Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log


  • This topic is locked This topic is locked
7 replies to this topic

#1 logikv9

logikv9

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 12 March 2010 - 05:25 PM

I've been getting excessively annoying popups which only started happening recently. Full system scans with numerous antivirus programs failed to find anything beyond a few bad tracking cookies and the like. I have a "feeling" that it is coming from IE, although I don't really use the browser regularly. Note: the popups don't show up while browsing sites, it happens whether any browser is open or not.

CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:56 PM, on 3/12/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\PROGRA~2\SYMANT~1\VPTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\program files (x86)\steam\steam.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmpshare.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files (x86)\Common Files\alg.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\tkcm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [doubleTwist] C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe
O23 - Service: lxdu_device -   - C:\Windows\system32\lxducoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11864 bytes


DDS
CODE
DDS (Ver_09-12-01.01) - NTFSX64  
Run by tkcm at 16:44:49.20 on Fri 03/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8183.5261 [GMT -5:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)   {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Common Files\alg.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\PROGRA~2\SYMANT~1\VPTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\program files (x86)\steam\steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Users\tkcm\Desktop\Core Temp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tkcm\Pictures\qw1ol515.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\tkcm\Pictures\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\tkcm\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [doubleTwist] c:\program files (x86)\doubletwist 2.0\DoubleTwist.DeviceHelper.exe
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor
mRun: [VolPanel] "c:\program files (x86)\creative\sb arena surround headset\volume panel\VolPanlu.exe" /r
mRun: [UVS12 Preload] c:\program files (x86)\corel\corel videostudio 12\uvPL.exe
mRun: [StartupDelayer] "c:\program files (x86)\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DeathAdder] c:\program files (x86)\razer\deathadder\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Application Layer Gateway] c:\program files (x86)\common files\alg.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
StartupFolder: c:\users\tkcm\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files (x86)\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [lxdumon.exe] "c:\program files (x86)\lexmark 5600-6600 series\lxdumon.exe"
mRun-x64: [lxduamon] "c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\tkcm\appdata\roaming\mozilla\firefox\profiles\b2ok1938.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tkcm\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-6 69152]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-7 120912]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-7 63568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-12-12 14952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files (x86)\symantec antivirus\Rtvscan.exe [2006-12-13 1962136]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 40384]
R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [2008-8-14 24064]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-2-16 12928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-18 132656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxduserv.exe [2009-9-5 29184]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-8-24 19432]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-10-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-10-13 79360]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-9-7 12744]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-03-12 21:34:49    0    d-----w-    c:\program files (x86)\Trend Micro
2010-03-11 20:46:53    0    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-03-11 20:46:46    0    d-----w-    c:\users\tkcm\appdata\roaming\SUPERAntiSpyware.com
2010-03-11 20:46:46    0    d-----w-    c:\program files (x86)\SUPERAntiSpyware
2010-03-11 20:40:22    0    d-----w-    c:\program files (x86)\TrendMicro
2010-03-07 20:29:58    63568    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-03-07 20:29:58    0    ----a-w-    c:\windows\syswow64\config.nt
2010-03-07 20:29:31    38848    ----a-w-    c:\windows\syswow64\avastSS.scr
2010-03-07 20:29:31    153184    ----a-w-    c:\windows\syswow64\aswBoot.exe
2010-03-07 20:29:30    0    d-----w-    c:\programdata\Alwil Software
2010-03-07 20:29:30    0    d-----w-    c:\program files\Alwil Software
2010-03-07 04:31:31    0    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2010-03-07 04:31:17    0    d-----w-    c:\users\tkcm\appdata\roaming\DAEMON Tools Lite
2010-03-07 04:31:15    0    d-----w-    c:\programdata\DAEMON Tools Lite
