Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware/Spyware on Windows 7 Pro RTM x64


  • This topic is locked This topic is locked
8 replies to this topic

#1 WillyBob

WillyBob

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 30 January 2010 - 01:23 PM

Hi,

for the last couple of months it seems like my system has either become infected with something that neither Avast nor MS Security Essentials (used to run Avast, am running MSSE solo now) can detect.

I have occasional timeouts on my network (single computer, connected to Belkin N+ Router (Wired X'n), which connects in turn to Cable Modem.

Hardware: Overclocked Phenom IIx940 from stock 3.ghz to 3675ghz @ full load, on 1.336 volts
Mobo: Gigabyte GA-MA790X-UD4P
RAM: 2x2GB OCZ DDR2 800
GPU1: EVGA GTX260-Superclocked ed
GPU2: ATI HD3870
HDD1 (system) 1 TB WD Caviar Black, system on Parition 1 of 2 (200GB), Partition 2 used for occasional storage
2 more WD Caviar Blue in RAID 1, 1 more WD Caviar Blue in 500GB for scratch writing & file storage

You prolly don't need all my overclock settings but I can write them if they'd help. Of note, though, is that I run PhenomMSRTweaker, allowing me to disable Cool n Quiet in BIOS, but still throttle the CPU depending on load (with this tool the CPU's multiplier can adjust itself at runtime along user-created settings and reference points. With PhenomMSRTweaker you can change the CPU volts & CPU-NB Volts along with the multiplier, ... they'all saved 3 various Power-States, anyway, . . .

Another thing I am having problems with I think is VSS. A few weeks ago I was getting these ugly errors in the Event Viewer (error 22, followed by 8193, both with source VSS). The text of each are here:

Error 22:
Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered].
Operation:
Instantiating VSS server

Error 8193:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
Operation: Instantiating VSS server

What's weird, too, is that I contacted MS Support by chat, and when I went to check out these errors, I noticed that I hadn't received them in the last 24 hours, ... so when they suggested an In Place Upgrade as the cure, if the errors returned, I was glad the errors were gone (and havn't recurred, knock on wood). But, in pasting the text of one of the logs just now, I noticed seeing something like, "No Restore Points", even though I have Sys Restore turned on all appropriate drives. And I remember seeing this error periodically, too:

Error 36 (source "volsnap"):The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

That one is quite weird because I didn't ever set user imposed limits... I have done so in the past, but not on this machine. At one point I believe I may have tried to completely turn off VSS because I do regular backups anyway, and also run Diskeeper 10, but anyway, not sure how much of what might be disk performance issues are also related to Malware, etc.

Please help me with whatever you can help me to find & clean.





Here is my DDS.log, followed by Attach.txt only -- the Rootklit Revvealer apparently doesn't run on 64 bit.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Will at 9:53:06.56 on Sat 01/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.1622 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe
C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe
C:\Program Files\mcShoutCast\ShoutCastProxyService.exe
C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Will\RunApps\SysinternalsSuite\procexp.exe
C:\Users\Will\RunApps\SysinternalsSuite\procexp64.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Users\Will\RunApps\CoreTemp64Beta2\Core Temp.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\ehome\mcrmgr.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\eHome\ehExtHost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\mfpmp.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
W:\Downloads\@Security\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {731f2929-006f-6251-5444-03a92645774f} - c:\windows\syswow64\slcexxt.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files (x86)\lastpass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar.dll
uRun: [DisplayFusion] "c:\program files (x86)\displayfusion\DisplayFusion.exe"
mRun: [<NO NAME>]
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [Belkin Storage Manager] "c:\program files (x86)\belkin storage manager\StorageManager.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\startu~1.lnk - c:\users\will\runapps\StartupScript.ahk
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\runtim~1.lnk - c:\users\will\runapps\RuntimeHotkeys.ahk
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\autorunsdisabled\vme 1.2.lnk.disabled
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: LastPass - file://c:\program files (x86)\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\lastpass\context.html?cmd=fillforms
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1258771289085
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
IFEO: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
IFEO-X64: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\will\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-10-29 226616]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-10-29 1455648]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752]
R2 mcShoutCastECommerceService;mcShoutCastECommerceService;c:\program files\mcshoutcast\mcShoutCastECommerceService.exe [2009-12-15 8192]
R2 mcShoutCastLauraFM;mcShoutCastLauraFM;c:\program files\mcshoutcast\ShoutCastLauraFMService.exe [2009-12-15 7680]
R2 mcShoutCastProxy;mcShoutCastProxy;c:\program files\mcshoutcast\ShoutCastProxyService.exe [2009-12-15 58880]
R2 PhenomMsrTweaker;PhenomMsrTweaker service;c:\program files\phenommsrtweaker\PhenomMsrTweakerService.exe [2009-5-9 22528]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2009-11-11 51120]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-29 327576]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-29 6377496]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\phenommsrtweaker\WinRing0x64.sys [2009-10-29 14544]
S2 PASW;Process Activation Service;c:\windows\system32\psactive.exe --> c:\windows\system32\psactive.exe [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-18 250400]
S3 atillk64;atillk64;w:\downloads\@oc\winflash2017\atillk64.sys [2006-7-19 14608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-1-27 79360]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-11-18 12744]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-20 16776]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-10-29 137608]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-20 9096]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-29 30232]
S3 RTCore64;RTCore64;c:\program files (x86)\evga precision\RTCore64.sys [2009-10-5 14352]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-12-17 43664]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2009-12-18 2326920]
S4 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-29 190488]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010\RpcAgentSrv.exe [2009-12-21 93336]
S4 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
S4 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\milliesoft\tunerfreemce\TunerFreeMCEService.exe [2009-10-28 9216]

