:17 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_36.dll -> C:\Windows\SysWow64\d3dx10_36.dll -> [2011/11/25 22:31:17 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysNative\d3dx9_36.dll -> [2011/11/25 22:31:14 | 005,081,608 | ---- | C] (Microsoft Corporation)
 d3dx9_36.dll -> C:\Windows\SysWow64\d3dx9_36.dll -> [2011/11/25 22:31:14 | 003,734,536 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysNative\xactengine2_9.dll -> [2011/11/25 22:31:13 | 000,411,496 | ---- | C] (Microsoft Corporation)
 xactengine2_9.dll -> C:\Windows\SysWow64\xactengine2_9.dll -> [2011/11/25 22:31:13 | 000,267,112 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysNative\D3DCompiler_35.dll -> [2011/11/25 22:31:11 | 001,985,904 | ---- | C] (Microsoft Corporation)
 D3DCompiler_35.dll -> C:\Windows\SysWow64\D3DCompiler_35.dll -> [2011/11/25 22:31:11 | 001,358,192 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysNative\d3dx10_35.dll -> [2011/11/25 22:31:11 | 000,508,264 | ---- | C] (Microsoft Corporation)
 d3dx10_35.dll -> C:\Windows\SysWow64\d3dx10_35.dll -> [2011/11/25 22:31:11 | 000,444,776 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysNative\d3dx9_35.dll -> [2011/11/25 22:31:06 | 005,073,256 | ---- | C] (Microsoft Corporation)
 d3dx9_35.dll -> C:\Windows\SysWow64\d3dx9_35.dll -> [2011/11/25 22:31:06 | 003,727,720 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2011/11/25 22:31:04 | 000,409,960 | ---- | C] (Microsoft Corporation)
 xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2011/11/25 22:31:04 | 000,266,088 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysNative\X3DAudio1_2.dll -> [2011/11/25 22:31:04 | 000,021,000 | ---- | C] (Microsoft Corporation)
 X3DAudio1_2.dll -> C:\Windows\SysWow64\X3DAudio1_2.dll -> [2011/11/25 22:31:04 | 000,017,928 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2011/11/25 22:31:02 | 001,401,200 | ---- | C] (Microsoft Corporation)
 D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2011/11/25 22:31:02 | 001,124,720 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2011/11/25 22:31:02 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2011/11/25 22:31:02 | 000,443,752 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2011/11/25 22:31:00 | 004,496,232 | ---- | C] (Microsoft Corporation)
 d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2011/11/25 22:31:00 | 003,497,832 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2011/11/25 22:30:59 | 000,107,368 | ---- | C] (Microsoft Corporation)
 xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2011/11/25 22:30:59 | 000,081,768 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2011/11/25 22:30:56 | 000,403,304 | ---- | C] (Microsoft Corporation)
 xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2011/11/25 22:30:56 | 000,261,480 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2011/11/25 22:30:54 | 001,400,176 | ---- | C] (Microsoft Corporation)
 D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2011/11/25 22:30:54 | 001,123,696 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2011/11/25 22:30:54 | 000,506,728 | ---- | C] (Microsoft Corporation)
 d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2011/11/25 22:30:54 | 000,443,752 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2011/11/25 22:30:49 | 004,494,184 | ---- | C] (Microsoft Corporation)
 d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2011/11/25 22:30:49 | 003,495,784 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2011/11/25 22:30:48 | 000,393,576 | ---- | C] (Microsoft Corporation)
 xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2011/11/25 22:30:48 | 000,255,848 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2011/11/25 22:30:45 | 000,390,424 | ---- | C] (Microsoft Corporation)
 xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2011/11/25 22:30:45 | 000,251,672 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2011/11/25 22:30:40 | 000,469,264 | ---- | C] (Microsoft Corporation)
 d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2011/11/25 22:30:40 | 000,440,080 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysNative\d3dx9_32.dll -> [2011/11/25 22:30:36 | 004,398,360 | ---- | C] (Microsoft Corporation)
 d3dx9_32.dll -> C:\Windows\SysWow64\d3dx9_32.dll -> [2011/11/25 22:30:36 | 003,426,072 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2011/11/25 22:30:34 | 000,364,824 | ---- | C] (Microsoft Corporation)
 xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2011/11/25 22:30:34 | 000,237,848 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2011/11/25 22:30:34 | 000,017,688 | ---- | C] (Microsoft Corporation)
 x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2011/11/25 22:30:34 | 000,015,128 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2011/11/25 22:30:32 | 003,977,496 | ---- | C] (Microsoft Corporation)
 d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2011/11/25 22:30:32 | 002,414,360 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2011/11/25 22:30:31 | 000,363,288 | ---- | C] (Microsoft Corporation)
 xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2011/11/25 22:30:31 | 000,236,824 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2011/11/25 22:30:30 | 000,083,736 | ---- | C] (Microsoft Corporation)
 xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2011/11/25 22:30:30 | 000,062,744 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2011/11/25 22:30:28 | 000,354,072 | ---- | C] (Microsoft Corporation)
 xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2011/11/25 22:30:28 | 000,230,168 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2011/11/25 22:30:28 | 000,083,664 | ---- | C] (Microsoft Corporation)
 xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2011/11/25 22:30:28 | 000,062,672 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2011/11/25 22:30:27 | 000,352,464 | ---- | C] (Microsoft Corporation)
 xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2011/11/25 22:30:27 | 000,229,584 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2011/11/25 22:30:11 | 003,927,248 | ---- | C] (Microsoft Corporation)
 d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2011/11/25 22:30:11 | 002,388,176 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2011/11/25 22:30:09 | 000,355,536 | ---- | C] (Microsoft Corporation)
 xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2011/11/25 22:30:09 | 000,230,096 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2011/11/25 22:30:09 | 000,016,592 | ---- | C] (Microsoft Corporation)
 x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2011/11/25 22:30:09 | 000,014,032 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2011/11/25 22:30:07 | 003,830,992 | ---- | C] (Microsoft Corporation)
 d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2011/11/25 22:30:07 | 002,332,368 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2011/11/25 22:30:04 | 003,815,120 | ---- | C] (Microsoft Corporation)
 d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2011/11/25 22:30:04 | 002,323,664 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2011/11/25 22:30:03 | 003,807,440 | ---- | C] (Microsoft Corporation)
 d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2011/11/25 22:30:03 | 002,319,568 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2011/11/25 22:30:00 | 003,767,504 | ---- | C] (Microsoft Corporation)
 d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2011/11/25 22:30:00 | 002,297,552 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2011/11/25 22:29:54 | 003,823,312 | ---- | C] (Microsoft Corporation)
 d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2011/11/25 22:29:54 | 002,337,488 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2011/11/25 22:29:50 | 003,544,272 | ---- | C] (Microsoft Corporation)
 d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2011/11/25 22:29:50 | 002,222,800 | ---- | C] (Microsoft Corporation)
 The Elder Scrolls V Skyrim -> C:\Program Files (x86)\The Elder Scrolls V Skyrim -> [2011/11/25 22:16:02 | 000,000,000 | ---D | C]
 dtsoftbus01.sys -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | C] (DT Soft Ltd)
 DAEMON Tools Lite -> C:\Program Files (x86)\DAEMON Tools Lite -> [2011/11/25 21:41:51 | 000,000,000 | ---D | C]
 DAEMON Tools Lite -> C:\Users\KS\AppData\Roaming\DAEMON Tools Lite -> [2011/11/25 21:41:34 | 000,000,000 | ---D | C]
 XSplit -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit -> [2011/11/25 21:01:00 | 000,000,000 | ---D | C]
 SplitMediaLabs -> C:\Program Files (x86)\SplitMediaLabs -> [2011/11/25 21:01:00 | 000,000,000 | ---D | C]