2010-03-07 04:22:41    43680    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-03-07 04:22:41    314016    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-03-07 04:15:26    0    d-----w-    c:\program files (x86)\EGOSOFT
2010-03-06 17:54:02    0    d-----w-    c:\program files (x86)\Supreme Commander 2
2010-03-06 04:17:02    0    d-----w-    C:\Ubisoft
2010-03-06 02:04:16    0    d-----w-    c:\users\tkcm\appdata\roaming\Ubisoft
2010-03-06 02:04:16    0    d-----w-    c:\programdata\Ubisoft
2010-03-05 21:59:37    395944    ----a-w-    c:\windows\system32\perfh011.dat
2010-03-05 21:59:37    366592    ----a-w-    c:\windows\system32\prfh0804.dat
2010-03-05 21:59:37    31548    ----a-w-    c:\windows\system32\prfd0804.dat
2010-03-05 21:59:37    31548    ----a-w-    c:\windows\system32\perfd011.dat
2010-03-05 21:59:37    141988    ----a-w-    c:\windows\system32\perfi011.dat
2010-03-05 21:59:37    117840    ----a-w-    c:\windows\system32\prfi0404.dat
2010-03-05 21:59:37    111310    ----a-w-    c:\windows\system32\prfi0804.dat
2010-03-05 21:59:37    107522    ----a-w-    c:\windows\system32\perfc011.dat
2010-03-05 21:59:37    105382    ----a-w-    c:\windows\system32\prfc0804.dat
2010-03-05 21:59:36    382762    ----a-w-    c:\windows\system32\prfh0404.dat
2010-03-05 21:59:36    31548    ----a-w-    c:\windows\system32\prfd0404.dat
2010-03-05 21:59:36    100468    ----a-w-    c:\windows\system32\prfc0404.dat
2010-03-05 21:53:51    0    d-----w-    c:\windows\syswow64\zh-CHT
2010-03-05 21:53:43    0    d-----w-    c:\windows\zh-TW
2010-03-05 21:53:43    0    d-----w-    c:\windows\system32\zh-CHT
2010-03-05 21:53:36    0    d-----w-    c:\windows\system32\drivers\zh-TW
2010-03-05 21:53:36    0    d-----w-    c:\windows\system32\drivers\zh-HK
2010-03-05 21:53:32    0    d-----w-    c:\windows\system32\wbem\zh-TW
2010-03-05 21:53:31    0    d-----w-    c:\windows\system32\wbem\zh-HK
2010-03-05 21:53:06    0    d-----w-    c:\windows\syswow64\zh-CHS
2010-03-05 21:52:53    0    d-----w-    c:\windows\system32\zh-CHS
2010-03-05 21:52:52    0    d-----w-    c:\windows\system32\drivers\zh-CN
2010-03-05 21:52:49    0    d-----w-    c:\windows\system32\wbem\zh-CN
2010-03-05 21:52:37    0    d-----w-    c:\windows\zh-CN
2010-03-05 21:52:21    0    d-----w-    c:\windows\ja-JP
2010-03-05 21:52:06    0    d-----w-    c:\windows\syswow64\XPSViewer
2010-03-05 21:52:06    0    d-----w-    c:\windows\syswow64\ja
2010-03-05 21:52:06    0    d-----w-    c:\windows\syswow64\0411
2010-03-05 21:51:40    0    d-----w-    c:\windows\system32\ja
2010-03-05 21:51:40    0    d-----w-    c:\windows\system32\0411
2010-03-05 21:51:39    0    d-----w-    c:\windows\system32\drivers\ja-JP
2010-03-05 21:51:29    0    d-----w-    c:\windows\system32\wbem\ja-JP
2010-03-05 02:15:06    266240    ----a-w-    c:\windows\syswow64\lzhfldr2.dll
2010-03-05 02:14:41    287744    ----a-w-    c:\windows\system32\lzhfldr2.dll
2010-03-05 02:01:06    464896    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-03-05 02:01:06    162304    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-03-05 00:36:44    212864    ------w-    c:\windows\system32\MpSigStub.exe
2010-03-04 23:59:06    12976    ----a-w-    c:\windows\system32\avgrssta.dll.prepare
2010-03-01 01:44:37    78680    ----a-w-    c:\windows\system32\XAPOFX1_4.dll
2010-03-01 01:44:37    74072    ----a-w-    c:\windows\syswow64\XAPOFX1_4.dll
2010-03-01 01:44:37    530776    ----a-w-    c:\windows\system32\XAudio2_6.dll
2010-03-01 01:44:37    528216    ----a-w-    c:\windows\syswow64\XAudio2_6.dll
2010-03-01 01:44:33    238936    ----a-w-    c:\windows\syswow64\xactengine3_6.dll
2010-03-01 01:44:33    176984    ----a-w-    c:\windows\system32\xactengine3_6.dll
2010-03-01 01:44:32    24920    ----a-w-    c:\windows\system32\X3DAudio1_7.dll
2010-03-01 01:44:32    22360    ----a-w-    c:\windows\syswow64\X3DAudio1_7.dll
2010-02-27 00:31:34    0    d-----w-    c:\programdata\Blizzard Entertainment
2010-02-27 00:31:34    0    d-----w-    c:\program files (x86)\StarCraft II Beta
2010-02-27 00:31:34    0    d-----w-    c:\program files (x86)\common files\Blizzard Entertainment
2010-02-27 00:31:22    0    d-----w-    c:\programdata\Blizzard
2010-02-26 06:22:42    0    d-----w-    c:\program files\Rainmeter
2010-02-26 05:58:23    2382    ----a-w-    C:\sc.dat
2010-02-25 04:21:01    3221225472    ----a-w-    c:\users\tkcm\mexas4
2010-02-23 02:11:33    0    d-----w-    c:\program files (x86)\PFPortChecker
2010-02-23 00:17:47    0    d--h--w-    C:\$AVG
2010-02-20 17:25:22    0    d-----w-    c:\program files (x86)\EA Games
2010-02-20 17:21:30    0    d-----w-    c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2010-02-17 17:33:31    0    d-----w-    c:\programdata\doubleTwist Corporation
2010-02-17 17:33:30    60273    ----a-w-    c:\windows\syswow64\pthreadGC2.dll
2010-02-17 17:33:30    57344    ----a-w-    c:\windows\syswow64\ff_vfw.dll
2010-02-17 17:33:29    0    d-----w-    c:\program files (x86)\ffdshow
2010-02-17 17:32:02    0    d-----w-    c:\program files (x86)\doubleTwist 2.0
2010-02-17 00:01:00    0    d-----w-    c:\users\tkcm\appdata\roaming\Razer
2010-02-16 23:57:25    85504    ----a-w-    c:\windows\syswow64\DeathAdder64.cpl
2010-02-16 23:57:21    12928    ----a-w-    c:\windows\system32\drivers\danew.sys
2010-02-13 17:47:56    0    d-----w-    c:\users\tkcm\appdata\roaming\Bioshock2
2010-02-13 17:18:58    0    d-sh--w-    c:\programdata\SecuROM