=============== Created Last 30 ================

2010-01-30 13:13:30 0 d-----w- C:\APCPowerChuteConfig
2010-01-28 12:43:43 0 d-----w- c:\users\will\appdata\roaming\Enlightenus
2010-01-28 12:08:43 0 d-----w- c:\users\will\appdata\roaming\BanzaiInteractive
2010-01-28 12:08:43 0 d-----w- c:\programdata\BanzaiInteractive
2010-01-28 09:09:45 0 d-----w- c:\users\will\appdata\roaming\Ubisoft
2010-01-28 09:02:26 0 d-----w- c:\windows\CSI - NY
2010-01-28 09:02:26 0 d-----w- c:\program files (x86)\CSI - NY
2010-01-28 00:28:40 0 d-----w- c:\users\will\.VirtualBox
2010-01-28 00:27:14 193232 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-01-28 00:27:00 53264 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-01-28 00:26:54 0 d-----w- c:\program files\Sun
2010-01-27 13:27:29 0 d-----w- c:\programdata\Creative Labs
2010-01-27 10:19:29 7062 ----a-w- c:\windows\syswow64\audiopid.vxd
2010-01-27 10:19:01 0 d-----w- c:\program files (x86)\common files\Creative
2010-01-27 10:19:00 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-01-27 10:18:35 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-01-27 10:18:24 0 d-----w- c:\program files\Creative
2010-01-27 08:41:29 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 08:41:29 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-27 08:41:28 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 20:09:55 0 d-----w- c:\program files (x86)\Yahoo!
2010-01-26 17:08:19 0 ----a-we c:\users\will\Working Folder.lnk
2010-01-26 14:11:01 0 d-----w- c:\program files\NVIDIA Corporation
2010-01-25 23:15:33 0 d-----w- c:\users\will\appdata\roaming\MorarChat
2010-01-25 09:09:38 0 d-----w- c:\users\will\appdata\roaming\LegacyInteractive
2010-01-25 03:38:27 0 d-----w- c:\users\will\appdata\roaming\SevenSails
2010-01-25 03:01:39 0 d-----w- c:\users\will\Million
2010-01-24 07:35:17 0 d-----w- c:\programdata\Artifex Mundi
2010-01-24 06:30:36 0 d-----w- c:\users\will\appdata\roaming\Green Clover Games
2010-01-24 06:30:36 0 d-----w- c:\programdata\Green Clover Games
2010-01-24 00:35:45 65536 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TM.blf
2010-01-24 00:35:45 524288 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TMContainer00000000000000000002.regtrans-ms
2010-01-24 00:35:45 524288 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TMContainer00000000000000000001.regtrans-ms
2010-01-21 19:52:15 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-21 19:52:15 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-21 19:52:12 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-21 19:52:12 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-21 19:52:12 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 19:52:11 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-21 19:52:11 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-20 10:24:34 0 d-----w- c:\program files (x86)\CurseThe Eye of Isis
2010-01-20 10:24:04 0 d-----w- c:\program files (x86)\Curse of Iris
2010-01-20 09:31:59 0 d-----w- c:\programdata\Meridian93
2010-01-20 09:31:19 0 d-----w- c:\users\will\appdata\roaming\Meridian93
2010-01-20 08:40:01 0 d-----w- c:\users\will\appdata\roaming\GOA
2010-01-20 08:40:01 0 d-----w- c:\programdata\GOA
2010-01-20 07:31:38 0 d-----w- c:\program files (x86)\WMR14
2010-01-19 12:49:55 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-01-19 12:49:55 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-01-19 12:49:55 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-01-19 12:49:54 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-01-19 12:49:54 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-01-19 12:49:53 0 d-----w- c:\program files (x86)\Real Alternative
2010-01-18 14:34:24 0 d-----w- C:\games
2010-01-18 03:12:21 0 d-----w- c:\programdata\MediaBrowser
2010-01-18 03:12:09 0 d-----w- c:\program files (x86)\MediaBrowser
2010-01-17 23:48:18 0 d-----w- c:\programdata\ATI
2010-01-17 22:46:59 8897 ----a-w- c:\windows\syswow64\CTAPO64.cat
2010-01-17 10:12:16 0 d-----w- c:\users\will\appdata\roaming\Quirky Games
2010-01-16 06:20:00 0 d-----w- c:\users\will\appdata\roaming\2monkeys
2010-01-16 03:12:11 0 d-----w- c:\users\will\appdata\roaming\Little Games Company
2010-01-16 03:12:11 0 d-----w- c:\programdata\Little Games Company
2010-01-15 12:16:19 61 ----a-w- c:\windows\sbwin.ini
2010-01-14 08:01:52 61440 ----a-w- c:\windows\UnDeploy.exe
2010-01-14 00:12:23 4174814 ------w- c:\windows\syswow64\CT4MGM.SF2
2010-01-14 00:12:23 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-14 00:12:23 2167684 ------w- c:\windows\syswow64\CT2MGM.SF2
2010-01-14 00:12:23 2167684 ------w- c:\windows\system32\CT2MGM.SF2
2010-01-14 00:12:20 0 d-----w- c:\programdata\Creative
2010-01-14 00:11:22 78 ----a-w- c:\windows\syswow64\ctzapxx.ini
2010-01-14 00:11:22 3348 ----a-w- c:\windows\syswow64\ludap17.ini
2010-01-14 00:11:22 11264 ----a-w- c:\windows\syswow64\INRES.DLL
2010-01-14 00:11:22 0 d-----w- c:\windows\syswow64\Data
2010-01-14 00:11:22 0 d-----w- c:\windows\system32\Data
2010-01-14 00:11:20 2873820 ------w- c:\windows\syswow64\Sens_oal.dll
2010-01-14 00:11:20 1908736 ------w- c:\windows\system32\Sens_oal.dll
2010-01-14 00:10:54 0 d-----w- c:\program files (x86)\Creative
2010-01-13 23:38:19 0 d-----w- c:\programdata\NOS
2010-01-13 09:42:23 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:42:23 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 09:42:22 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 09:42:22 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 07:55:20 0 d-----w- c:\program files\mcShoutCast
2010-01-13 07:55:19 0 d-----w- c:\programdata\mcShoutCast
2010-01-12 07:19:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-01-12 07:19:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 07:19:00 14822504 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 07:19:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 07:19:00 1037416 ----a-w- c:\windows\system32\nvsvc64.dll
2010-01-12 07:18:54 65332 ----a-w- c:\windows\system32\NvwsApps.xml
2010-01-12 07:18:54 271481 ----a-w- c:\windows\system32\NvApps.xml
2010-01-12 01:17:31 0 d-----w- c:\windows\syswow64\RTCOM
2010-01-12 01:17:31 0 d-----w- c:\program files\Realtek
2010-01-11 09:20:53 0 d-----w- c:\programdata\saves
2010-01-11 09:06:45 0 d-----w- c:\users\will\appdata\roaming\EleFun Games
2010-01-11 09:03:30 0 d-----w- c:\users\will\appdata\roaming\Once Upon a Time in Chicago
2010-01-11 09:03:30 0 d-----w- c:\programdata\Once Upon a Time in Chicago
2010-01-11 08:50:01 0 d-----w- c:\windows\TheJollyGangsSpookyAdventure
2010-01-11 08:49:34 0 d-----w- c:\windows\Superior Save
2010-01-11 08:48:48 0 d-----w- c:\windows\Once Upon a Time in Chicago
2010-01-11 04:34:59 0 d-----w- c:\users\will\appdata\roaming\TheFixerUpper
2010-01-10 23:55:24 0 d-----w- c:\users\will\appdata\roaming\HSA
2010-01-10 23:37:58 0 d-----w- c:\programdata\iWin Games
2010-01-10 21:58:28 0 d-----w- c:\windows\Art Detective
2010-01-10 21:48:24 0 d-----w- c:\users\will\appdata\roaming\Hidato
2010-01-10 21:48:24 0 d-----w- c:\programdata\Hidato
2010-01-10 21:48:07 0 d-----w- c:\program files (x86)\Gameblend Studios
2010-01-09 02:33:36 0 d-----w- c:\users\will\appdata\roaming\Dragon Altar Games
2010-01-08 08:12:12 0 d-----w- c:\program files\Carbonite
2010-01-08 08:11:38 0 d-----w- c:\programdata\Carbonite
2010-01-08 08:11:38 0 d-----w- c:\program files (x86)\Carbonite
2010-01-08 02:16:25 0 d-----w- c:\program files (x86)\TrendMicro
2010-01-08 00:07:20 0 d-----w- c:\program files (x86)\Belkin Storage Manager
2010-01-07 15:14:20 0 d-----w- c:\users\will\appdata\roaming\V-Games
2010-01-07 06:35:52 0 d-----w- c:\programdata\Sony
2010-01-07 05:54:56 0 d-----w- c:\programdata\1912 Titanic Mystery
2010-01-07 05:54:50 0 d-----w- c:\users\will\appdata\roaming\TitanicMystery
2010-01-07 01:46:09 0 d-----w- c:\program files (x86)\abcAVI
2010-01-07 01:25:17 0 d-----w- c:\program files (x86)\VSTplugins
2010-01-07 01:14:03 0 d-----w- c:\program files (x86)\Sony
2010-01-07 01:12:44 0 d-----w- c:\program files (x86)\Sony Setup
2010-01-06 23:46:59 0 d-----w- c:\users\will\appdata\roaming\BonkEnc
2010-01-06 23:46:44 0 d-----w- c:\program files (x86)\BonkEnc
2010-01-06 23:37:01 0 d-----w- c:\program files (x86)\mp4UI
2010-01-06 23:26:20 0 d-----w- c:\users\will\appdata\roaming\Yamb
2010-01-06 11:45:58 0 d-----w- c:\programdata\Astar Games
2010-01-06 11:05:20 0 d-----w- c:\programdata\Christmasville
2010-01-03 23:47:45 0 d-----w- C:\TMOTM
2010-01-03 23:46:21 0 d-----w- c:\program files (x86)\Sherlock Holmes - Mystery Of The Mummy
2010-01-03 21:47:17 0 d-----w- c:\users\will\appdata\roaming\Flood Light Games
2010-01-03 21:47:17 0 d-----w- c:\programdata\Flood Light Games
2010-01-03 21:18:05 0 d-----w- c:\programdata\TheFallTrilogy
2010-01-03 09:13:58 0 d-----w- c:\users\will\appdata\roaming\Enlightenus1Beta
2010-01-03 08:03:14 0 d-sh--w- C:\Diskeeper
2010-01-02 20:36:02 0 d-----w- c:\programdata\Diskeeper Corporation
2010-01-02 20:36:02 0 d-----w- c:\program files\common files\Diskeeper Corporation
2010-01-02 20:36:01 0 d-----w- c:\program files\Diskeeper Corporation
2010-01-02 02:43:07 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-01 17:59:40 0 d--h--w- c:\programdata\ArcSoft
2010-01-01 14:07:18 557056 ----a-w- c:\windows\syswow64\AltST.dll
2010-01-01 14:07:18 491520 ----a-w- c:\windows\syswow64\imagx4.dll
2010-01-01 14:07:18 421888 ----a-w- c:\windows\syswow64\imagr4.dll
2010-01-01 14:07:18 38912 ----a-w- c:\windows\syswow64\picn20.dll
2010-01-01 14:07:18 250736 ----a-w- c:\windows\syswow64\ImagXpr4.dll
2010-01-01 14:07:18 0 d-----w- c:\program files (x86)\common files\SoftTech InterCorp
2010-01-01 12:47:38 0 d-----w- c:\users\will\appdata\roaming\YoudaGames
2010-01-01 11:59:41 0 d-----w- c:\program files (x86)\common files\Anvsoft
2010-01-01 11:48:25 0 d-----w- c:\programdata\Socusoft
2010-01-01 09:02:34 1639456 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-01-01 02:11:38 0 d-----w- c:\programdata\Playrix Entertainment
2010-01-01 01:52:59 0 d-----w- c:\programdata\BOONTY
2009-12-31 21:54:05 0 d-----w- c:\users\will\appdata\roaming\Scholastic

==================== Find3M ====================

2010-01-30 13:59:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-14 19:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 00:07:06 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 05:54:12 4096 ----a-w- c:\windows\d3dx.dat
2009-12-18 08:03:30 250400 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-18 08:03:28 1455648 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2009-12-18 08:03:27 929312 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-18 08:03:21 254496 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-17 22:58:04 43664 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2009-12-17 22:58:04 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 22:58:04 165200 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 22:58:04 145360 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-10 22:48:44 51120 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2009-12-04 12:52:18 10105 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-12-04 12:52:17 2857336 ----a-w- c:\windows\syswow64\SpoonUninstall.exe
2009-12-04 12:52:16 14645 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2009-12-02 20:20:56 137608 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2009-11-30 09:36:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 09:36:38 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2009-11-30 09:36:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-30 09:36:38 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17:52 446976 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17:16 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2009-11-25 03:15:36 421376 ----a-w- c:\windows\system32\atipdl64.dll
2009-11-25 03:15:28 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2009-11-25 03:15:14 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll
2009-11-25 03:15:06 12288 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:15:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2009-11-25 03:14:58 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2009-11-25 03:12:12 3055616 ----a-w- c:\windows\syswow64\atidxx32.dll
2009-11-25 03:04:30 3661824 ----a-w- c:\windows\system32\atidxx64.dll
2009-11-25 03:02:20 17625088 ----a-w- c:\windows\system32\atio6axx.dll
2009-11-25 02:55:58 3617792 ----a-w- c:\windows\syswow64\atiumdag.dll
2009-11-25 02:50:14 4683776 ----a-w- c:\windows\system32\atiumd64.dll
2009-11-25 02:44:56 13487616 ----a-w- c:\windows\syswow64\atioglxx.dll
2009-11-25 02:43:54 2601984 ----a-w- c:\windows\system32\atiumd6a.dll
2009-11-25 02:37:58 2899968 ----a-w- c:\windows\syswow64\atiumdva.dll
2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\atimpc64.dll
2009-11-25 02:25:46 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2009-11-25 02:25:16 312320 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:25:08 225280 ----a-w- c:\windows\syswow64\atiadlxy.dll
2009-11-25 02:21:54 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2009-11-25 02:21:52 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2009-11-25 02:21:38 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2009-11-25 02:21:36 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2009-11-25 02:21:24 4740096 ----a-w- c:\windows\system32\aticaldd64.dll
2009-11-25 02:20:26 3629056 ----a-w- c:\windows\syswow64\aticaldd.dll
2009-11-21 03:18:00 4990056 ----a-w- c:\windows\syswow64\NVStWiz.exe
2009-11-18 15:16:00 78936 ----a-w- c:\windows\system32\MBWrp64.dll
2009-11-15 07:12:11 207292 ----a-w- c:\users\will\EditPicLength.exe
2009-11-14 14:12:21 206877 ----a-w- c:\windows\system32\screensaver.scr
2009-11-14 14:12:21 206877 ----a-w- c:\users\will\screensaver.scr
2009-11-06 00:45:08 2046464 ----a-w- c:\windows\system32\BootMan.exe
2009-11-06 00:38:46 1669120 ----a-w- c:\windows\syswow64\BootMan.exe
2009-11-03 02:21:39 74 ----a-w- c:\users\will\CallUnblockR.bat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:53:20.20 ===============