 SplitMediaLabs -> C:\Users\KS\AppData\Roaming\SplitMediaLabs -> [2011/11/25 20:59:58 | 000,000,000 | ---D | C]
 Config.Msi -> C:\Config.Msi -> [2011/11/25 20:11:41 | 000,000,000 | -HSD | C]
 uTorrent -> C:\Users\KS\AppData\Roaming\uTorrent -> [2011/11/24 20:27:19 | 000,000,000 | ---D | C]
 MPG4c32.dll -> C:\Windows\SysWow64\MPG4c32.dll -> [2011/11/24 16:26:43 | 000,413,760 | ---- | C] (Microsoft Corporation)
 mpg4ds32.ax -> C:\Windows\SysWow64\mpg4ds32.ax -> [2011/11/24 16:26:43 | 000,262,144 | ---- | C] (Microsoft Corporation)
 SourceTec -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec -> [2011/11/24 16:26:43 | 000,000,000 | ---D | C]
 SourceTec -> C:\Program Files (x86)\SourceTec -> [2011/11/24 16:19:39 | 000,000,000 | ---D | C]
 Media Player Classic -> C:\Users\KS\AppData\Roaming\Media Player Classic -> [2011/11/24 15:28:00 | 000,000,000 | ---D | C]
 Audacity -> C:\Users\KS\AppData\Roaming\Audacity -> [2011/11/24 15:22:50 | 000,000,000 | ---D | C]
 SYSTEMAX Software Development -> C:\Users\KS\AppData\Roaming\SYSTEMAX Software Development -> [2011/11/23 23:19:49 | 000,000,000 | ---D | C]
 Acer -> C:\Users\KS\AppData\Roaming\Acer -> [2011/11/23 18:45:03 | 000,000,000 | ---D | C]
 e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com -> [2011/11/23 13:13:55 | 000,032,256 | ---- | C] (TWX Corp.)
 Mozilla -> C:\Users\KS\AppData\Roaming\Mozilla -> [2011/11/23 04:33:06 | 000,000,000 | ---D | C]
 WinRAR -> C:\Users\KS\AppData\Roaming\WinRAR -> [2011/11/23 04:10:00 | 000,000,000 | ---D | C]
 IObit -> C:\Users\KS\AppData\Roaming\IObit -> [2011/11/23 04:09:52 | 000,000,000 | ---D | C]
 Macromedia -> C:\Users\KS\AppData\Roaming\Macromedia -> [2011/11/23 04:08:00 | 000,000,000 | ---D | C]
 Adobe -> C:\Users\KS\AppData\Roaming\Adobe -> [2011/11/23 04:07:56 | 000,000,000 | ---D | C]
 IObit Malware Fighter -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter -> [2011/11/22 10:42:49 | 000,000,000 | ---D | C]
 LP -> C:\Program Files (x86)\LP -> [2011/11/22 03:47:02 | 000,000,000 | ---D | C]
 83AE3 -> C:\Users\KS\AppData\Roaming\83AE3 -> [2011/11/22 03:21:25 | 000,000,000 | ---D | C]
 B8983 -> C:\Users\KS\AppData\Roaming\B8983 -> [2011/11/22 03:20:47 | 000,000,000 | ---D | C]
 AV Protection 2011 -> C:\Users\KS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011 -> [2011/11/22 03:20:38 | 000,000,000 | ---D | C]
 system64 -> C:\Windows\system64 -> [2011/11/22 03:19:49 | 000,000,000 | ---D | C]
 The_Elder_Scrolls_V_Skyrim-Razor1911 -> C:\Users\KS\Desktop\The_Elder_Scrolls_V_Skyrim-Razor1911 -> [2011/11/21 21:20:15 | 000,000,000 | ---D | C]
 .maptool -> C:\Users\KS\.maptool -> [2011/11/19 14:40:13 | 000,000,000 | ---D | C]
 {2EBBC7D6-9981-4455-8544-F886CD8F3760} -> C:\Users\KS\AppData\Local\{2EBBC7D6-9981-4455-8544-F886CD8F3760} -> [2011/11/10 18:18:43 | 000,000,000 | ---D | C]
 {3D73CF15-D749-4CD8-97C9-37699EDF41F1} -> C:\Users\KS\AppData\Local\{3D73CF15-D749-4CD8-97C9-37699EDF41F1} -> [2011/11/10 18:18:26 | 000,000,000 | ---D | C]
 {2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2} -> C:\Users\KS\AppData\Local\{2E29AFED-27B5-4A18-B5AF-4CC0A8A4CEA2} -> [2011/11/09 01:48:28 | 000,000,000 | ---D | C]
 {6714391A-4AF2-4EDF-81B2-D81ABF9E53CC} -> C:\Users\KS\AppData\Local\{6714391A-4AF2-4EDF-81B2-D81ABF9E53CC} -> [2011/11/09 01:48:01 | 000,000,000 | ---D | C]
 {B4DC5987-E282-4E97-AC31-E6B18A4FE432} -> C:\Users\KS\AppData\Local\{B4DC5987-E282-4E97-AC31-E6B18A4FE432} -> [2011/11/07 15:51:46 | 000,000,000 | ---D | C]
 {86F1A600-AA71-49F1-8324-64C6436D016C} -> C:\Users\KS\AppData\Local\{86F1A600-AA71-49F1-8324-64C6436D016C} -> [2011/11/07 15:51:30 | 000,000,000 | ---D | C]
 Allm -> C:\Allm -> [2011/11/03 10:55:04 | 000,000,000 | ---D | C]
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 07:43:21 | 000,009,920 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/12/03 07:43:21 | 000,009,920 | -H-- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2011/12/03 07:40:31 | 000,793,646 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2011/12/03 07:40:31 | 000,661,714 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2011/12/03 07:40:31 | 000,125,800 | ---- | M] ()
 OTS.exe -> C:\Users\KS\Desktop\OTS.exe -> [2011/12/03 07:39:03 | 000,646,144 | ---- | M] (OldTimer Tools)
 bootstat.dat -> C:\Windows\bootstat.dat -> [2011/12/03 07:35:38 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2011/12/03 07:35:30 | 2211,483,648 | -HS- | M] ()
 At97.job -> C:\Windows\tasks\At97.job -> [2011/12/02 23:18:31 | 000,000,352 | ---- | M] ()
 At49.job -> C:\Windows\tasks\At49.job -> [2011/12/02 23:18:31 | 000,000,352 | ---- | M] ()
 At96.job -> C:\Windows\tasks\At96.job -> [2011/12/02 23:18:31 | 000,000,350 | ---- | M] ()
 At48.job -> C:\Windows\tasks\At48.job -> [2011/12/02 23:18:31 | 000,000,350 | ---- | M] ()
 At46.job -> C:\Windows\tasks\At46.job -> [2011/12/02 22:18:20 | 000,000,350 | ---- | M] ()
 At95.job -> C:\Windows\tasks\At95.job -> [2011/12/02 22:18:19 | 000,000,352 | ---- | M] ()
 At47.job -> C:\Windows\tasks\At47.job -> [2011/12/02 22:18:19 | 000,000,352 | ---- | M] ()
 At94.job -> C:\Windows\tasks\At94.job -> [2011/12/02 22:18:19 | 000,000,350 | ---- | M] ()
 At93.job -> C:\Windows\tasks\At93.job -> [2011/12/02 21:18:28 | 000,000,352 | ---- | M] ()
 At45.job -> C:\Windows\tasks\At45.job -> [2011/12/02 21:18:28 | 000,000,352 | ---- | M] ()
 At44.job -> C:\Windows\tasks\At44.job -> [2011/12/02 21:18:28 | 000,000,350 | ---- | M] ()
 At92.job -> C:\Windows\tasks\At92.job -> [2011/12/02 21:18:27 | 000,000,350 | ---- | M] ()
 At91.job -> C:\Windows\tasks\At91.job -> [2011/12/02 20:18:15 | 000,000,352 | ---- | M] ()
 At90.job -> C:\Windows\tasks\At90.job -> [2011/12/02 20:18:12 | 000,000,350 | ---- | M] ()
 At43.job -> C:\Windows\tasks\At43.job -> [2011/12/02 20:18:11 | 000,000,352 | ---- | M] ()
 At42.job -> C:\Windows\tasks\At42.job -> [2011/12/02 20:18:10 | 000,000,350 | ---- | M] ()
 At41.job -> C:\Windows\tasks\At41.job -> [2011/12/02 19:18:12 | 000,000,352 | ---- | M] ()
 At88.job -> C:\Windows\tasks\At88.job -> [2011/12/02 19:18:12 | 000,000,350 | ---- | M] ()
 At89.job -> C:\Windows\tasks\At89.job -> [2011/12/02 19:18:09 | 000,000,352 | ---- | M] ()
 At40.job -> C:\Windows\tasks\At40.job -> [2011/12/02 19:18:09 | 000,000,350 | ---- | M] ()
 At87.job -> C:\Windows\tasks\At87.job -> [2011/12/02 18:18:12 | 000,000,352 | ---- | M] ()
 At39.job -> C:\Windows\tasks\At39.job -> [2011/12/02 18:18:12 | 000,000,352 | ---- | M] ()
 At86.job -> C:\Windows\tasks\At86.job -> [2011/12/02 18:18:12 | 000,000,350 | ---- | M] ()
 At38.job -> C:\Windows\tasks\At38.job -> [2011/12/02 18:18:09 | 000,000,350 | ---- | M] ()
 At85.job -> C:\Windows\tasks\At85.job -> [2011/12/02 17:18:07 | 000,000,352 | ---- | M] ()
 At37.job -> C:\Windows\tasks\At37.job -> [2011/12/02 17:18:07 | 000,000,352 | ---- | M] ()
 At84.job -> C:\Windows\tasks\At84.job -> [2011/12/02 17:18:07 | 000,000,350 | ---- | M] ()
 At36.job -> C:\Windows\tasks\At36.job -> [2011/12/02 17:18:07 | 000,000,350 | ---- | M] ()
 At83.job -> C:\Windows\tasks\At83.job -> [2011/12/02 16:18:11 | 000,000,352 | ---- | M] ()
 At35.job -> C:\Windows\tasks\At35.job -> [2011/12/02 16:18:11 | 000,000,352 | ---- | M] ()
 At82.job -> C:\Windows\tasks\At82.job -> [2011/12/02 16:18:11 | 000,000,350 | ---- | M] ()
 At34.job -> C:\Windows\tasks\At34.job -> [2011/12/02 16:18:11 | 000,000,350 | ---- | M] ()
 At81.job -> C:\Windows\tasks\At81.job -> [2011/12/02 15:18:32 | 000,000,352 | ---- | M] ()
 At32.job -> C:\Windows\tasks\At32.job -> [2011/12/02 15:18:32 | 000,000,350 | ---- | M] ()
 At33.job -> C:\Windows\tasks\At33.job -> [2011/12/02 15:18:21 | 000,000,352 | ---- | M] ()
 At80.job -> C:\Windows\tasks\At80.job -> [2011/12/02 15:18:21 | 000,000,350 | ---- | M] ()
 At79.job -> C:\Windows\tasks\At79.job -> [2011/12/02 14:18:00 | 000,000,352 | ---- | M] ()
 At31.job -> C:\Windows\tasks\At31.job -> [2011/12/02 14:18:00 | 000,000,352 | ---- | M] ()
 At78.job -> C:\Windows\tasks\At78.job -> [2011/12/02 14:18:00 | 000,000,350 | ---- | M] ()
 At30.job -> C:\Windows\tasks\At30.job -> [2011/12/02 14:18:00 | 000,000,350 | ---- | M] ()
 At29.job -> C:\Windows\tasks\At29.job -> [2011/12/02 13:18:01 | 000,000,352 | ---- | M] ()
 At77.job -> C:\Windows\tasks\At77.job -> [2011/12/02 13:18:00 | 000,000,352 | ---- | M] ()
 At76.job -> C:\Windows\tasks\At76.job -> [2011/12/02 13:18:00 | 000,000,350 | ---- | M] ()
 At28.job -> C:\Windows\tasks\At28.job -> [2011/12/02 13:18:00 | 000,000,350 | ---- | M] ()
 At75.job -> C:\Windows\tasks\At75.job -> [2011/12/02 12:18:26 | 000,000,352 | ---- | M] ()
 At27.job -> C:\Windows\tasks\At27.job -> [2011/12/02 12:18:26 | 000,000,352 | ---- | M] ()