Here is the Attach.txt from DDS:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2009 12:03:07 PM
System Uptime: 1/30/2010 5:58:44 AM (4 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA790X-UD4P
Processor: AMD Phenom™ II X4 940 Processor | Socket M2 | 3158/211mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 199 GiB total, 82.462 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 67.988 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
Q: is FIXED (NTFS) - 393 GiB total, 70.809 GiB free.
W: is FIXED (NTFS) - 298 GiB total, 184.959 GiB free.
X: is FIXED (NTFS) - 466 GiB total, 124.974 GiB free.
Y: is FIXED (NTFS) - 732 GiB total, 423.932 GiB free.
Z: is NetworkDisk (NTFS) - 149 GiB total, 91.562 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: Standard Modem
Device ID: ROOT\MODEM\0000
Manufacturer: (Standard Modem Types)
Name: Standard Modem
PNP Device ID: ROOT\MODEM\0000
Service: Modem

Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00\7&131FC808&0&4C363230354743B915&0
Manufacturer: (Standard disk drives)
Name: EPSON Stylus Storage USB Device
PNP Device ID: USBSTOR\DISK&VEN_EPSON&PROD_STYLUS_STORAGE&REV_1.00\7&131FC808&0&4C363230354743B915&0
Service: disk

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
3DMark06
7-Zip 4.65
AC3Filter 1.63b
Acronis True Image Home
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agatha Christie Evil Under the Sun 1.00
AnalogX TextScan
Ancient Secrets 1.00
APC PowerChute Personal Edition v2.2
Audacity 1.2.6
Audacity 1.3.9 (Unicode)
AutoHotkey 1.0.48.05
Avidemux 2.5
AviSynth 2.5
Badaboom 1.2.1.7
Belkin Storage Manager
BlackBerry Desktop Software 5.0.1
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
ccc-core-static
CCC Help English
CCleaner
Christmasville 1.00
CinePak Codec
Creative Audio Control Panel
Creative EAX Settings
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
Cryostasis (Remove Only)
CSI-Hard Evidence
CSI - NY
CurseThe Eye of IsisJust For Fun Games
Data Lifeguard Diagnostic for Windows
dBpoweramp DSP Effects
dBpoweramp Music Converter
DH Driver Cleaner.NET
DisplayFusion 3.1.5
Doc Convertor 1.0 (Beta)
Driver Sweeper 2.1.0
Dummy File Creator
EASEUS Partition Master 4.1.1 Professional
Emerald City Confidential 1.00
Enlightenus 1.00
EPSON Scan
erLT
EVGA Precision 1.8.1
FahMon - Folding@home client monitoring software
ffdshow [rev 3029] [2009-07-10]
Folding@home-gpu
FormatFactory 2.15
Futuremark SystemInfo
Ghost in the Sheet 1.00
Gigabyte Raid Configurer
Google Chrome
Google SketchUp 7
Green Moon 1.00
Haali Media Splitter
HFM.NET 0.4.7.104
Hidato Adventures 1.0.24
HiJackThis
ICUII
ImgBurn
Internet TV for Windows Media Center
IrfanView (remove only)
Java™ 6 Update 16
Java™ 6 Update 17
Java™ 6 Update 18
Joan Jade and the Gates of Xibalba 1.00
Junk Mail filter update
LAME v3.98.2 for Audacity
LastPass (uninstall only)
Logitech SetPoint
MagicDisc 2.7.106
MakeitOne - MP3AlbumMaker
Malwarebytes' Anti-Malware
Mary Kay Andrews The Fixer Upper 1.00
Mata Hari
Media Browser
Media Center Studio
Microsoft Choice Guard
Microsoft RichCopy 4.0
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Debugging Symbols
Microsoft Windows Media Video 9 VCM
Mortimer Beckett And The Time Paradox FINAL 1.00
Mozilla Firefox (3.5.7)
mp4UI
MSVCRT
Mystery of Unicorn Castle 1.00
Noise Reduction Plug-in 2.0i
Notepad++
NVIDIA PhysX
OpenAL
OpenOffice.org 3.1
oZone3D.Net FurMark v1.7.0
PandoraRecovery (Remove Only)
PC Wizard 2009.1.911
PDF Settings
Pegasus Imaging PICVideo Motion JPEG 3.0
Photo Story 3 for Windows
QuickTime
Real Alternative 2.0.1 Lite
Realtek Ethernet Controller Driver For Windows Vista and Later
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RUNAWAY: A TWIST OF FATE (English)
Security Update for CAPICOM (KB931906)
Skype™ 4.1
Sound Forge Pro 10.0
System Requirements Lab
TeamViewer 5
The Clumsys 2 Butterfly Effect 1.00
The Fall Trilogy 1.00
TrueCrypt
TunerFree MCE
Unigine Heaven Benchmark v1.0
Video Thumbnails Maker by Scorp (remove only)
VirtualDub Filter Pack 1.1
VLC media player 1.0.2
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Center Add-in for Flash
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinFF 1.1
XnView 1.96.5
XviD MPEG-4 Video Codec rev.1.2.2
XviD4PSP 5.0

==== Event Viewer Messages From Past Week ========

1/29/2010 3:25:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/29/2010 2:23:34 AM, Error: volsnap [36] - The shadow copies of volume W: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/28/2010 6:56:45 PM, Error: volsnap [36] - The shadow copies of volume Y: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/28/2010 6:35:44 PM, Error: volsnap [36] - The shadow copies of volume X: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/28/2010 1:09:59 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
1/28/2010 1:09:44 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/27/2010 8:52:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
1/27/2010 8:33:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.
1/27/2010 6:24:36 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
1/27/2010 2:38:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB977074).
1/27/2010 2:32:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vpcnfltr vpcvmm Wanarpv6 WfpLwf
1/27/2010 2:32:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 2:32:12 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
1/26/2010 7:01:59 AM, Error: volsnap [36] - The shadow copies of volume Q: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/25/2010 1:12:42 PM, Error: Service Control Manager [7034] - The mcShoutCastECommerceService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


***NOTE: shortly after posting this, one of the engineers on this site alerted me to one of the lines above, regarding "c:\windows\syswow64\slcexxt.dll", which turned out to be a Win32.Trojan -- so whatever other issues I have, that is no longer one of them.

Wondering if my decision to switch from Avast to Microsoft Security Essentials was wise or not . . .

Edited by WillyBob, 30 January 2010 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:21 PM

Posted 07 February 2010 - 10:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 08 February 2010 - 06:40 AM

Hi,

Thanks for getting back to me.

Here are the results of the DDS & GMER scans, and I have attached the DDS attach.txt as well.

Thank you,


DDS (Ver_09-12-01.01) - NTFSX64
Run by Will at 3:22:01.34 on Mon 02/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.2068 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\Users\Will\RunApps\cnqsvc64_0_08\cnqsvc64.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe
C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe
C:\Program Files\mcShoutCast\ShoutCastProxyService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Will\RunApps\SysinternalsSuite\procexp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Will\RunApps\SysinternalsSuite\procexp64.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\system32\taskeng.exe
C:\Users\Will\RunApps\CoreTemp64Beta2\Core Temp.exe
C:\Windows\system32\taskhost.exe
C:\Users\Will\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\LogonUI.exe
C:\Users\Will\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files (x86)\lastpass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar.dll
uRun: [DisplayFusion] "c:\program files (x86)\displayfusion\DisplayFusion.exe"
uRun: [OpenDNS Updater] "c:\program files (x86)\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [FahSpy] "c:\users\will\runapps\fahspy201\FahSpy.exe"
mRun: [<NO NAME>]
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [Belkin Storage Manager] "c:\program files (x86)\belkin storage manager\StorageManager.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [UnlockerAssistant] "c:\program files (x86)\unlocker\UnlockerAssistant.exe"
mRun: [EVGAPrecision] "c:\program files (x86)\evga precision\EVGAPrecisionWrapper.exe" /s
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\startu~1.lnk - c:\users\will\runapps\StartupScript.ahk
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\runtim~1.lnk - c:\users\will\runapps\RuntimeHotkeys.ahk
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\autorunsdisabled\vme 1.2.lnk.disabled
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: LastPass - file://c:\program files (x86)\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\lastpass\context.html?cmd=fillforms
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1258771289085
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
IFEO: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
IFEO-X64: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\will\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2010-2-4 231224]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-10-29 1455648]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2010-1-30 121672]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 203264]
R2 AntiVirFirewallService;Avira Firewall;c:\program files (x86)\avira\antivir desktop\avfwsvc.exe [2010-1-30 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\avira\antivir desktop\avmailc.exe [2010-1-30 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-1-30 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-1-30 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\avira\antivir desktop\avwebgrd.exe [2010-1-30 434945]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-30 74880]
R2 CNQSvc64;CNQSvc64;c:\users\will\runapps\cnqsvc64_0_08\cnqsvc64.exe [2010-2-4 90624]
R2 mcShoutCastECommerceService;mcShoutCastECommerceService;c:\program files\mcshoutcast\mcShoutCastECommerceService.exe [2009-12-15 8192]
R2 mcShoutCastLauraFM;mcShoutCastLauraFM;c:\program files\mcshoutcast\ShoutCastLauraFMService.exe [2009-12-15 7680]
R2 mcShoutCastProxy;mcShoutCastProxy;c:\program files\mcshoutcast\ShoutCastProxyService.exe [2009-12-15 58880]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2010-1-30 87552]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2009-11-11 51120]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-29 327576]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-29 6377496]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\will\runapps\cnqsvc64_0_08\WinRing0x64.sys [2010-2-4 14544]
S2 PASW;Process Activation Service;c:\windows\system32\psactive.exe --> c:\windows\system32\psactive.exe [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-18 250400]
S3 atillk64;atillk64;w:\downloads\@oc\winflash2017\atillk64.sys [2006-7-19 14608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-1-27 79360]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-11-18 12744]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-20 16776]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-10-29 137608]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-20 9096]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-29 30232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-12-17 43664]
S4 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2009-12-18 2326920]
S4 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-29 190488]
S4 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
S4 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\milliesoft\tunerfreemce\TunerFreeMCEService.exe [2009-10-28 9216]