 At74.job -> C:\Windows\tasks\At74.job -> [2011/12/02 12:18:26 | 000,000,350 | ---- | M] ()
 At26.job -> C:\Windows\tasks\At26.job -> [2011/12/02 12:18:25 | 000,000,350 | ---- | M] ()
 At73.job -> C:\Windows\tasks\At73.job -> [2011/12/02 11:18:29 | 000,000,352 | ---- | M] ()
 At72.job -> C:\Windows\tasks\At72.job -> [2011/12/02 11:18:29 | 000,000,350 | ---- | M] ()
 At24.job -> C:\Windows\tasks\At24.job -> [2011/12/02 11:18:21 | 000,000,350 | ---- | M] ()
 At25.job -> C:\Windows\tasks\At25.job -> [2011/12/02 11:18:14 | 000,000,352 | ---- | M] ()
 Skyrim1.bmp -> C:\Users\KS\Desktop\Skyrim1.bmp -> [2011/12/02 10:36:54 | 001,082,454 | ---- | M] ()
 At71.job -> C:\Windows\tasks\At71.job -> [2011/12/02 10:18:08 | 000,000,352 | ---- | M] ()
 At23.job -> C:\Windows\tasks\At23.job -> [2011/12/02 10:18:08 | 000,000,352 | ---- | M] ()
 At22.job -> C:\Windows\tasks\At22.job -> [2011/12/02 10:18:08 | 000,000,350 | ---- | M] ()
 At70.job -> C:\Windows\tasks\At70.job -> [2011/12/02 10:18:04 | 000,000,350 | ---- | M] ()
 At69.job -> C:\Windows\tasks\At69.job -> [2011/12/02 09:18:21 | 000,000,352 | ---- | M] ()
 At21.job -> C:\Windows\tasks\At21.job -> [2011/12/02 09:18:21 | 000,000,352 | ---- | M] ()
 At68.job -> C:\Windows\tasks\At68.job -> [2011/12/02 09:18:21 | 000,000,350 | ---- | M] ()
 At20.job -> C:\Windows\tasks\At20.job -> [2011/12/02 09:18:21 | 000,000,350 | ---- | M] ()
 At67.job -> C:\Windows\tasks\At67.job -> [2011/12/02 08:18:02 | 000,000,352 | ---- | M] ()
 At19.job -> C:\Windows\tasks\At19.job -> [2011/12/02 08:18:02 | 000,000,352 | ---- | M] ()
 At66.job -> C:\Windows\tasks\At66.job -> [2011/12/02 08:18:02 | 000,000,350 | ---- | M] ()
 At18.job -> C:\Windows\tasks\At18.job -> [2011/12/02 08:18:01 | 000,000,350 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/12/01 21:10:37 | 004,896,984 | ---- | M] ()
 SWFConverter.INI -> C:\Windows\SWFConverter.INI -> [2011/12/01 20:02:10 | 000,000,037 | ---- | M] ()
 defogger_reenable -> C:\Users\KS\defogger_reenable -> [2011/12/01 10:45:44 | 000,000,000 | ---- | M] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/12/01 09:56:25 | 000,000,826 | ---- | M] ()
 Advanced SystemCare 5.lnk -> C:\Users\Public\Desktop\Advanced SystemCare 5.lnk -> [2011/12/01 08:20:56 | 000,001,185 | ---- | M] ()
 At65.job -> C:\Windows\tasks\At65.job -> [2011/12/01 07:18:00 | 000,000,352 | ---- | M] ()
 At17.job -> C:\Windows\tasks\At17.job -> [2011/12/01 07:18:00 | 000,000,352 | ---- | M] ()
 At64.job -> C:\Windows\tasks\At64.job -> [2011/12/01 07:18:00 | 000,000,350 | ---- | M] ()
 At16.job -> C:\Windows\tasks\At16.job -> [2011/12/01 07:18:00 | 000,000,350 | ---- | M] ()
 At63.job -> C:\Windows\tasks\At63.job -> [2011/12/01 06:18:00 | 000,000,352 | ---- | M] ()
 At15.job -> C:\Windows\tasks\At15.job -> [2011/12/01 06:18:00 | 000,000,352 | ---- | M] ()
 At62.job -> C:\Windows\tasks\At62.job -> [2011/12/01 06:18:00 | 000,000,350 | ---- | M] ()
 At14.job -> C:\Windows\tasks\At14.job -> [2011/12/01 06:18:00 | 000,000,350 | ---- | M] ()
 At61.job -> C:\Windows\tasks\At61.job -> [2011/12/01 05:18:00 | 000,000,352 | ---- | M] ()
 At13.job -> C:\Windows\tasks\At13.job -> [2011/12/01 05:18:00 | 000,000,352 | ---- | M] ()
 At60.job -> C:\Windows\tasks\At60.job -> [2011/12/01 05:18:00 | 000,000,350 | ---- | M] ()
 At12.job -> C:\Windows\tasks\At12.job -> [2011/12/01 05:18:00 | 000,000,350 | ---- | M] ()
 At59.job -> C:\Windows\tasks\At59.job -> [2011/12/01 04:18:00 | 000,000,352 | ---- | M] ()
 At11.job -> C:\Windows\tasks\At11.job -> [2011/12/01 04:18:00 | 000,000,352 | ---- | M] ()
 At58.job -> C:\Windows\tasks\At58.job -> [2011/12/01 04:18:00 | 000,000,350 | ---- | M] ()
 At10.job -> C:\Windows\tasks\At10.job -> [2011/12/01 04:18:00 | 000,000,350 | ---- | M] ()
 At9.job -> C:\Windows\tasks\At9.job -> [2011/12/01 03:18:00 | 000,000,352 | ---- | M] ()
 At57.job -> C:\Windows\tasks\At57.job -> [2011/12/01 03:18:00 | 000,000,352 | ---- | M] ()
 At8.job -> C:\Windows\tasks\At8.job -> [2011/12/01 03:18:00 | 000,000,350 | ---- | M] ()
 At56.job -> C:\Windows\tasks\At56.job -> [2011/12/01 03:18:00 | 000,000,350 | ---- | M] ()
 At7.job -> C:\Windows\tasks\At7.job -> [2011/12/01 02:18:00 | 000,000,352 | ---- | M] ()
 At55.job -> C:\Windows\tasks\At55.job -> [2011/12/01 02:18:00 | 000,000,352 | ---- | M] ()
 At6.job -> C:\Windows\tasks\At6.job -> [2011/12/01 02:18:00 | 000,000,350 | ---- | M] ()
 At54.job -> C:\Windows\tasks\At54.job -> [2011/12/01 02:18:00 | 000,000,350 | ---- | M] ()
 At53.job -> C:\Windows\tasks\At53.job -> [2011/12/01 01:18:00 | 000,000,352 | ---- | M] ()
 At5.job -> C:\Windows\tasks\At5.job -> [2011/12/01 01:18:00 | 000,000,352 | ---- | M] ()
 At52.job -> C:\Windows\tasks\At52.job -> [2011/12/01 01:18:00 | 000,000,350 | ---- | M] ()
 At4.job -> C:\Windows\tasks\At4.job -> [2011/12/01 01:18:00 | 000,000,350 | ---- | M] ()
 At51.job -> C:\Windows\tasks\At51.job -> [2011/12/01 00:18:00 | 000,000,352 | ---- | M] ()
 At3.job -> C:\Windows\tasks\At3.job -> [2011/12/01 00:18:00 | 000,000,352 | ---- | M] ()
 At50.job -> C:\Windows\tasks\At50.job -> [2011/12/01 00:18:00 | 000,000,350 | ---- | M] ()
 At2.job -> C:\Windows\tasks\At2.job -> [2011/12/01 00:18:00 | 000,000,350 | ---- | M] ()
 e8imRM28.com -> C:\Windows\SysWow64\e8imRM28.com -> [2011/11/26 16:29:01 | 000,032,256 | ---- | M] (TWX Corp.)
 dtsoftbus01.sys -> C:\Windows\SysNative\drivers\dtsoftbus01.sys -> [2011/11/25 21:42:05 | 000,279,616 | ---- | M] (DT Soft Ltd)
 H8T73GY.dat -> C:\ProgramData\H8T73GY.dat -> [2011/11/23 13:14:44 | 000,000,000 | ---- | M] ()
 At1.job -> C:\Windows\tasks\At1.job -> [2011/11/22 03:48:15 | 000,000,376 | ---- | M] ()
 GameMon.des -> C:\Windows\SysWow64\GameMon.des -> [2011/11/14 18:04:51 | 003,767,240 | ---- | M] (INCA Internet Co., Ltd.)
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 Skyrim1.bmp -> C:\Users\KS\Desktop\Skyrim1.bmp -> [2011/12/02 10:36:54 | 001,082,454 | ---- | C] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2011/12/01 21:10:13 | 004,896,984 | ---- | C] ()
 defogger_reenable -> C:\Users\KS\defogger_reenable -> [2011/12/01 10:45:44 | 000,000,000 | ---- | C] ()
 CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/12/01 09:56:25 | 000,000,826 | ---- | C] ()
 RegistryDefragBootTime.exe -> C:\Windows\SysNative\RegistryDefragBootTime.exe -> [2011/12/01 08:52:19 | 000,022,872 | ---- | C] ()
 Advanced SystemCare 5.lnk -> C:\Users\Public\Desktop\Advanced SystemCare 5.lnk -> [2011/12/01 08:20:56 | 000,001,185 | ---- | C] ()
 At97.job -> C:\Windows\tasks\At97.job -> [2011/11/26 16:29:43 | 000,000,352 | ---- | C] ()
 At96.job -> C:\Windows\tasks\At96.job -> [2011/11/26 16:29:42 | 000,000,350 | ---- | C] ()
 At95.job -> C:\Windows\tasks\At95.job -> [2011/11/26 16:29:41 | 000,000,352 | ---- | C] ()
 At94.job -> C:\Windows\tasks\At94.job -> [2011/11/26 16:29:41 | 000,000,350 | ---- | C] ()
 At93.job -> C:\Windows\tasks\At93.job -> [2011/11/26 16:29:40 | 000,000,352 | ---- | C] ()
 At92.job -> C:\Windows\tasks\At92.job -> [2011/11/26 16:29:40 | 000,000,350 | ---- | C] ()
 At91.job -> C:\Windows\tasks\At91.job -> [2011/11/26 16:29:39 | 000,000,352 | ---- | C] ()
 At89.job -> C:\Windows\tasks\At89.job -> [2011/11/26 16:29:38 | 000,000,352 | ---- | C] ()
 At90.job -> C:\Windows\tasks\At90.job -> [2011/11/26 16:29:38 | 000,000,350 | ---- | C] ()
 At87.job -> C:\Windows\tasks\At87.job -> [2011/11/26 16:29:37 | 000,000,352 | ---- | C] ()
 At88.job -> C:\Windows\tasks\At88.job -> [2011/11/26 16:29:37 | 000,000,350 | ---- | C] ()
 At86.job -> C:\Windows\tasks\At86.job -> [2011/11/26 16:29:36 | 000,000,350 | ---- | C] ()
 At85.job -> C:\Windows\tasks\At85.job -> [2011/11/26 16:29:35 | 000,000,352 | ---- | C] ()
 At83.job -> C:\Windows\tasks\At83.job -> [2011/11/26 16:29:34 | 000,000,352 | ---- | C] ()
 At84.job -> C:\Windows\tasks\At84.job -> [2011/11/26 16:29:34 | 000,000,350 | ---- | C] ()
 At82.job -> C:\Windows\tasks\At82.job -> [2011/11/26 16:29:33 | 000,000,350 | ---- | C] ()
 At81.job -> C:\Windows\tasks\At81.job -> [2011/11/26 16:29:32 | 000,000,352 | ---- | C] ()
 At80.job -> C:\Windows\tasks\At80.job -> [2011/11/26 16:29:32 | 000,000,350 | ---- | C] ()
 At79.job -> C:\Windows\tasks\At79.job -> [2011/11/26 16:29:31 | 000,000,352 | ---- | C] ()
 At78.job -> C:\Windows\tasks\At78.job -> [2011/11/26 16:29:30 | 000,000,350 | ---- | C] ()
 At77.job -> C:\Windows\tasks\At77.job -> [2011/11/26 16:29:29 | 000,000,352 | ---- | C] ()
 At76.job -> C:\Windows\tasks\At76.job -> [2011/11/26 16:29:29 | 000,000,350 | ---- | C] ()
 At75.job -> C:\Windows\tasks\At75.job -> [2011/11/26 16:29:28 | 000,000,352 | ---- | C] ()
 At73.job -> C:\Windows\tasks\At73.job -> [2011/11/26 16:29:27 | 000,000,352 | ---- | C] ()