=============== Created Last 30 ================

2010-02-08 11:19:36 0 --sha-w- C:\DkHyperbootSync
2010-02-04 12:16:28 231224 ----a-w- c:\windows\system32\drivers\ahcix64s.sys
2010-02-04 11:11:54 896 ----a-w- c:\windows\system32\wbem\ServiceModel.mof.uninstall
2010-02-04 11:11:54 83607 ----a-w- c:\windows\system32\wbem\ServiceModel.mof
2010-02-04 11:11:52 0 d-----w- c:\program files\Reference Assemblies
2010-02-04 11:11:52 0 d-----w- c:\program files\MSBuild
2010-02-04 09:31:25 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-02-03 20:48:25 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-03 20:41:44 0 d-----w- C:\NVIDIA
2010-02-03 17:13:01 0 d-----w- c:\users\will\appdata\roaming\Top Evidence
2010-02-03 17:13:01 0 d-----w- c:\programdata\Top Evidence
2010-02-03 17:12:02 0 d-----w- c:\windows\Haunted Mansion Mirrors
2010-02-03 17:12:02 0 d-----w- c:\program files (x86)\Haunted Mansion Mirrors
2010-02-03 15:55:10 0 d-----w- c:\programdata\NVIDIA
2010-02-03 15:41:59 645736 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-03 15:41:50 645736 ----a-w- c:\windows\system32\nvudisp.exe
2010-02-03 15:41:49 9880 ----a-w- c:\windows\system32\nvdisp.nvu
2010-02-03 15:41:46 159232 ----a-w- c:\windows\system32\nvcod146.dll
2010-02-03 15:41:46 1579112 ----a-w- c:\windows\system32\nvapi64.dll
2010-02-03 11:52:31 0 d-----w- c:\users\will\appdata\roaming\com.adobe.example.NatGeo-Traveler-Italy
2010-02-03 11:46:39 71002 ----a-w- c:\users\will\RivaTuner.reg
2010-02-03 11:21:36 0 d-----w- c:\windows\NatGeo-Traveler-Italy
2010-02-03 11:21:36 0 d-----w- c:\program files (x86)\NatGeo-Traveler-Italy
2010-02-03 08:45:33 0 d-----w- c:\users\will\appdata\roaming\BloodTies
2010-02-03 08:36:13 0 d-----w- c:\program files (x86)\Blood Ties
2010-02-03 08:28:29 0 d-----w- c:\users\will\appdata\roaming\Process Hacker
2010-02-03 08:28:07 0 d-----w- c:\program files\Process Hacker
2010-02-03 05:46:04 0 d-----w- c:\program files (x86)\common files\Steam
2010-02-03 05:46:03 0 d-----w- c:\program files (x86)\Steam
2010-02-03 00:15:24 0 d-----w- c:\program files (x86)\ATITool
2010-02-02 10:00:29 0 d-----w- c:\program files (x86)\EVGA Precision
2010-02-02 09:24:56 0 d-----w- c:\programdata\SugarGames
2010-02-02 09:01:46 0 d-----w- c:\programdata\JollyBear
2010-02-02 01:57:27 585649760 ----a-w- c:\windows\MEMORY.DMP
2010-02-01 18:05:32 0 d-----w- c:\users\will\appdata\roaming\GameMill
2010-02-01 18:05:32 0 d-----w- c:\programdata\GameMill
2010-02-01 17:45:25 0 d-----w- c:\users\will\appdata\roaming\Gestalt Games
2010-02-01 11:34:46 115920 ----a-w- c:\windows\syswow64\MSINET.OCX
2010-02-01 11:34:45 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL
2010-02-01 11:34:44 0 d-----w- c:\program files (x86)\EULAlyzer
2010-02-01 11:10:31 0 d-----w- c:\users\will\appdata\roaming\OpenDNS Updater
2010-02-01 11:10:30 0 d-----w- c:\program files (x86)\OpenDNS Updater
2010-02-01 10:42:02 0 d-----w- C:\!KillBox
2010-01-30 22:57:31 0 d-----w- c:\users\will\appdata\roaming\Avira
2010-01-30 22:51:14 87552 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-01-30 22:51:14 74880 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-30 22:51:14 121672 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-01-30 22:51:12 0 d-----w- c:\programdata\Avira
2010-01-30 22:51:12 0 d-----w- c:\program files (x86)\Avira
2010-01-30 13:13:30 0 d-----w- C:\APCPowerChuteConfig
2010-01-28 12:43:43 0 d-----w- c:\users\will\appdata\roaming\Enlightenus
2010-01-28 12:08:43 0 d-----w- c:\users\will\appdata\roaming\BanzaiInteractive
2010-01-28 12:08:43 0 d-----w- c:\programdata\BanzaiInteractive
2010-01-28 09:09:45 0 d-----w- c:\users\will\appdata\roaming\Ubisoft
2010-01-28 09:02:26 0 d-----w- c:\windows\CSI - NY
2010-01-28 00:28:40 0 d-----w- c:\users\will\.VirtualBox
2010-01-28 00:27:14 193232 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-01-28 00:27:00 53264 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-01-27 13:27:29 0 d-----w- c:\programdata\Creative Labs
2010-01-27 10:19:29 7062 ----a-w- c:\windows\syswow64\audiopid.vxd
2010-01-27 10:19:01 0 d-----w- c:\program files (x86)\common files\Creative
2010-01-27 10:19:00 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-01-27 10:18:35 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-01-27 10:18:24 0 d-----w- c:\program files\Creative
2010-01-27 08:41:29 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 08:41:29 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-27 08:41:28 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 20:09:55 0 d-----w- c:\program files (x86)\Yahoo!
2010-01-26 17:08:19 0 ----a-we c:\users\will\Working Folder.lnk
2010-01-26 14:10:30 9163 ----a-w- c:\windows\system32\nvinfo.pb
2010-01-25 23:15:33 0 d-----w- c:\users\will\appdata\roaming\MorarChat
2010-01-25 09:09:38 0 d-----w- c:\users\will\appdata\roaming\LegacyInteractive
2010-01-25 03:38:27 0 d-----w- c:\users\will\appdata\roaming\SevenSails
2010-01-25 03:01:39 0 d-----w- c:\users\will\Million
2010-01-24 07:35:17 0 d-----w- c:\programdata\Artifex Mundi
2010-01-24 06:30:36 0 d-----w- c:\users\will\appdata\roaming\Green Clover Games
2010-01-24 06:30:36 0 d-----w- c:\programdata\Green Clover Games
2010-01-24 00:35:45 65536 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TM.blf
2010-01-24 00:35:45 524288 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TMContainer00000000000000000002.regtrans-ms
2010-01-24 00:35:45 524288 --sha-w- c:\users\will\ntuser.dat{481723dc-0880-11df-9783-00241d1f8839}.TMContainer00000000000000000001.regtrans-ms
2010-01-21 19:52:15 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-21 19:52:15 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-21 19:52:12 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-21 19:52:12 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-21 19:52:12 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 19:52:11 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-21 19:52:11 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-20 10:24:34 0 d-----w- c:\program files (x86)\CurseThe Eye of Isis
2010-01-20 10:24:04 0 d-----w- c:\program files (x86)\Curse of Iris
2010-01-20 09:31:59 0 d-----w- c:\programdata\Meridian93
2010-01-20 09:31:19 0 d-----w- c:\users\will\appdata\roaming\Meridian93
2010-01-20 08:40:01 0 d-----w- c:\users\will\appdata\roaming\GOA
2010-01-20 08:40:01 0 d-----w- c:\programdata\GOA
2010-01-20 07:31:38 0 d-----w- c:\program files (x86)\WMR14
2010-01-19 12:49:55 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-01-19 12:49:55 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-01-19 12:49:55 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-01-19 12:49:54 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-01-19 12:49:54 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-01-19 12:49:53 0 d-----w- c:\program files (x86)\Real Alternative
2010-01-18 14:34:24 0 d-----w- C:\games
2010-01-18 03:12:21 0 d-----w- c:\programdata\MediaBrowser
2010-01-18 03:12:09 0 d-----w- c:\program files (x86)\MediaBrowser
2010-01-17 22:46:59 8897 ----a-w- c:\windows\syswow64\CTAPO64.cat
2010-01-17 10:12:16 0 d-----w- c:\users\will\appdata\roaming\Quirky Games
2010-01-16 06:20:00 0 d-----w- c:\users\will\appdata\roaming\2monkeys
2010-01-16 03:12:11 0 d-----w- c:\users\will\appdata\roaming\Little Games Company
2010-01-16 03:12:11 0 d-----w- c:\programdata\Little Games Company
2010-01-15 12:16:19 61 ----a-w- c:\windows\sbwin.ini
2010-01-14 08:01:52 61440 ----a-w- c:\windows\UnDeploy.exe
2010-01-14 00:12:23 4174814 ------w- c:\windows\syswow64\CT4MGM.SF2
2010-01-14 00:12:23 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-14 00:12:23 2167684 ------w- c:\windows\syswow64\CT2MGM.SF2
2010-01-14 00:12:23 2167684 ------w- c:\windows\system32\CT2MGM.SF2
2010-01-14 00:12:20 0 d-----w- c:\programdata\Creative
2010-01-14 00:11:22 78 ----a-w- c:\windows\syswow64\ctzapxx.ini
2010-01-14 00:11:22 3348 ----a-w- c:\windows\syswow64\ludap17.ini
2010-01-14 00:11:22 11264 ----a-w- c:\windows\syswow64\INRES.DLL
2010-01-14 00:11:22 0 d-----w- c:\windows\syswow64\Data
2010-01-14 00:11:22 0 d-----w- c:\windows\system32\Data
2010-01-14 00:11:20 2873820 ------w- c:\windows\syswow64\Sens_oal.dll
2010-01-14 00:11:20 1908736 ------w- c:\windows\system32\Sens_oal.dll
2010-01-14 00:10:54 0 d-----w- c:\program files (x86)\Creative
2010-01-13 23:38:19 0 d-----w- c:\programdata\NOS
2010-01-13 09:42:23 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:42:23 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 09:42:22 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 09:42:22 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 07:55:20 0 d-----w- c:\program files\mcShoutCast
2010-01-13 07:55:19 0 d-----w- c:\programdata\mcShoutCast
2010-01-12 07:19:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-12 07:19:00 14822504 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 07:19:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 07:19:00 1037416 ----a-w- c:\windows\system32\nvsvc64.dll
2010-01-12 07:18:54 65332 ----a-w- c:\windows\system32\NvwsApps.xml
2010-01-12 07:18:54 271481 ----a-w- c:\windows\system32\NvApps.xml
2010-01-12 01:17:31 0 d-----w- c:\windows\syswow64\RTCOM
2010-01-12 01:17:31 0 d-----w- c:\program files\Realtek
2010-01-11 09:20:53 0 d-----w- c:\programdata\saves
2010-01-11 09:06:45 0 d-----w- c:\users\will\appdata\roaming\EleFun Games
2010-01-11 09:03:30 0 d-----w- c:\users\will\appdata\roaming\Once Upon a Time in Chicago
2010-01-11 09:03:30 0 d-----w- c:\programdata\Once Upon a Time in Chicago
2010-01-11 08:50:01 0 d-----w- c:\windows\TheJollyGangsSpookyAdventure
2010-01-11 08:49:34 0 d-----w- c:\windows\Superior Save
2010-01-11 08:48:48 0 d-----w- c:\windows\Once Upon a Time in Chicago
2010-01-11 04:34:59 0 d-----w- c:\users\will\appdata\roaming\TheFixerUpper
2010-01-10 23:55:24 0 d-----w- c:\users\will\appdata\roaming\HSA
2010-01-10 23:37:58 0 d-----w- c:\programdata\iWin Games
2010-01-10 21:58:28 0 d-----w- c:\windows\Art Detective
2010-01-10 21:48:24 0 d-----w- c:\users\will\appdata\roaming\Hidato
2010-01-10 21:48:24 0 d-----w- c:\programdata\Hidato
2010-01-10 21:48:07 0 d-----w- c:\program files (x86)\Gameblend Studios