 At74.job -> C:\Windows\tasks\At74.job -> [2011/11/26 16:29:27 | 000,000,350 | ---- | C] ()
 At71.job -> C:\Windows\tasks\At71.job -> [2011/11/26 16:29:26 | 000,000,352 | ---- | C] ()
 At72.job -> C:\Windows\tasks\At72.job -> [2011/11/26 16:29:26 | 000,000,350 | ---- | C] ()
 At70.job -> C:\Windows\tasks\At70.job -> [2011/11/26 16:29:25 | 000,000,350 | ---- | C] ()
 At69.job -> C:\Windows\tasks\At69.job -> [2011/11/26 16:29:24 | 000,000,352 | ---- | C] ()
 At68.job -> C:\Windows\tasks\At68.job -> [2011/11/26 16:29:24 | 000,000,350 | ---- | C] ()
 At67.job -> C:\Windows\tasks\At67.job -> [2011/11/26 16:29:23 | 000,000,352 | ---- | C] ()
 At65.job -> C:\Windows\tasks\At65.job -> [2011/11/26 16:29:22 | 000,000,352 | ---- | C] ()
 At66.job -> C:\Windows\tasks\At66.job -> [2011/11/26 16:29:22 | 000,000,350 | ---- | C] ()
 At63.job -> C:\Windows\tasks\At63.job -> [2011/11/26 16:29:21 | 000,000,352 | ---- | C] ()
 At64.job -> C:\Windows\tasks\At64.job -> [2011/11/26 16:29:21 | 000,000,350 | ---- | C] ()
 At61.job -> C:\Windows\tasks\At61.job -> [2011/11/26 16:29:20 | 000,000,352 | ---- | C] ()
 At62.job -> C:\Windows\tasks\At62.job -> [2011/11/26 16:29:20 | 000,000,350 | ---- | C] ()
 At60.job -> C:\Windows\tasks\At60.job -> [2011/11/26 16:29:19 | 000,000,350 | ---- | C] ()
 At59.job -> C:\Windows\tasks\At59.job -> [2011/11/26 16:29:18 | 000,000,352 | ---- | C] ()
 At58.job -> C:\Windows\tasks\At58.job -> [2011/11/26 16:29:18 | 000,000,350 | ---- | C] ()
 At57.job -> C:\Windows\tasks\At57.job -> [2011/11/26 16:29:17 | 000,000,352 | ---- | C] ()
 At56.job -> C:\Windows\tasks\At56.job -> [2011/11/26 16:29:17 | 000,000,350 | ---- | C] ()
 At55.job -> C:\Windows\tasks\At55.job -> [2011/11/26 16:29:16 | 000,000,352 | ---- | C] ()
 At54.job -> C:\Windows\tasks\At54.job -> [2011/11/26 16:29:16 | 000,000,350 | ---- | C] ()
 At53.job -> C:\Windows\tasks\At53.job -> [2011/11/26 16:29:15 | 000,000,352 | ---- | C] ()
 At51.job -> C:\Windows\tasks\At51.job -> [2011/11/26 16:29:14 | 000,000,352 | ---- | C] ()
 At52.job -> C:\Windows\tasks\At52.job -> [2011/11/26 16:29:14 | 000,000,350 | ---- | C] ()
 At50.job -> C:\Windows\tasks\At50.job -> [2011/11/26 16:29:13 | 000,000,350 | ---- | C] ()
 SWFConverter.INI -> C:\Windows\SWFConverter.INI -> [2011/11/24 16:26:51 | 000,000,037 | ---- | C] ()
 H8T73GY.dat -> C:\ProgramData\H8T73GY.dat -> [2011/11/23 13:14:44 | 000,000,000 | ---- | C] ()
 At49.job -> C:\Windows\tasks\At49.job -> [2011/11/23 13:14:43 | 000,000,352 | ---- | C] ()
 At48.job -> C:\Windows\tasks\At48.job -> [2011/11/23 13:14:42 | 000,000,350 | ---- | C] ()
 At47.job -> C:\Windows\tasks\At47.job -> [2011/11/23 13:14:41 | 000,000,352 | ---- | C] ()
 At46.job -> C:\Windows\tasks\At46.job -> [2011/11/23 13:14:41 | 000,000,350 | ---- | C] ()
 At45.job -> C:\Windows\tasks\At45.job -> [2011/11/23 13:14:40 | 000,000,352 | ---- | C] ()
 At44.job -> C:\Windows\tasks\At44.job -> [2011/11/23 13:14:40 | 000,000,350 | ---- | C] ()
 At43.job -> C:\Windows\tasks\At43.job -> [2011/11/23 13:14:39 | 000,000,352 | ---- | C] ()
 At42.job -> C:\Windows\tasks\At42.job -> [2011/11/23 13:14:39 | 000,000,350 | ---- | C] ()
 At41.job -> C:\Windows\tasks\At41.job -> [2011/11/23 13:14:38 | 000,000,352 | ---- | C] ()
 At40.job -> C:\Windows\tasks\At40.job -> [2011/11/23 13:14:38 | 000,000,350 | ---- | C] ()
 At39.job -> C:\Windows\tasks\At39.job -> [2011/11/23 13:14:37 | 000,000,352 | ---- | C] ()
 At37.job -> C:\Windows\tasks\At37.job -> [2011/11/23 13:14:36 | 000,000,352 | ---- | C] ()
 At38.job -> C:\Windows\tasks\At38.job -> [2011/11/23 13:14:36 | 000,000,350 | ---- | C] ()
 At36.job -> C:\Windows\tasks\At36.job -> [2011/11/23 13:14:35 | 000,000,350 | ---- | C] ()
 At35.job -> C:\Windows\tasks\At35.job -> [2011/11/23 13:14:33 | 000,000,352 | ---- | C] ()
 At34.job -> C:\Windows\tasks\At34.job -> [2011/11/23 13:14:33 | 000,000,350 | ---- | C] ()
 At33.job -> C:\Windows\tasks\At33.job -> [2011/11/23 13:14:32 | 000,000,352 | ---- | C] ()
 At32.job -> C:\Windows\tasks\At32.job -> [2011/11/23 13:14:31 | 000,000,350 | ---- | C] ()
 At31.job -> C:\Windows\tasks\At31.job -> [2011/11/23 13:14:30 | 000,000,352 | ---- | C] ()
 At30.job -> C:\Windows\tasks\At30.job -> [2011/11/23 13:14:29 | 000,000,350 | ---- | C] ()
 At29.job -> C:\Windows\tasks\At29.job -> [2011/11/23 13:14:28 | 000,000,352 | ---- | C] ()
 At28.job -> C:\Windows\tasks\At28.job -> [2011/11/23 13:14:26 | 000,000,350 | ---- | C] ()
 At27.job -> C:\Windows\tasks\At27.job -> [2011/11/23 13:14:25 | 000,000,352 | ---- | C] ()
 At26.job -> C:\Windows\tasks\At26.job -> [2011/11/23 13:14:25 | 000,000,350 | ---- | C] ()
 At25.job -> C:\Windows\tasks\At25.job -> [2011/11/23 13:14:24 | 000,000,352 | ---- | C] ()
 At24.job -> C:\Windows\tasks\At24.job -> [2011/11/23 13:14:23 | 000,000,350 | ---- | C] ()
 At23.job -> C:\Windows\tasks\At23.job -> [2011/11/23 13:14:22 | 000,000,352 | ---- | C] ()
 At22.job -> C:\Windows\tasks\At22.job -> [2011/11/23 13:14:21 | 000,000,350 | ---- | C] ()
 At21.job -> C:\Windows\tasks\At21.job -> [2011/11/23 13:14:20 | 000,000,352 | ---- | C] ()
 At20.job -> C:\Windows\tasks\At20.job -> [2011/11/23 13:14:19 | 000,000,350 | ---- | C] ()
 At19.job -> C:\Windows\tasks\At19.job -> [2011/11/23 13:14:18 | 000,000,352 | ---- | C] ()
 At18.job -> C:\Windows\tasks\At18.job -> [2011/11/23 13:14:15 | 000,000,350 | ---- | C] ()
 At17.job -> C:\Windows\tasks\At17.job -> [2011/11/23 13:14:13 | 000,000,352 | ---- | C] ()
 At16.job -> C:\Windows\tasks\At16.job -> [2011/11/23 13:14:11 | 000,000,350 | ---- | C] ()
 At15.job -> C:\Windows\tasks\At15.job -> [2011/11/23 13:14:10 | 000,000,352 | ---- | C] ()
 At13.job -> C:\Windows\tasks\At13.job -> [2011/11/23 13:14:09 | 000,000,352 | ---- | C] ()
 At14.job -> C:\Windows\tasks\At14.job -> [2011/11/23 13:14:09 | 000,000,350 | ---- | C] ()
 At12.job -> C:\Windows\tasks\At12.job -> [2011/11/23 13:14:08 | 000,000,350 | ---- | C] ()
 At11.job -> C:\Windows\tasks\At11.job -> [2011/11/23 13:14:07 | 000,000,352 | ---- | C] ()
 At10.job -> C:\Windows\tasks\At10.job -> [2011/11/23 13:14:06 | 000,000,350 | ---- | C] ()
 At9.job -> C:\Windows\tasks\At9.job -> [2011/11/23 13:14:05 | 000,000,352 | ---- | C] ()
 At8.job -> C:\Windows\tasks\At8.job -> [2011/11/23 13:14:04 | 000,000,350 | ---- | C] ()
 At7.job -> C:\Windows\tasks\At7.job -> [2011/11/23 13:14:03 | 000,000,352 | ---- | C] ()
 At6.job -> C:\Windows\tasks\At6.job -> [2011/11/23 13:14:02 | 000,000,350 | ---- | C] ()
 At5.job -> C:\Windows\tasks\At5.job -> [2011/11/23 13:14:01 | 000,000,352 | ---- | C] ()
 At4.job -> C:\Windows\tasks\At4.job -> [2011/11/23 13:14:00 | 000,000,350 | ---- | C] ()
 At3.job -> C:\Windows\tasks\At3.job -> [2011/11/23 13:13:59 | 000,000,352 | ---- | C] ()
 At2.job -> C:\Windows\tasks\At2.job -> [2011/11/23 13:13:56 | 000,000,350 | ---- | C] ()
 At1.job -> C:\Windows\tasks\At1.job -> [2011/11/22 03:47:04 | 000,000,376 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2011/10/23 19:12:41 | 000,761,856 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2011/10/23 19:12:41 | 000,135,168 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\KS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/09/19 03:19:55 | 000,005,632 | ---- | C] ()
 ss.ini -> C:\ProgramData\ss.ini -> [2011/09/01 17:36:31 | 000,001,492 | ---- | C] ()
 DSE2_DFT.dll -> C:\Windows\SysWow64\DSE2_DFT.dll -> [2011/08/18 00:59:42 | 004,874,240 | ---- | C] ()
 nsreg.dat -> C:\Windows\nsreg.dat -> [2011/08/15 04:55:24 | 000,000,000 | ---- | C] ()
 fusioncache.dat -> C:\Users\KS\AppData\Local\fusioncache.dat -> [2011/08/08 15:29:51 | 000,000,090 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2011/08/03 15:18:35 | 000,779,558 | ---- | C] ()
 ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2009/08/21 20:46:26 | 000,000,000 | ---- | C] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:38:36 | 000,067,584 | --S- | C] ()
 NOISE.DAT -> C:\Windows\SysWow64\NOISE.DAT -> [2009/07/13 21:35:51 | 000,000,741 | ---- | C] ()
 dssec.dat -> C:\Windows\SysWow64\dssec.dat -> [2009/07/13 21:34:42 | 000,215,943 | ---- | C] ()
 mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:10:29 | 000,043,131 | ---- | C] ()
 BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 18:42:10 | 000,064,000 | ---- | C] ()
 msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 16:03:59 | 000,364,544 | ---- | C] ()
 mlang.dat -> C:\Windows\SysWow64\mlang.dat -> [2009/06/10 16:26:10 | 000,673,088 | ---- | C] ()
 unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2009/01/28 13:50:44 | 000,153,088 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 929 bytes -> C:\Users\KS\AppData\Local\Temp:KSkdYBhtxZ1wLQqf0FVZIdeBT7
< End of report >

TDSSKiller (Downloaded from your link, I got rid of my previous version) turned up nothing, but here is the logfile it gave me, found in my C: directory after I ran it:

11:17:53.0188 1040 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
11:17:53.0422 1040 ============================================================
11:17:53.0422 1040 Current date / time: 2011/12/04 11:17:53.0422
11:17:53.0422 1040 SystemInfo:
11:17:53.0422 1040
11:17:53.0422 1040 OS Version: 6.1.7600 ServicePack: 0.0
11:17:53.0422 1040 Product type: Workstation
11:17:53.0422 1040 ComputerName: UNERRINGPC
11:17:53.0422 1040 UserName: KS
11:17:53.0422 1040 Windows directory: C:\Windows
11:17:53.0422 1040 System windows directory: C:\Windows
11:17:53.0422 1040 Running under WOW64
11:17:53.0422 1040 Processor architecture: Intel x64
11:17:53.0422 1040 Number of processors: 1
11:17:53.0422 1040 Page size: 0x1000
11:17:53.0422 1040 Boot type: Normal boot
11:17:53.0422 1040 ============================================================
11:17:54.0624 1040 Initialize success
11:18:41.0689 3724 ============================================================
11:18:41.0689 3724 Scan started
11:18:41.0689 3724 Mode: Manual; SigCheck; TDLFS;
11:18:41.0689 3724 ============================================================
11:18:42.0422 3724 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:18:42.0578 3724 1394ohci - ok
11:18:42.0719 3724 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:18:42.0765 3724 ACPI - ok
11:18:42.0812 3724 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:18:42.0906 3724 AcpiPmi - ok
11:18:43.0062 3724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:18:43.0109 3724 adp94xx - ok
11:18:43.0280 3724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:18:43.0311 3724 adpahci - ok
11:18:43.0343 3724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:18:43.0358 3724 adpu320 - ok
11:18:43.0545 3724 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
11:18:43.0623 3724 AFD - ok
11:18:44.0029 3724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:18:44.0045 3724 agp440 - ok
11:18:44.0201 3724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:18:44.0216 3724 aliide - ok
11:18:44.0279 3724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:18:44.0294 3724 amdide - ok
11:18:44.0435 3724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:18:44.0497 3724 AmdK8 - ok
11:18:44.0528 3724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:18:44.0575 3724 AmdPPM - ok
11:18:44.0700 3724 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
11:18:44.0715 3724 amdsata - ok
11:18:44.0778 3724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:18:44.0793 3724 amdsbs - ok
11:18:44.0934 3724 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
11:18:44.0934 3724 amdxata - ok
11:18:44.0996 3724 ApfiltrService (c79c86a0395689045710e24d64e5e086) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:18:45.0043 3724 ApfiltrService - ok
11:18:45.0168 3724 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:18:45.0293 3724 AppID - ok
11:18:45.0464 3724 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:18:45.0480 3724 arc - ok
11:18:45.0527 3724 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:18:45.0542 3724 arcsas - ok
11:18:45.0714 3724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:18:45.0870 3724 AsyncMac - ok
11:18:45.0979 3724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:18:45.0995 3724 atapi - ok
11:18:46.0104 3724 athr (b2c3a8618867404475228f7dd260698b) C:\Windows\system32\DRIVERS\athrx.sys
11:18:46.0229 3724 athr - ok
11:18:46.0478 3724 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
11:18:46.0775 3724 atikmdag - ok
11:18:46.0899 3724 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:18:46.0915 3724 AtiPcie - ok
11:18:47.0024 3724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:18:47.0118 3724 b06bdrv - ok
11:18:47.0258 3724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:18:47.0321 3724 b57nd60a - ok
11:18:47.0461 3724 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:18:47.0523 3724 Beep - ok
11:18:47.0679 3724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:18:47.0742 3724 blbdrive - ok
11:18:47.0789 3724 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:18:47.0851 3724 bowser - ok
11:18:47.0991 3724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:18:48.0038 3724 BrFiltLo - ok
11:18:48.0069 3724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:18:48.0085 3724 BrFiltUp - ok
11:18:48.0257 3724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:18:48.0335 3724 Brserid - ok
11:18:48.0366 3724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:18:48.0428 3724 BrSerWdm - ok
11:18:48.0537 3724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:18:48.0584 3724 BrUsbMdm - ok
11:18:48.0615 3724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:18:48.0662 3724 BrUsbSer - ok
11:18:48.0787 3724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:18:48.0834 3724 BTHMODEM - ok
11:18:48.0896 3724 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:18:48.0959 3724 cdfs - ok
11:18:49.0208 3724 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:18:49.0255 3724 cdrom - ok
11:18:49.0395 3724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:18:49.0442 3724 circlass - ok
11:18:49.0505 3724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:18:49.0520 3724 CLFS - ok
11:18:49.0707 3724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:18:49.0739 3724 CmBatt - ok
11:18:49.0770 3724 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:18:49.0785 3724 cmdide - ok
11:18:49.0832 3724 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:18:49.0879 3724 CNG - ok
11:18:49.0988 3724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:18:50.0004 3724 Compbatt - ok
11:18:50.0035 3724 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:18:50.0066 3724 CompositeBus - ok
11:18:50.0207 3724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:18:50.0238 3724 crcdisk - ok
11:18:50.0425 3724 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:18:50.0472 3724 DfsC - ok
11:18:50.0534 3724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:18:50.0675 3724 discache - ok
11:18:50.0815 3724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:18:50.0831 3724 Disk - ok
11:18:50.0862 3724 DKbFltr - ok
11:18:50.0909 3724 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:18:50.0940 3724 drmkaud - ok
11:18:51.0111 3724 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:18:51.0127 3724 dtsoftbus01 - ok
11:18:51.0189 3724 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:18:51.0221 3724 DXGKrnl - ok
11:18:51.0314 3724 EagleX64 - ok
11:18:51.0470 3724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:18:51.0642 3724 ebdrv - ok
11:18:51.0798 3724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:18:51.0829 3724 elxstor - ok
11:18:51.0969 3724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:18:52.0016 3724 ErrDev - ok
11:18:52.0125 3724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:18:52.0219 3724 exfat - ok
11:18:52.0313 3724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:18:52.0375 3724 fastfat - ok
11:18:52.0469 3724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:18:52.0531 3724 fdc - ok
11:18:52.0656 3724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:18:52.0671 3724 FileInfo - ok
11:18:52.0796 3724 FileMonitor (a5f546b29b6efb14b29b393e709ec71b) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
11:18:52.0796 3724 FileMonitor - ok
11:18:52.0905 3724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:18:52.0999 3724 Filetrace - ok
11:18:53.0046 3724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:18:53.0077 3724 flpydisk - ok
11:18:53.0202 3724 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:18:53.0217 3724 FltMgr - ok
11:18:53.0264 3724 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:18:53.0280 3724 FsDepends - ok
11:18:53.0311 3724 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:18:53.0327 3724 Fs_Rec - ok
11:18:53.0451 3724 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:18:53.0483 3724 fvevol - ok
11:18:53.0545 3724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:18:53.0561 3724 gagp30kx - ok
11:18:53.0670 3724 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:18:53.0685 3724 hamachi - ok
11:18:53.0748 3724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:18:53.0810 3724 hcw85cir - ok
11:18:53.0935 3724 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:18:53.0997 3724 HdAudAddService - ok
11:18:54.0044 3724 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:18:54.0091 3724 HDAudBus - ok
11:18:54.0216 3724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:18:54.0247 3724 HidBatt - ok
11:18:54.0294 3724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:18:54.0341 3724 HidBth - ok
11:18:54.0465 3724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:18:54.0543 3724 HidIr - ok
11:18:54.0606 3724 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:18:54.0653 3724 HidUsb - ok
11:18:54.0824 3724 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:18:54.0840 3724 HpSAMD - ok
11:18:54.0902 3724 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:18:54.0965 3724 HTTP - ok
11:18:55.0089 3724 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:18:55.0121 3724 hwpolicy - ok
11:18:55.0167 3724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:18:55.0183 3724 i8042prt - ok
11:18:55.0323 3724 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
11:18:55.0355 3724 iaStorV - ok
11:18:55.0401 3724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:18:55.0417 3724 iirsp - ok
11:18:55.0604 3724 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
11:18:55.0667 3724 IntcAzAudAddService - ok
11:18:55.0791 3724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:18:55.0807 3724 intelide - ok
11:18:55.0885 3724 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:18:55.0916 3724 intelppm - ok
11:18:56.0103 3724 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:18:56.0213 3724 IpFilterDriver - ok
11:18:56.0275 3724 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:18:56.0306 3724 IPMIDRV - ok
11:18:56.0431 3724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:18:56.0509 3724 IPNAT - ok
11:18:56.0556 3724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:18:56.0634 3724 IRENUM - ok
11:18:56.0759 3724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:18:56.0790 3724 isapnp - ok
11:18:56.0821 3724 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:18:56.0837 3724 iScsiPrt - ok
11:18:56.0883 3724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:18:56.0899 3724 kbdclass - ok
11:18:57.0024 3724 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:18:57.0071 3724 kbdhid - ok
11:18:57.0117 3724 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:18:57.0133 3724 KSecDD - ok
11:18:57.0180 3724 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:18:57.0195 3724 KSecPkg - ok
11:18:57.0336 3724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:18:57.0398 3724 ksthunk - ok
11:18:57.0476 3724 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:18:57.0554 3724 L1C - ok
11:18:57.0695 3724 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:18:57.0804 3724 lltdio - ok
11:18:57.0866 3724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:18:57.0882 3724 LSI_FC - ok
11:18:57.0913 3724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:18:57.0929 3724 LSI_SAS - ok
11:18:58.0053 3724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:18:58.0069 3724 LSI_SAS2 - ok
11:18:58.0116 3724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:18:58.0131 3724 LSI_SCSI - ok
11:18:58.0272 3724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:18:58.0365 3724 luafv - ok
11:18:58.0412 3724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:18:58.0428 3724 megasas - ok
11:18:58.0459 3724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:18:58.0490 3724 MegaSR - ok
11:18:58.0615 3724 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:18:58.0693 3724 Modem - ok
11:18:58.0755 3724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:18:58.0787 3724 monitor - ok
11:18:58.0927 3724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:18:58.0958 3724 mouclass - ok
11:18:58.0989 3724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:18:59.0036 3724 mouhid - ok
11:18:59.0161 3724 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:18:59.0177 3724 mountmgr - ok
11:18:59.0208 3724 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:18:59.0223 3724 mpio - ok
11:18:59.0255 3724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:18:59.0333 3724 mpsdrv - ok
11:18:59.0473 3724 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:18:59.0520 3724 MRxDAV - ok
11:18:59.0567 3724 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:18:59.0629 3724 mrxsmb - ok
11:18:59.0738 3724 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:18:59.0785 3724 mrxsmb10 - ok
11:18:59.0832 3724 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:18:59.0847 3724 mrxsmb20 - ok
11:18:59.0972 3724 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:19:00.0003 3724 msahci - ok
11:19:00.0050 3724 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:19:00.0066 3724 msdsm - ok
11:19:00.0113 3724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:19:00.0159 3724 Msfs - ok
11:19:00.0284 3724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:19:00.0362 3724 mshidkmdf - ok
11:19:00.0393 3724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:19:00.0409 3724 msisadrv - ok
11:19:00.0565 3724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:19:00.0643 3724 MSKSSRV - ok
11:19:00.0674 3724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:19:00.0752 3724 MSPCLOCK - ok
11:19:00.0893 3724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:19:00.0986 3724 MSPQM - ok