==================== Find3M ====================

2010-02-07 03:48:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-04 11:11:49 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-02-04 11:11:49 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2010-02-04 11:11:49 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2010-02-04 11:11:49 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2010-02-04 09:47:30 1280616 ----a-w- c:\windows\syswow64\nvapi.dll
2010-01-14 19:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 00:07:06 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 05:54:12 4096 ----a-w- c:\windows\d3dx.dat
2009-12-18 08:03:30 250400 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-12-18 08:03:28 1455648 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
2009-12-18 08:03:27 929312 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-12-18 08:03:21 254496 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-12-17 22:58:04 43664 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2009-12-17 22:58:04 145360 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-10 22:48:44 51120 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2009-12-08 10:34:30 1639456 ----a-w- c:\windows\system32\RtkAPO64.dll
2009-12-04 12:52:18 10105 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-12-04 12:52:17 2857336 ----a-w- c:\windows\syswow64\SpoonUninstall.exe
2009-12-04 12:52:16 14645 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-30 09:36:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 09:36:38 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2009-11-30 09:36:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-30 09:36:38 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2009-11-21 03:18:00 4990056 ----a-w- c:\windows\syswow64\NVStWiz.exe
2009-11-18 15:16:00 78936 ----a-w- c:\windows\system32\MBWrp64.dll
2009-11-15 07:12:11 207292 ----a-w- c:\users\will\EditPicLength.exe
2009-11-14 14:12:21 206877 ----a-w- c:\windows\system32\screensaver.scr
2009-11-14 14:12:21 206877 ----a-w- c:\users\will\screensaver.scr
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 3:22:30.58 ===============



and the GMER scan results:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 03:29:36
Windows 6.1.7600
Running: x7dh5ppq.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@W:\Downloads\@Games\Virtually Game\Virtually Game\Oxs!\xae VirtuallyJenna Mod 2.025.002.555 K17.exe 1

---- EOF - GMER 1.0.15 ----

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:21 PM

Posted 09 February 2010 - 01:22 PM

Hello, WillyBob
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 09 February 2010 - 03:43 PM

Thanks,

Well, about 2 or 3 days ago, I started getting BSOD's, and just in case you want to check out the debug reports (yes, I know how to use WINDBG... I was a software tester @ Microsoft for 10 years, so this is good news... you can shorthand a lot of the instructions... i.e. I know how to use a command prompt... I program... I can use regedit... etc. etc...)

Anyway, the bugcheck were caused by, I believe now, a faulty NVidia set of drivers... leftover from when I had an ATI card as my primary display card, and the NVidia card that I am using now as the secondary card. I had installed a modified version of Physx in order to try to get CUDA running so that I could run the Folding@Home application (which is a distributed computing application helping Stanford University to do medical research) in a more efficient way.

To cut to the chase, I read your message but unfortunately I have changed more than a few things since the original post. Basically, I didn't know right away that the BSODs were caused by the NVidia driver, so I first uninstalled my AV & Security suite which I had recently installed (AVIRA Premium Security Suite) -- and I reinstalled AVAST, which I had been using with success for years. Also, I uninstalled some other programs which I thought might have been at fault, and then finally, I completely wiped the NVidia drivers and software using "Driver Cleaner.Net" and installed an earlier version, which is known to work well with my Folding@Home application. I am now running Nvidia 191.07, from September 2009. I had been having blue screens about every 2 or 3 hours, but since haven't had any since switching out that bad NVidia driver -- it's only been 6 hours, but I feel confident that at least that issue is gone. Phew.

Sorry if this complicates the task at hand -- and please let me know if the following scans are therefore useless and I need to start over again with DDS & whatever else you prescribe -- I thank you very kindly for your help!!

But I am sure it is better to have disclosed all this than to go ahead without mentioning the issues & changes.

Regards,

Will

I like to insert double lines of ** before and after each pasted log file so we can tell where the logs being/end

So, here is the MBAM log. I actually already had it installed, and when it runs a Quick Scan, I think it only checks the C drive, so I could run it again if you think I should, because in addition to the C Drive, I also have drives D:, H:, Q:, W:, X:, and Y:

*****************************
*****************************

Malwarebytes' Anti-Malware 1.44
Database version: 3715
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/9/2010 11:58:48 AM
mbam-log-2010-02-09 (11-58-48).txt

Scan type: Quick Scan
Objects scanned: 115186
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**************************
**************************

Here is the OTL log (OTL.txt:

**************************
**************************

OTL logfile created on: 2/9/2010 12:01:31 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Will\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 4100 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199.09 Gb Total Space | 70.32 Gb Free Space | 35.32% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 65.36 Gb Free Space | 89.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 392.51 Gb Total Space | 78.79 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive W: | 298.08 Gb Total Space | 181.50 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive X: | 465.70 Gb Total Space | 133.24 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 361.41 Gb Free Space | 49.35% Space Free | Partition Type: NTFS
Drive Z: | 149.05 Gb Total Space | 91.56 Gb Free Space | 61.43% Space Free | Partition Type: NTFS

Computer Name: SCHMOHAWK
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/09 11:56:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2010/01/28 14:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/13 08:26:02 | 000,624,128 | ---- | M] () -- C:\Users\Will\RunApps\fahspy201\FahSpy.exe
PRC - [2010/01/06 08:17:47 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 18:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/11/16 11:58:38 | 000,839,168 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/29 15:48:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009/10/29 15:48:44 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2009/10/29 11:47:42 | 000,092,848 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2009/10/29 11:47:26 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/10/29 11:47:26 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/10/29 11:47:13 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/25 10:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/22 10:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/06 23:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2008/12/18 23:55:30 | 003,549,552 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Will\RunApps\SysinternalsSuite\procexp.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


========== Modules (SafeList) ==========

MOD - [2010/02/09 11:56:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2009/10/29 11:47:42 | 000,048,304 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.dll
MOD - [2009/07/20 03:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 03:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 17:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 13:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/01/28 14:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/12/24 08:55:30 | 002,430,304 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/12/15 21:58:56 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)
SRV:64bit: - [2009/12/15 21:58:44 | 000,007,680 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)
SRV:64bit: - [2009/12/15 21:58:14 | 000,058,880 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)
SRV:64bit: - [2009/10/29 11:46:52 | 000,190,488 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 17:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 17:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 17:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 17:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 17:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 17:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 17:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 17:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 17:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 17:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 17:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 17:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 17:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 17:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 17:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 17:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 17:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/04/29 02:07:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/01/27 02:18:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/18 00:03:30 | 002,326,920 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/12/17 08:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/16 18:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/10/29 11:47:26 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/10/28 08:03:16 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [Auto | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 12:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/12 19:55:46 | 000,090,624 | ---- | M] () [Auto | Running] -- c:\Users\Will\RunApps\cnqsvc64_0_08\cnqsvc64.exe -- (CNQSvc64)
SRV - [2009/06/10 12:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/08/01 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\psactive.exe -- (PASW)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 1E C6 D2 6E A9 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.63.20091024
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: faviconizetab@espion.just-size.jp:1.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.2
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.64.4
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: tabkit@jomel.me.uk:0.5.8
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.6
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.36
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.5.0.0
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.5