11:19:01.0033 3724 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:19:01.0064 3724 MsRPC - ok
11:19:01.0189 3724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:19:01.0205 3724 mssmbios - ok
11:19:01.0251 3724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:19:01.0314 3724 MSTEE - ok
11:19:01.0423 3724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:19:01.0470 3724 MTConfig - ok
11:19:01.0517 3724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:19:01.0532 3724 Mup - ok
11:19:01.0673 3724 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:19:01.0688 3724 mwlPSDFilter - ok
11:19:01.0704 3724 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:19:01.0719 3724 mwlPSDNServ - ok
11:19:01.0751 3724 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:19:01.0751 3724 mwlPSDVDisk - ok
11:19:01.0938 3724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:19:01.0985 3724 NativeWifiP - ok
11:19:02.0063 3724 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:19:02.0109 3724 NDIS - ok
11:19:02.0234 3724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:19:02.0328 3724 NdisCap - ok
11:19:02.0375 3724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:19:02.0453 3724 NdisTapi - ok
11:19:02.0577 3724 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:19:02.0655 3724 Ndisuio - ok
11:19:02.0702 3724 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:19:02.0765 3724 NdisWan - ok
11:19:02.0905 3724 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:19:02.0999 3724 NDProxy - ok
11:19:03.0061 3724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:19:03.0123 3724 NetBIOS - ok
11:19:03.0248 3724 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:19:03.0326 3724 NetBT - ok
11:19:03.0529 3724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:19:03.0545 3724 nfrd960 - ok
11:19:03.0607 3724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:19:03.0669 3724 Npfs - ok
11:19:03.0825 3724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:19:03.0903 3724 nsiproxy - ok
11:19:04.0013 3724 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
11:19:04.0122 3724 Ntfs - ok
11:19:04.0247 3724 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
11:19:04.0247 3724 NTIDrvr - ok
11:19:04.0309 3724 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:19:04.0356 3724 Null - ok
11:19:04.0481 3724 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
11:19:04.0512 3724 nvraid - ok
11:19:04.0543 3724 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
11:19:04.0559 3724 nvstor - ok
11:19:04.0605 3724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:19:04.0637 3724 nv_agp - ok
11:19:04.0746 3724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:19:04.0793 3724 ohci1394 - ok
11:19:04.0871 3724 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:19:04.0886 3724 Parport - ok
11:19:05.0011 3724 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:19:05.0027 3724 partmgr - ok
11:19:05.0073 3724 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:19:05.0089 3724 pci - ok
11:19:05.0136 3724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:19:05.0151 3724 pciide - ok
11:19:05.0183 3724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:19:05.0198 3724 pcmcia - ok
11:19:05.0323 3724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:19:05.0339 3724 pcw - ok
11:19:05.0370 3724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:19:05.0463 3724 PEAUTH - ok
11:19:05.0729 3724 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:19:05.0807 3724 PptpMiniport - ok
11:19:05.0853 3724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:19:05.0885 3724 Processor - ok
11:19:06.0056 3724 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:19:06.0119 3724 Psched - ok
11:19:06.0212 3724 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:19:06.0259 3724 PxHlpa64 - ok
11:19:06.0415 3724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:19:06.0477 3724 ql2300 - ok
11:19:06.0602 3724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:19:06.0649 3724 ql40xx - ok
11:19:06.0680 3724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:19:06.0727 3724 QWAVEdrv - ok
11:19:06.0774 3724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:19:06.0821 3724 RasAcd - ok
11:19:06.0930 3724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:19:07.0008 3724 RasAgileVpn - ok
11:19:07.0055 3724 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:19:07.0133 3724 Rasl2tp - ok
11:19:07.0289 3724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:19:07.0382 3724 RasPppoe - ok
11:19:07.0429 3724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:19:07.0491 3724 RasSstp - ok
11:19:07.0616 3724 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:19:07.0725 3724 rdbss - ok
11:19:07.0757 3724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:19:07.0803 3724 rdpbus - ok
11:19:07.0913 3724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:19:07.0991 3724 RDPCDD - ok
11:19:08.0053 3724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:19:08.0131 3724 RDPENCDD - ok
11:19:08.0256 3724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:19:08.0318 3724 RDPREFMP - ok
11:19:08.0349 3724 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:19:08.0412 3724 RDPWD - ok
11:19:08.0459 3724 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:19:08.0490 3724 rdyboost - ok
11:19:08.0630 3724 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
11:19:08.0661 3724 RegFilter - ok
11:19:08.0849 3724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:19:08.0911 3724 rspndr - ok
11:19:08.0958 3724 RSUSBSTOR - ok
11:19:09.0051 3724 RtsUIR - ok
11:19:09.0114 3724 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:19:09.0129 3724 sbp2port - ok
11:19:09.0176 3724 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:19:09.0239 3724 scfilter - ok
11:19:09.0410 3724 ScreamBAudioSvc (e03b9294a9b70a214328b2b518f20db0) C:\Windows\system32\drivers\ScreamingBAudio64.sys
11:19:09.0426 3724 ScreamBAudioSvc - ok
11:19:09.0504 3724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:19:09.0566 3724 secdrv - ok
11:19:09.0722 3724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:19:09.0753 3724 Serenum - ok
11:19:09.0800 3724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:19:09.0816 3724 Serial - ok
11:19:09.0847 3724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:19:09.0878 3724 sermouse - ok
11:19:10.0034 3724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:19:10.0112 3724 sffdisk - ok
11:19:10.0159 3724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:19:10.0221 3724 sffp_mmc - ok
11:19:10.0346 3724 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
11:19:10.0377 3724 sffp_sd - ok
11:19:10.0424 3724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:19:10.0471 3724 sfloppy - ok
11:19:10.0627 3724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:19:10.0643 3724 SiSRaid2 - ok
11:19:10.0689 3724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:19:10.0705 3724 SiSRaid4 - ok
11:19:10.0736 3724 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:19:10.0752 3724 SmartDefragDriver - ok
11:19:10.0861 3724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:19:10.0939 3724 Smb - ok
11:19:11.0017 3724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:19:11.0033 3724 spldr - ok
11:19:11.0173 3724 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:19:11.0220 3724 srv - ok
11:19:11.0360 3724 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:19:11.0407 3724 srv2 - ok
11:19:11.0454 3724 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:19:11.0516 3724 srvnet - ok
11:19:11.0672 3724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:19:11.0688 3724 stexstor - ok
11:19:11.0750 3724 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:19:11.0797 3724 StillCam - ok
11:19:11.0922 3724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:19:11.0937 3724 swenum - ok
11:19:12.0109 3724 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:19:12.0187 3724 Tcpip - ok
11:19:12.0390 3724 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:19:12.0452 3724 TCPIP6 - ok
11:19:12.0561 3724 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:19:12.0639 3724 tcpipreg - ok
11:19:12.0671 3724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:19:12.0749 3724 TDPIPE - ok
11:19:12.0780 3724 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:19:12.0858 3724 TDTCP - ok
11:19:12.0998 3724 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:19:13.0107 3724 tdx - ok
11:19:13.0154 3724 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:19:13.0170 3724 TermDD - ok
11:19:13.0310 3724 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:19:13.0373 3724 tssecsrv - ok
11:19:13.0451 3724 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:19:13.0560 3724 tunnel - ok
11:19:13.0669 3724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:19:13.0685 3724 uagp35 - ok
11:19:13.0731 3724 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
11:19:13.0747 3724 UBHelper - ok
11:19:13.0778 3724 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:19:13.0856 3724 udfs - ok
11:19:13.0997 3724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:19:14.0028 3724 uliagpkx - ok
11:19:14.0059 3724 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:19:14.0106 3724 umbus - ok
11:19:14.0153 3724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:19:14.0184 3724 UmPass - ok
11:19:14.0355 3724 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
11:19:14.0371 3724 UrlFilter - ok
11:19:14.0511 3724 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
11:19:14.0574 3724 usbccgp - ok
11:19:14.0589 3724 USBCCID - ok
11:19:14.0652 3724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:19:14.0683 3724 usbcir - ok
11:19:14.0792 3724 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
11:19:14.0839 3724 usbehci - ok
11:19:14.0886 3724 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
11:19:14.0901 3724 usbfilter - ok
11:19:15.0057 3724 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
11:19:15.0104 3724 usbhub - ok
11:19:15.0135 3724 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
11:19:15.0182 3724 usbohci - ok
11:19:15.0213 3724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:19:15.0260 3724 usbprint - ok
11:19:15.0385 3724 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:19:15.0463 3724 USBSTOR - ok
11:19:15.0525 3724 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
11:19:15.0572 3724 usbuhci - ok
11:19:15.0713 3724 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
11:19:15.0759 3724 usbvideo - ok
11:19:15.0884 3724 VCSVADHWSer (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
11:19:15.0962 3724 VCSVADHWSer - ok
11:19:16.0071 3724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:19:16.0087 3724 vdrvroot - ok
11:19:16.0149 3724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:19:16.0181 3724 vga - ok
11:19:16.0212 3724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:19:16.0290 3724 VgaSave - ok
11:19:16.0383 3724 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:19:16.0415 3724 vhdmp - ok
11:19:16.0539 3724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:19:16.0555 3724 viaide - ok
11:19:16.0617 3724 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:19:16.0633 3724 volmgr - ok
11:19:16.0727 3724 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:19:16.0758 3724 volmgrx - ok
11:19:16.0805 3724 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:19:16.0836 3724 volsnap - ok
11:19:16.0945 3724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:19:16.0992 3724 vsmraid - ok
11:19:17.0070 3724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:19:17.0101 3724 vwifibus - ok
11:19:17.0179 3724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:19:17.0195 3724 vwififlt - ok
11:19:17.0288 3724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:19:17.0335 3724 WacomPen - ok
11:19:17.0444 3724 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:17.0507 3724 WANARP - ok
11:19:17.0522 3724 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:19:17.0585 3724 Wanarpv6 - ok
11:19:17.0663 3724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:19:17.0678 3724 Wd - ok
11:19:17.0709 3724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:19:17.0741 3724 Wdf01000 - ok
11:19:17.0943 3724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:19:18.0006 3724 WfpLwf - ok
11:19:18.0037 3724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:19:18.0053 3724 WIMMount - ok
11:19:18.0255 3724 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:19:18.0287 3724 WinUsb - ok
11:19:18.0349 3724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:19:18.0380 3724 WmiAcpi - ok
11:19:18.0552 3724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:19:18.0645 3724 ws2ifsl - ok
11:19:18.0692 3724 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:19:18.0723 3724 WSDPrintDevice - ok
11:19:18.0848 3724 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:19:18.0911 3724 WudfPf - ok
11:19:18.0973 3724 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:19:19.0020 3724 WUDFRd - ok
11:19:19.0129 3724 X6va005 - ok
11:19:19.0207 3724 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:19:19.0316 3724 \Device\Harddisk0\DR0 - ok
11:19:19.0316 3724 Boot (0x1200) (8302debc472da40f0d408529849070ac) \Device\Harddisk0\DR0\Partition0
11:19:19.0332 3724 \Device\Harddisk0\DR0\Partition0 - ok
11:19:19.0363 3724 Boot (0x1200) (e58ad4a096f25bb911f1203f328002af) \Device\Harddisk0\DR0\Partition1
11:19:19.0363 3724 \Device\Harddisk0\DR0\Partition1 - ok
11:19:19.0363 3724 ============================================================
11:19:19.0363 3724 Scan finished
11:19:19.0363 3724 ============================================================
11:19:19.0394 1596 Detected object count: 0
11:19:19.0394 1596 Actual detected object count: 0

I also feel this is of note: when OTS finished running, several items that hadn't been there before appeared on my desktop in addition to OTS.txt (The OTS logfile posted above).

The files are:

AlbumArt_{2EAACDA2-BA19-4CE1-861A-F954B42050DD}_Small.jpg
AlbumArtSmall.jpg
desktop.ini
Folder.jpg
desktop.ini

A screenshot of the files themselves on my Desktop (If it helps):
http://img39.imageshack.us/img39/7506/showingmydesktop.png

All of the items have the "Hidden" box checked under Properties> General> Attributes, and it cannot be unchecked. I haven't opened any of the files because I have no earthly clue what they are or where they came from.

So far the virus ("ZeroAccess" infection?) is still persisting.

#6 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 05 December 2011 - 10:13 AM

Good Afternoon ST,

I don't mean to doublepost , but i've just discovered that these files are basically everywhere on my computer and I figured the information was pertinent.

For Instance in C:\Users\KS\Desktop\Common\Entertainment\MUSIC\Anime\Lucky Star the files "AlbumArtSmall.jpg" and "Folder.jpg" can be found just like on the desktop, also listed as 'hidden'.

In C:\Users\KS\Desktop\Common\Entertainment\MUSIC\Anime\Hellsing [Colosseum] the files "AlbumArt_{E054AA4A-1EE0-44D0-B524-7302317DB98D}_Large.jpg", "AlbumArt_{E054AA4A-1EE0-44D0-B524-7302317DB98D}_Small.jpg", "AlbumArtSmall.jpg", "Desktop.ini", and "Folder.jpg" can all be found.

In C:\Users\KS\Music "Desktop.ini" can be found

In Libraries\Pictures two copies of "Desktop.ini" can be found.

In Libraries\Documents another two copies of "Desktop.ini"

In Libraries\Videos another two copies of "Desktop.ini"

C:\Users\Public\Pictures\Sample Pictures another copy of "Desktop.ini"

C:\Users\Public\Videos\Sample Videos another copy of "Desktop.ini"

C:\Users\KS\Downloads "AlbumArt_{01790791-8237-4D66-94C5-08D1A040D250}_Large", "AlbumArt_{01790791-8237-4D66-94C5-08D1A040D250}_Small", "AlbumArtSmall.jpg", "Desktop.ini"

And so on and so forth. Oddly enough there ARE a few folders around without them, such as C:\Users\KS\Videos\XSplit Recordings and C:\Users\KS\Desktop\Shadowrun Campaign

I'm not quite sure what to make of it but it seems maybe this might be the source of the infection? Again sorry to make things confusing by doubleposting but this seemed like it was important enough.