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/25 10:31:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/19 04:49:57 | 000,000,000 | ---D | M]

[2009/10/29 15:55:04 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/02/09 11:55:48 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions
[2009/11/01 04:37:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/01/25 04:23:39 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/11 20:29:37 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/01/26 09:04:30 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/11/18 10:31:33 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2010/01/28 07:15:09 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/11/09 03:42:13 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/01/12 19:58:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/24 18:12:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\add-to-searchbox@maltekraus.de
[2009/12/11 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\faviconizetab@espion.just-size.jp
[2009/12/15 04:53:49 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox1@myibay.com
[2009/12/05 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\foxmarks@kei.com
[2009/11/10 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\ietab@ip.cn
[2009/12/26 01:31:20 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\isreaditlater@ideashower.com
[2010/01/26 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\smarterwiki@wikiatic.com
[2010/01/09 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\support@lastpass.com
[2009/12/14 18:56:33 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\tabkit@jomel.me.uk
[2010/01/24 18:12:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/02/09 04:45:52 | 000,002,291 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\surf-canyon.xml
[2009/11/01 04:06:34 | 000,001,840 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\videohelpcom---forum-guides-tools-and-hardware-lists.xml
[2009/11/03 02:24:40 | 000,001,607 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\xxx-video-theater-has-hundreds-of-new-xxx-sex-movies-and-vid.xml
[2010/02/09 11:55:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/10/29 11:48:32 | 000,000,000 | ---D | M] (Seekapp) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}

O1 HOSTS File: ([2009/11/11 06:57:58 | 000,352,071 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 12065 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files (x86)\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [FahSpy] C:\Users\Will\RunApps\fahspy201\FahSpy.exe ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009/12/16 19:05:01 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupScript.ahk.lnk = C:\Users\Will\RunApps\StartupScript.ahk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1258771289085 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.67.222.222 208.67.220.220 192.168.2.1
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 03:03:34 | 000,000,000 | ---D | M] - W:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - W:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell\AutoRun\command - "" = E:\Main\autorun\Autorun.exe -- File not found
O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ncd.exe -- File not found
O33 - MountPoints2\{9f1a46e2-eed7-11de-8a99-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9f1a46e2-eed7-11de-8a99-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun\AutoRun.bat -- File not found
O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell - "" = AutoRun
O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell\AutoRun\command - "" = F:\Machinarium_Setup_EN.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 19:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/09 11:56:23 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/02/09 07:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/02/09 07:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/02/09 07:18:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/02/09 02:33:03 | 000,120,912 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/02/09 02:33:03 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/02/09 02:33:01 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/02/09 02:33:00 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/02/09 02:33:00 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/02/09 02:32:44 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/02/09 02:32:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/02/09 02:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/08 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\vlc
[2010/02/08 21:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealMedia
[2010/02/08 21:48:02 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Real
[2010/02/08 16:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Corporation
[2010/02/08 15:58:00 | 000,000,000 | ---D | C] -- Q:\Documents\Games for Windows - LIVE Demos
[2010/02/08 15:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/02/08 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/02/08 03:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Machinarium
[2010/02/04 03:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2010/02/04 03:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2010/02/04 03:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/04 03:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/03 12:41:44 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/02/03 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Top Evidence
[2010/02/03 09:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2010/02/03 09:12:02 | 000,000,000 | ---D | C] -- C:\Windows\Haunted Mansion Mirrors
[2010/02/03 09:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haunted Mansion Mirrors
[2010/02/03 07:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/02/03 03:52:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\com.adobe.example.NatGeo-Traveler-Italy
[2010/02/03 03:21:36 | 000,000,000 | ---D | C] -- C:\Windows\NatGeo-Traveler-Italy
[2010/02/03 03:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NatGeo-Traveler-Italy
[2010/02/03 01:17:45 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\CrashDumps
[2010/02/03 00:45:33 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\BloodTies
[2010/02/03 00:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blood Ties
[2010/02/03 00:28:29 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Process Hacker
[2010/02/03 00:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker
[2010/02/02 02:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2010/02/02 01:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2010/02/02 01:01:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\JollyBear
[2010/02/02 01:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2010/02/01 10:05:32 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\GameMill
[2010/02/01 10:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\GameMill
[2010/02/01 09:45:25 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Gestalt Games
[2010/02/01 03:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EULAlyzer
[2010/02/01 03:10:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\OpenDNS Updater
[2010/02/01 03:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2010/02/01 02:42:02 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/01/30 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/01/30 13:14:56 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/01/30 05:13:30 | 000,000,000 | ---D | C] -- C:\APCPowerChuteConfig
[2010/01/28 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010/01/28 04:43:43 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Enlightenus
[2010/01/28 04:08:43 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\BanzaiInteractive
[2010/01/28 04:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\BanzaiInteractive
[2010/01/28 01:09:45 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Ubisoft
[2010/01/28 01:02:26 | 000,000,000 | ---D | C] -- C:\Windows\CSI - NY
[2010/01/27 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\Will\.VirtualBox
[2010/01/27 05:47:10 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Creative
[2010/01/27 05:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2010/01/27 02:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/01/27 02:19:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010/01/27 02:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/01/27 02:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/01/26 12:12:31 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Yahoo
[2010/01/26 12:11:08 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Yahoo!
[2010/01/26 12:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/09 12:06:38 | 010,747,904 | -HS- | M] () -- C:\Users\Will\ntuser.dat
[2010/02/09 11:56:18 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/02/09 11:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2713908214-556201846-4063999915-1001UA.job
[2010/02/09 11:34:50 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 11:34:50 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 09:38:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/02/09 07:21:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/09 07:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/09 07:20:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/02/09 07:20:30 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 06:55:59 | 588,418,656 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/09 04:49:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2713908214-556201846-4063999915-1001Core.job
[2010/02/09 03:34:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/02/09 02:33:03 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/09 02:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/02/09 01:58:08 | 002,215,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/08 22:22:06 | 000,049,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/08 22:22:06 | 000,048,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/08 22:22:06 | 000,012,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/08 22:16:41 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/02/08 21:55:59 | 000,039,936 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 21:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/02/08 17:47:33 | 000,000,587 | ---- | M] () -- C:\Users\Will\SciTE.session
[2010/02/08 16:23:33 | 000,001,656 | ---- | M] () -- Q:\Documents\584109eb_NachoBidness.sav
[2010/02/08 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/02/08 03:59:38 | 000,001,043 | ---- | M] () -- C:\Users\Will\Desktop\Machinarium.lnk
[2010/02/08 02:50:03 | 000,002,230 | ---- | M] () -- C:\Users\Will\Desktop\The Lost Cases of Sherlock Holmes.lnk
[2010/02/08 00:06:01 | 000,002,373 | ---- | M] () -- C:\Users\Will\Desktop\Sarah Maribu and the Lost World.lnk
[2010/02/07 09:50:14 | 000,002,080 | ---- | M] () -- C:\Users\Will\Desktop\Unexpected Journey.lnk
[2010/02/06 22:30:47 | 000,002,250 | ---- | M] () -- C:\Users\Will\Desktop\Nightfall Mysteries Curse of the Opera.lnk
[2010/02/06 21:48:22 | 000,000,466 | ---- | M] () -- C:\Windows\win.ini
[2010/02/03 13:49:03 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/02/03 12:23:32 | 000,951,948 | ---- | M] () -- C:\Users\Will\Desktop\WC Cleaning and Set-Up.pdf
[2010/02/03 09:12:27 | 000,002,111 | ---- | M] () -- C:\Users\Will\Desktop\Haunted Mansion Mirrors.lnk
[2010/02/03 03:46:39 | 000,071,002 | ---- | M] () -- C:\Users\Will\RivaTuner.reg
[2010/02/03 03:21:49 | 000,002,093 | ---- | M] () -- C:\Users\Will\Desktop\NatGeo-Traveler-Italy.lnk
[2010/02/03 00:36:13 | 000,001,301 | ---- | M] () -- C:\Users\Will\Desktop\Blood Ties.lnk
[2010/02/01 10:10:45 | 000,002,259 | ---- | M] () -- C:\Users\Will\Desktop\Lost Secrets Ancient Mysteries.lnk
[2010/02/01 09:43:42 | 000,002,303 | ---- | M] () -- C:\Users\Will\Desktop\Big City Adventure Vancouver CE.lnk
[2010/02/01 09:43:29 | 000,002,172 | ---- | M] () -- C:\Users\Will\Desktop\Matchmaker Joining Hearts.lnk
[2010/01/28 17:24:23 | 000,002,275 | ---- | M] () -- C:\Users\Public\Desktop\CSI-Hard Evidence.lnk
[2010/01/28 14:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/01/28 14:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/01/28 13:57:59 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/01/28 13:57:40 | 000,120,912 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/01/28 13:54:45 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/01/28 13:54:30 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/01/28 13:54:07 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/01/28 04:07:34 | 000,002,224 | ---- | M] () -- C:\Users\Will\Desktop\The Clumsys 2 Butterfly Effect.lnk
[2010/01/27 23:09:50 | 000,001,271 | ---- | M] () -- Q:\Documents\AutoHotkey.ahk
[2010/01/27 02:17:51 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/09 02:33:03 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/08 16:04:55 | 000,001,656 | ---- | C] () -- Q:\Documents\584109eb_NachoBidness.sav
[2010/02/08 03:59:38 | 000,001,043 | ---- | C] () -- C:\Users\Will\Desktop\Machinarium.lnk
[2010/02/08 02:50:03 | 000,002,230 | ---- | C] () -- C:\Users\Will\Desktop\The Lost Cases of Sherlock Holmes.lnk
[2010/02/08 00:06:01 | 000,002,373 | ---- | C] () -- C:\Users\Will\Desktop\Sarah Maribu and the Lost World.lnk
[2010/02/07 09:50:14 | 000,002,080 | ---- | C] () -- C:\Users\Will\Desktop\Unexpected Journey.lnk
[2010/02/06 22:30:47 | 000,002,250 | ---- | C] () -- C:\Users\Will\Desktop\Nightfall Mysteries Curse of the Opera.lnk
[2010/02/04 03:48:40 | 3214,204,928 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/03 12:23:32 | 000,951,948 | ---- | C] () -- C:\Users\Will\Desktop\WC Cleaning and Set-Up.pdf
[2010/02/03 09:12:27 | 000,002,111 | ---- | C] () -- C:\Users\Will\Desktop\Haunted Mansion Mirrors.lnk
[2010/02/03 03:46:39 | 000,071,002 | ---- | C] () -- C:\Users\Will\RivaTuner.reg
[2010/02/03 03:21:49 | 000,002,093 | ---- | C] () -- C:\Users\Will\Desktop\NatGeo-Traveler-Italy.lnk
[2010/02/03 00:36:13 | 000,001,301 | ---- | C] () -- C:\Users\Will\Desktop\Blood Ties.lnk
[2010/02/01 17:57:27 | 588,418,656 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/01 10:05:29 | 000,002,259 | ---- | C] () -- C:\Users\Will\Desktop\Lost Secrets Ancient Mysteries.lnk
[2010/02/01 09:43:42 | 000,002,303 | ---- | C] () -- C:\Users\Will\Desktop\Big City Adventure Vancouver CE.lnk
[2010/02/01 09:43:29 | 000,002,172 | ---- | C] () -- C:\Users\Will\Desktop\Matchmaker Joining Hearts.lnk
[2010/01/28 17:20:53 | 000,002,275 | ---- | C] () -- C:\Users\Public\Desktop\CSI-Hard Evidence.lnk
[2010/01/28 04:07:34 | 000,002,224 | ---- | C] () -- C:\Users\Will\Desktop\The Clumsys 2 Butterfly Effect.lnk
[2010/01/27 02:19:29 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010/01/15 04:16:19 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/01/13 16:11:22 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2010/01/13 16:11:22 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/12/29 09:12:09 | 000,516,324 | ---- | C] () -- C:\Windows\SysWow64\pschmdrf.dll
[2009/12/06 21:09:02 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2009/12/06 02:19:19 | 000,413,696 | ---- | C] () -- C:\Users\Will\AppData\Local\filesync.metadata
[2009/12/04 10:33:09 | 000,012,197 | ---- | C] () -- C:\Users\Will\AppData\Roaming\PStrip.ini
[2009/11/30 01:28:14 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/11/20 15:09:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2009/11/20 15:09:11 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2009/11/20 15:09:11 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2009/11/12 03:30:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/11/11 04:50:04 | 000,033,460 | ---- | C] () -- C:\Users\Will\AppData\Local\slot1.mm1
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/11/05 05:16:47 | 000,000,084 | ---- | C] () -- C:\Windows\Muxman.ini
[2009/11/04 18:42:53 | 000,000,004 | ---- | C] () -- C:\Users\Will\AppData\Roaming\18hfk4agimvzw2me1nlky6mgf6hh0y9
[2009/11/02 18:26:37 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/11/02 18:07:17 | 000,000,207 | ---- | C] () -- C:\Windows\SysWow64\FldrWatch.ini
[2009/11/02 02:07:02 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2009/11/01 14:57:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/31 03:16:11 | 000,039,936 | ---- | C] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/30 01:41:27 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/30 01:41:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 15:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/10/29 11:55:55 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/29 11:55:55 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/29 11:55:54 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/29 11:55:52 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\DCLibrary_nat.dll
[2009/10/29 11:54:57 | 000,000,157 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2009/10/29 11:49:42 | 000,000,552 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 19:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/13 14:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 13:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