#7 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 06 December 2011 - 01:35 AM

Good Evening!

Please don't think that I had forgotten about you. My work schedule has been quite hectic lately, so I'm just getting around to getting online to respond to my logs.

Thanks for the information and explanation on that image. I had a feeling it was, but just wanted to be sure that you recongized it.

Quote

All of the items have the "Hidden" box checked under Properties> General> Attributes, and it cannot be unchecked. I haven't opened any of the files because I have no earthly clue what they are or where they came from.

This is something that one of the fixes/tools you ran did. It unhide your hidden files and folders, and what you are seeing is usually something that is hidden. When we clean-up our tools later this will be changed back to the default (which is hidden)

No worries about the double posting it. That's perfectly fine.

Lets run this tool and see what it finds:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

Please post the C:\ComboFix.txt for further review.

#8 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 06 December 2011 - 10:20 AM

Good Morning!
It's no trouble, I know all about large workloads, especially now that the Christmas Season is in full swing!

Here is the ComboFix Report, downloaded from Link 1:

ComboFix 11-12-06.01 - KS 6/2011 Tue 9:55.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1033.18.2812.1805 [GMT -5:00]
Running from: c:\users\KS\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\FC6B\622.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 15:05 . 2011-12-06 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 16:21 . 2011-12-05 16:21 -------- d-----w- c:\users\KS\AppData\Roaming\Avnex
2011-12-04 15:50 . 2011-12-04 15:50 -------- d-----w- C:\_OTS
2011-12-04 15:20 . 2011-12-04 15:20 189440 ----a-w- c:\users\KS\AppData\Roaming\Microsoft\FC6B\4366.exe
2011-12-03 12:36 . 2011-12-03 12:36 189440 ----a-w- c:\users\KS\AppData\Roaming\Microsoft\FC6B\4DF1.exe
2011-12-01 14:59 . 2011-12-01 15:46 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z
2011-12-01 14:56 . 2011-12-01 14:56 -------- d-----w- c:\program files\CCleaner
2011-12-01 13:52 . 2011-10-20 04:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-27 05:41 . 2011-11-27 05:50 -------- d-----w- c:\program files (x86)\Unlocker
2011-11-27 04:42 . 2011-11-14 23:04 3767240 ----a-w- c:\windows\SysWow64\GameMon.des
2011-11-27 04:42 . 2011-11-27 04:42 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-11-26 04:06 . 2011-11-26 04:06 -------- d-----w- c:\users\KS\AppData\Local\Skyrim
2011-11-26 03:31 . 2009-03-09 20:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-11-26 03:30 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2011-11-26 03:16 . 2011-11-26 04:04 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2011-11-26 02:42 . 2011-11-26 02:42 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-26 02:41 . 2011-11-26 02:42 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-26 02:41 . 2011-12-01 14:58 -------- d-----w- c:\users\KS\AppData\Roaming\DAEMON Tools Lite
2011-11-26 02:01 . 2011-11-26 02:01 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2011-11-26 01:59 . 2011-11-26 01:59 -------- d-----w- c:\users\KS\AppData\Roaming\SplitMediaLabs
2011-11-25 01:27 . 2011-12-01 13:52 -------- d-----w- c:\users\KS\AppData\Roaming\uTorrent
2011-11-24 21:26 . 2007-02-05 17:00 413760 ----a-w- c:\windows\SysWow64\MPG4c32.dll
2011-11-24 21:26 . 2007-02-05 17:00 262144 ----a-w- c:\windows\SysWow64\mpg4ds32.ax
2011-11-24 21:19 . 2011-11-24 21:26 -------- d-----w- c:\program files (x86)\SourceTec
2011-11-24 20:28 . 2011-12-01 13:52 -------- d-----w- c:\users\KS\AppData\Roaming\Media Player Classic
2011-11-24 20:22 . 2011-11-24 21:51 -------- d-----w- c:\users\KS\AppData\Roaming\Audacity
2011-11-24 04:19 . 2011-11-24 04:19 -------- d-----w- c:\users\KS\AppData\Roaming\SYSTEMAX Software Development
2011-11-23 23:45 . 2011-11-23 23:45 -------- d-----w- c:\users\KS\AppData\Roaming\Acer
2011-11-23 09:09 . 2011-12-01 13:20 -------- d-----w- c:\users\KS\AppData\Roaming\IObit
2011-11-19 19:40 . 2011-11-23 02:29 -------- d-----w- c:\users\KS\.maptool
2011-11-18 08:52 . 2011-10-07 04:16 8570192 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FFC320C-51F0-47E8-850C-5308F63E2938}\mpengine.dll
2011-11-09 20:02 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 20:02 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 20:02 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 20:02 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 04:31 . 2011-07-16 00:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21 . 2011-10-11 20:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 20:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-30 13:13 . 2011-09-30 13:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-07-21 10:10 225584 ----a-w- c:\program files (x86)\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-07-21 10:10 141104 ----a-w- c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 17353352]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-08-08 182576]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64; [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 X6va005;X6va005;c:\users\KS\AppData\Local\Temp\005CB82.tmp [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"combofix"="c:\combofix\CF7089.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/mb59?u=92823160855208439
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360711d555l0354z175t48m2x27p
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=lintbie&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\users\KS\AppData\Roaming\Mozilla\Firefox\Profiles\4ls7dpgo.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} - c:\programdata\NexonUS\NGM\NGM.exe
AddRemove-Akamai - c:\users\KS\AppData\Local\Akamai\uninstall.exe
AddRemove-beanfun! - c:\users\KS\Documents\My BeanFun\BFUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KS\AppData\Local\Temp\005CB82.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-12-06 10:14:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 15:14
.
Pre-Run: 47,586,000,896 bytes free
Post-Run: 47,069,069,312 bytes free
.
- - End Of File - - D6E21D6434E9A4852DABA00EB4384B2D

#9 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 07 December 2011 - 01:09 AM

Good Evening UnerringFangirl!

How are things running now?? It looks like ComboFix did in fact address some items that required attention, and we will be running a script with ComboFix to take care of some additional items.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\users\KS\AppData\Roaming\Microsoft\FC6B\4366.exe
c:\users\KS\AppData\Roaming\Microsoft\FC6B\4DF1.exe
DirLook::
C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.

Download Link 1

Download Link 2

Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#10 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 07 December 2011 - 03:08 PM

Good afternoon ST!

Sadly it seems my computer is running a little slower (barely noticable, but still) since the fix, and the problem continues to persist.

Here is the log given by running ComboFix with the CFScript you gave me:
(Note, at 1,045,824 characters and 1.01 MB in Text format, this text file was too large to post here directly ["Your post was too long. Please go back and shorten it a little."]. As a result I have uploaded the text to two locations:)
http://www.beetxt.com/UHE/ and http://www.beetxt.com/UHE/ZLqCw2 (Password is: STGirl)
http://hotfile.com/dl/136966865/0fb5c6d/ComboFix.txt.html for the actual text file.
http://www.megaupload.com/?d=LAH53NGQ also for the actual text file.

I wasn't sure how you wanted me to handle this considering the file itself is too large to attach via forum attachment. If you'd prefer a different method i'll comply in the next reply.

---------------------------------------------------------------------------------------------------------------

Here is the log file from Malewarebyte's Quick Scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8328

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/7/2011 11:54:55 AM
mbam-log-2011-12-07 (11-54-55).txt

Scan type: Quick scan
Objects scanned: 172319
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------

This is the result from the ESET Online Scanner under the settings given:

C:\Qoobox\Quarantine\C\Program Files (x86)\LP\FC6B\622.exe.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4366.exe a variant of Win32/Kryptik.WPP trojan
C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4DF1.exe a variant of Win32/Kryptik.WPP trojan
C:\Users\KS\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\83AE3\lvvm.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\B8983\832FC.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Windows\SysWOW64\e8imRM28.com a variant of Win32/Kryptik.VYL trojan
C:\_OTS\MovedFiles\12042011_105055\C_Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan

---------------------------------------------------------------------------------

Here is the result from Security Check's scan:

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player ( 10.3.183.7) Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

Not sure if it helps any but the files from before are still hanging around my PC.

This post has been edited by UnerringFangirl: 07 December 2011 - 03:12 PM

#11 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 December 2011 - 03:53 AM

Hello,

Quote

I wasn't sure how you wanted me to handle this considering the file itself is too large to attach via forum attachment. If you'd prefer a different method i'll comply in the next reply.

Would you mind trying to submit it to my submission channel?

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:

http://www.bleepingcomputer.com/forums/topic430225.html/page__view__findpost__p__2500368

Click Browse & navigate to C:\ComboFix.txt.

Please post back after you've submitted the file informing me that you've done so.

Cheers,
ST.

#12 UnerringFangirl

New Member

Group: Members
Posts: 7
Joined: 01-December 11

Posted 08 December 2011 - 11:58 AM

Hiya,

"Your file was successfully submitted. Please let the user helping you know that you have submitted the file."

All done ^-^, awaiting further instruction.

#13 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 09 December 2011 - 01:58 AM

Good Evening!

I received the file successfully. Thanks for submitting it for me.

Do you recognize this folder?

C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z

If you do please don't run the script below, as I'll be removing it. It seems like it was generated by malware.

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

Quote

C:\Qoobox\Quarantine\C\Program Files (x86)\LP\FC6B\622.exe.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\83AE3\lvvm.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\B8983\832FC.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Users\KS\AppData\Roaming\Microsoft\FC6B\622.exe a variant of Win32/Kryptik.WMJ trojan
C:\_OTS\MovedFiles\12042011_105055\C_Windows\SysWOW64\e8imRM28.com a variant of Win32/Kryptik.VYL trojan
C:\_OTS\MovedFiles\12042011_105055\C_Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll a variant of Win32/TrojanProxy.Agent.NIB trojan

These threat(s) below will be removed very shortly:

Quote

C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4366.exe a variant of Win32/Kryptik.WPP trojan
C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4DF1.exe a variant of Win32/Kryptik.WPP trojan

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z..ZZ...Z..Z
C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4366.exe
C:\Users\KS\AppData\Roaming\Microsoft\FC6B\4DF1.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,666
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 22 December 2011 - 11:45 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.