========== LOP Check ==========

[2009/12/16 22:48:23 | 000,000,000 | -HSD | M] -- C:\Users\Will\AppData\Roaming\.#
[2010/01/15 22:20:00 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\2monkeys
[2009/12/24 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Acronis
[2009/12/19 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Actecom
[2009/12/14 03:23:24 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Audacity
[2010/01/06 23:51:54 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\avidemux
[2010/01/28 04:08:43 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BanzaiInteractive
[2010/01/26 23:01:42 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Big Fish Games
[2009/11/07 00:36:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\blg
[2010/02/03 00:56:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BloodTies
[2010/01/06 15:49:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BonkEnc
[2009/11/11 04:42:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BrandX Games
[2009/12/18 17:49:57 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BrokenHearts
[2009/11/21 16:02:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Cat's Eye Games
[2009/11/27 23:25:45 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\cerasus.media
[2009/12/06 14:21:58 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ChaYoWo Games
[2010/02/03 03:52:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\com.adobe.example.NatGeo-Traveler-Italy
[2009/11/20 07:44:42 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Coyotes Tale
[2009/12/04 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Curious Sense
[2009/10/31 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\DAEMON Tools Lite
[2009/11/01 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\dBpoweramp
[2010/02/09 12:08:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\DisplayFusion
[2010/01/12 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Dragon Altar Games
[2010/01/11 01:06:45 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\EleFun Games
[2009/11/04 18:42:15 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ElementalsTheMagicKey
[2009/12/25 22:39:00 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\eMachineShop
[2010/01/28 04:43:52 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Enlightenus
[2010/01/03 01:14:22 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Enlightenus1Beta
[2010/01/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\EPSON
[2010/02/09 06:10:39 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ERS G-Studio
[2009/11/18 05:15:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\EscapeTheMuseum2
[2010/02/03 13:30:08 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\F@H-3870
[2009/12/13 09:41:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\F@H-GPU1 - Copy
[2010/02/09 02:48:51 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\F@H-GTX260
[2009/12/20 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\F@H-GTX275
[2009/10/29 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\FahMon
[2010/01/03 13:47:17 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Flood Light Games
[2009/12/13 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Folding@home-gpu
[2009/12/04 00:32:36 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Folding@home-Win32-GPU_Vista-623
[2009/12/13 14:20:48 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ForgottenRiddles
[2009/11/21 18:35:34 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Friday's games
[2009/12/15 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Game Mill Entertainment
[2010/02/01 10:05:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\GameMill
[2010/02/01 09:45:25 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Gestalt Games
[2009/11/19 03:13:37 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\GetRightToGo
[2010/01/20 00:40:01 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\GOA
[2009/11/04 23:41:24 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Gogii Games
[2010/01/23 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Green Clover Games
[2009/12/01 01:38:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\HandBrake
[2010/01/26 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\HdO Adventure
[2010/01/04 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\HFM
[2010/01/10 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Hidato
[2009/12/12 02:24:35 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\HiT-MM
[2010/01/18 19:36:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\HSA
[2009/11/28 20:47:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ICAClient
[2009/12/04 11:48:34 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Icu2
[2009/12/10 18:50:43 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\iMaxGen
[2009/10/30 03:58:22 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\ImgBurn
[2010/01/13 13:44:53 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\IrfanView
[2009/12/04 09:26:34 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\JoyBits
[2009/11/11 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\KC Softwares
[2009/10/29 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\KlickTock
[2009/12/26 22:47:40 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LaJangada
[2009/11/06 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Lazy Turtle Games
[2009/10/29 15:19:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Leadertech
[2010/01/28 11:15:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\LegacyInteractive
[2010/01/15 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Little Games Company
[2010/01/03 01:12:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Ludia
[2009/11/14 11:47:01 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\MakeitOne
[2009/12/04 07:09:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\MastersOfMystery2
[2010/02/07 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Meridian93
[2009/10/31 00:49:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Merscom
[2010/01/25 15:15:33 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\MorarChat
[2010/02/09 09:00:34 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\MysteryStudio
[2009/12/06 20:56:03 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\NeatImage SL
[2009/12/08 02:01:20 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Notepad++
[2010/01/11 01:04:03 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Once Upon a Time in Chicago
[2010/02/01 03:10:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\OpenDNS Updater
[2009/10/31 06:26:55 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\OpenOffice.org
[2009/11/27 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Orneon
[2009/12/04 01:35:35 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\OtherSide Realm of Eons
[2009/10/30 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\PandoraRecovery
[2009/12/20 01:35:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Pegasys Inc
[2009/12/25 18:14:04 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\PGP
[2009/12/29 23:25:24 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\PlayFirst
[2009/12/25 19:21:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\PoBros
[2010/02/03 00:34:00 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Process Hacker
[2010/01/06 17:25:14 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Publish Providers
[2010/01/17 02:12:16 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Quirky Games
[2009/11/15 20:51:04 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Research In Motion
[2009/12/31 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Scholastic
[2010/01/24 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\SevenSails
[2009/11/28 05:58:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Shape games
[2010/01/06 23:08:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Sony
[2009/10/29 19:27:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\SpinTop Games
[2009/12/15 09:40:45 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\SprillRichiEng
[2009/11/29 10:16:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\SystemRequirementsLab
[2010/01/26 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TeamViewer
[2010/01/10 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TheFixerUpper
[2009/12/03 00:49:58 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TheScruffs
[2009/12/27 23:02:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TikisLab
[2010/01/06 21:55:42 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TitanicMystery
[2010/02/03 09:13:01 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Top Evidence
[2009/11/17 02:18:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TrueCrypt
[2010/02/07 22:16:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Ubisoft
[2009/10/30 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\URSE Games
[2010/02/08 17:36:26 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\uTorrent
[2010/01/07 07:14:20 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\V-Games
[2009/12/24 00:25:25 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Valusoft
[2009/12/18 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Virtual Prophecy
[2009/11/30 23:01:11 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\WinFF
[2010/02/08 03:54:28 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\XnView
[2009/11/10 15:47:39 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\xVideoServiceThief
[2010/01/06 15:27:59 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Yamb
[2010/01/04 23:36:35 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\YoudaGames
[2010/02/08 21:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/02/08 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/02/09 09:38:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/02/09 03:34:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/01/06 03:33:08 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/02/03 07:54:43 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4239238F
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:7624E8B8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B9195993
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3313A48D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261FEAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9B9B0020
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81523426
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AA26F6A1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
< End of report >


**************************
**************************

And here is the Extras.Txt file from OTL:

**************************
**************************


OTL Extras logfile created on: 2/9/2010 12:01:31 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Will\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 4100 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199.09 Gb Total Space | 70.32 Gb Free Space | 35.32% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 65.36 Gb Free Space | 89.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 392.51 Gb Total Space | 78.79 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive W: | 298.08 Gb Total Space | 181.50 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive X: | 465.70 Gb Total Space | 133.24 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 361.41 Gb Free Space | 49.35% Space Free | Partition Type: NTFS
Drive Z: | 149.05 Gb Total Space | 91.56 Gb Free Space | 61.43% Space Free | Partition Type: NTFS

Computer Name: SCHMOHAWK
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1397B3D3-509C-40A9-8D5B-A68B2E076AA8}" = Diskeeper 2010
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{596D57BD-31B4-45F7-8855-9E13D15D7B7E}" = ATI Catalyst Install Manager
"{5B52A9E2-0778-4356-93AF-25DBAC2FA365}_is1" = XviD MPEG-4 Video Codec 64-BIT rev.1.2.2
"{5F97D997-0D1F-E891-19B3-196D315FDF7B}" = ATI AVIVO64 Codecs
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2B6478E-5616-4DA4-B9C4-9B7EC05FAE46}" = VME 1.2 x64
"{A485261C-CF71-4115-8682-B08E9D773083}" = mcShoutCast
"{B25BFFC9-FF51-44F2-9E46-4D93849C836F}" = SyncToy 2.0 (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{D0515217-9001-4D81-B3B9-7A095E62D8DD}" = clipShow
"{D245296F-DB1A-4997-8A38-2AF8BA30186C}" = clipShow
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow64_is1" = ffdshow [rev 3119] [2009-10-27]
"HardlinkShellExt" = Link Shell Extension
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"MediaInfo" = MediaInfo 0.7.21
"MediaInfo.dll" = MediaInfo.dll 0.7.21
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker_is1" = Process Hacker 1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E7603CA-71BE-4113-86E7-DD9E17F6BA7D}" = TunerFree MCE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}" = Folding@home-gpu
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{520A8627-E1B7-4808-8F04-03A013CBBD10}" = Noise Reduction Plug-in 2.0i
"{5399A5A3-E387-4912-86AD-92618459B739}" = Media Browser
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E35AD35-5FE0-4DB5-80C5-13353CEEDC56}_is1" = XviD MPEG-4 Video Codec rev.1.2.2
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5A79A5F-7E2B-49F6-9C01-A0BBBF807395}" = Dummy File Creator
"{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}" = Sound Forge Pro 10.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D734A52D-624E-428E-8DE6-B2665E3621CC}" = Microsoft Windows Debugging Symbols
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}" = MakeitOne - MP3AlbumMaker
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition v2.2
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Agatha Christie Evil Under the Sun 1.00" = Agatha Christie Evil Under the Sun 1.00
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.5
"Badaboom" = Badaboom 1.2.1.7
"Big City Adventure Vancouver CE 1.00" = Big City Adventure Vancouver CE 1.00
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Blood TiesJust For Fun Games" = Blood TiesJust For Fun Games
"Carbonite Backup" = Carbonite
"CCleaner" = CCleaner
"Christmasville 1.00" = Christmasville 1.00
"CinePak Codec Installation Program_is1" = CinePak Codec
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CurseThe Eye of IsisJust For Fun Games" = CurseThe Eye of IsisJust For Fun Games
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Doc Convertor (Beta)_is1" = Doc Convertor 1.0 (Beta)
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.1.1 Professional
"EAXSet" = Creative EAX Settings
"Emerald City Confidential 1.00" = Emerald City Confidential 1.00
"EPSON Scanner" = EPSON Scan
"EULAlyzer_is1" = EULAlyzer 2.0
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"FormatFactory" = FormatFactory 2.15
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"Ghost in the Sheet 1.00" = Ghost in the Sheet 1.00
"HaaliMkx" = Haali Media Splitter
"Haunted Mansion Mirrors1.0" = Haunted Mansion Mirrors
"Hidato Adventures 1.0.24" = Hidato Adventures 1.0.24
"ImgBurn" = ImgBurn
"InstallShield_{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"IrfanView" = IrfanView (remove only)
"Joan Jade and the Gates of Xibalba 1.00" = Joan Jade and the Gates of Xibalba 1.00
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lost Secrets Ancient Mysteries 1.00" = Lost Secrets Ancient Mysteries 1.00
"Machinarium" = Machinarium
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mary Kay Andrews The Fixer Upper 1.00" = Mary Kay Andrews The Fixer Upper 1.00
"Mata Hari_is1" = Mata Hari
"Matchmaker Joining Hearts 1.00" = Matchmaker Joining Hearts 1.00
"Mortimer Beckett And The Time Paradox FINAL 1.00" = Mortimer Beckett And The Time Paradox FINAL 1.00
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"mp4UI" = mp4UI
"Mystery of Unicorn Castle 1.00" = Mystery of Unicorn Castle 1.00
"NatGeo-Traveler-Italy1.0" = NatGeo-Traveler-Italy
"Nightfall Mysteries Curse of the Opera 1.00" = Nightfall Mysteries Curse of the Opera 1.00
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenDNS Updater" = OpenDNS Updater 2.2
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC Wizard 2009_is1" = PC Wizard 2009.1.911
"Precision" = EVGA Precision 1.9.1
"RealAlt_is1" = Real Alternative 2.0.1 Lite
"RealMedia" = RealMedia (remove only)
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RUNAWAY: A TWIST OF FATE (en)" = RUNAWAY: A TWIST OF FATE (English)
"Sarah Maribu and the Lost World 1.00" = Sarah Maribu and the Lost World 1.00
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"The Clumsys 2 Butterfly Effect 1.00" = The Clumsys 2 Butterfly Effect 1.00
"The Fall Trilogy 1.00" = The Fall Trilogy 1.00
"The Lost Cases of Sherlock Holmes 1.00" = The Lost Cases of Sherlock Holmes 1.00
"TrueCrypt" = TrueCrypt
"Unexpected Journey 1.00" = Unexpected Journey 1.00
"uTorrent" = µTorrent
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VirtualDub Filter Pack_is1" = VirtualDub Filter Pack 1.1
"VLC media player" = VLC media player 1.0.5
"WaveStudio 7" = Creative WaveStudio 7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XviD4PSP5" = XviD4PSP 5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f58cbb372ebb2ec8" = Media Center Studio
"Google Chrome" = Google Chrome
"ICUII" = ICUII
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2010 7:25:20 AM | Computer Name = SCHMOHAWK | Source = MsiInstaller | ID = 11722
Description =

Error - 2/4/2010 7:46:58 AM | Computer Name = SCHMOHAWK | Source = MsiInstaller | ID = 11722
Description =

Error - 2/4/2010 7:47:10 AM | Computer Name = SCHMOHAWK | Source = MsiInstaller | ID = 11722
Description =

Error - 2/5/2010 1:33:00 AM | Computer Name = SCHMOHAWK | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/5/2010 6:29:02 AM | Computer Name = SCHMOHAWK | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/6/2010 4:31:20 AM | Computer Name = SCHMOHAWK | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/7/2010 4:31:28 AM | Computer Name = SCHMOHAWK | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/9/2010 2:09:48 AM | Computer Name = SCHMOHAWK | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
time stamp: 0x4afa620b Exception code: 0xc0000005 Fault offset: 0x6066be79 Faulting
process id: 0x11bc Faulting application start time: 0x01caa94d5ed4f341 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
QuickTime.qts Report Id: b9cae426-1541-11df-8eec-00241d1f8839

Error - 2/9/2010 6:43:10 AM | Computer Name = SCHMOHAWK | Source = Steam Client Service | ID = 1
Description =

Error - 2/9/2010 11:00:42 AM | Computer Name = SCHMOHAWK | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error

[ Media Center Events ]
Error - 11/10/2009 8:25:16 AM | Computer Name = SCHMOHAWK | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 11/10/2009 8:27:15 AM | Computer Name = SCHMOHAWK | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =

Error - 1/4/2010 2:45:07 AM | Computer Name = SCHMOHAWK | Source = MCUpdate | ID = 0
Description = 10:45:06 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 1/14/2010 10:44:05 AM | Computer Name = SCHMOHAWK | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 1/17/2010 11:07:00 PM | Computer Name = SCHMOHAWK | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 1/17/2010 11:38:42 PM | Computer Name = SCHMOHAWK | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

[ System Events ]
Error - 2/9/2010 11:09:00 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/9/2010 11:09:00 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/9/2010 11:09:00 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/9/2010 11:09:00 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/9/2010 11:09:17 AM | Computer Name = SCHMOHAWK | Source = DCOM | ID = 10005
Description =

Error - 2/9/2010 11:09:17 AM | Computer Name = SCHMOHAWK | Source = DCOM | ID = 10005
Description =

Error - 2/9/2010 11:09:17 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 2/9/2010 11:10:12 AM | Computer Name = SCHMOHAWK | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1068

Error - 2/9/2010 1:56:03 PM | Computer Name = SCHMOHAWK | Source = volsnap | ID = 393252
Description = The shadow copies of volume Q: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2/9/2010 2:04:06 PM | Computer Name = SCHMOHAWK | Source = volsnap | ID = 393252
Description = The shadow copies of volume X: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

**************************
**************************

Thanks 1,000,000 for your time & effort!!

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:21 PM

Posted 09 February 2010 - 04:10 PM

After you find the reason for the bsods, what for issues do you still have with the system? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 09 February 2010 - 04:30 PM

Well I am still getting the VSS errors from the source "volsnap", but I haven't noticed any of the redirect issues I saw before.

And my network connection still seems to go away every once in a while for no apparent reason (i.e. the cable modem is still online at the time... ethernet cable is good/tested). I guess just a general scan for any glaring issues is what I need now, and I should probably take up the VSS issue with MSFT as I doubt that one is a malware issue.

Thank you,

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:21 PM

Posted 10 February 2010 - 12:50 PM

Ok, lets run an onlinescan, then I will have a look into a fresh OTL for some remnants smile.gif


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:21 PM

Posted 15 February 2010 - 06:45 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users