==================== Find3M  ====================

2010-03-07 04:32:01    834544    ----a-w-    c:\windows\system32\drivers\sptd.sys
2010-03-05 02:41:57    31548    ----a-w-    c:\windows\inf\perflib\0404\perfd.dat
2010-03-05 02:41:57    31548    ----a-w-    c:\windows\inf\perflib\0404\perfc.dat
2010-03-05 02:41:56    117840    ----a-w-    c:\windows\inf\perflib\0404\perfi.dat
2010-03-05 02:41:56    117840    ----a-w-    c:\windows\inf\perflib\0404\perfh.dat
2010-03-05 02:31:20    31548    ----a-w-    c:\windows\inf\perflib\0804\perfd.dat
2010-03-05 02:31:20    31548    ----a-w-    c:\windows\inf\perflib\0804\perfc.dat
2010-03-05 02:31:20    111310    ----a-w-    c:\windows\inf\perflib\0804\perfi.dat
2010-03-05 02:31:20    111310    ----a-w-    c:\windows\inf\perflib\0804\perfh.dat
2010-03-05 02:19:20    31548    ----a-w-    c:\windows\inf\perflib\0411\perfd.dat
2010-03-05 02:19:20    31548    ----a-w-    c:\windows\inf\perflib\0411\perfc.dat
2010-03-05 02:19:20    141988    ----a-w-    c:\windows\inf\perflib\0411\perfi.dat
2010-03-05 02:19:20    141988    ----a-w-    c:\windows\inf\perflib\0411\perfh.dat
2010-01-27 19:00:18    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-01-26 13:24:05    33792    ----a-w-    c:\program files (x86)\common files\alg.exe
2010-01-19 09:05:57    424960    ----a-w-    c:\windows\system32\secproc.dll
2010-01-19 09:05:57    422912    ----a-w-    c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57    121856    ----a-w-    c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44    305152    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43    357888    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37    356352    ----a-w-    c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37    306688    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31    85504    ----a-w-    c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31    365568    ----a-w-    c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30    369152    ----a-w-    c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33    324608    ----a-w-    c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33    277504    ----a-w-    c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30    320512    ----a-w-    c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30    280064    ----a-w-    c:\windows\syswow64\RMActivate_ssp.exe
2010-01-12 04:19:00    159336    ----a-w-    c:\windows\system32\nvvsvc.exe
2010-01-12 04:19:00    14822504    ----a-w-    c:\windows\system32\nvcpl.dll
2010-01-12 04:19:00    116328    ----a-w-    c:\windows\system32\nvmctray.dll
2010-01-12 04:19:00    1037416    ----a-w-    c:\windows\system32\nvsvc64.dll
2010-01-11 07:12:38    381440    ----a-w-    c:\windows\syswow64\iedkcs32.dll
2009-12-22 08:36:19    243200    ----a-w-    c:\windows\system32\wow64.dll
2009-12-22 08:24:35    14336    ----a-w-    c:\windows\syswow64\ntvdm64.dll
2009-12-22 08:23:35    25600    ----a-w-    c:\windows\syswow64\setup16.exe
2009-12-22 08:22:10    5120    ----a-w-    c:\windows\syswow64\wow32.dll
2009-12-22 04:28:10    7680    ----a-w-    c:\windows\syswow64\instnm.exe
2009-12-22 04:28:08    2048    ----a-w-    c:\windows\syswow64\user.exe
2009-12-19 09:51:24    1192960    ----a-w-    c:\windows\system32\wininet.dll
2009-12-19 09:50:56    14848    ----a-w-    c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47    1572352    ----a-w-    c:\windows\system32\quartz.dll
2009-12-19 09:47:56    25088    ----a-w-    c:\windows\system32\msyuv.dll
2009-12-19 09:47:53    38912    ----a-w-    c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46    16384    ----a-w-    c:\windows\system32\msrle32.dll
2009-12-19 09:46:35    54272    ----a-w-    c:\windows\system32\iyuv_32.dll
2009-12-13 09:46:36    960512    ----a-w-    c:\windows\system32\CPFilters.dll
2009-12-13 09:46:36    613888    ----a-w-    c:\windows\system32\psisdecd.dll
2009-12-13 09:46:34    552960    ----a-w-    c:\windows\system32\msdri.dll
2009-12-13 09:30:50    641536    ----a-w-    c:\windows\syswow64\CPFilters.dll
2009-12-13 09:30:50    465408    ----a-w-    c:\windows\syswow64\psisdecd.dll
2009-08-24 15:08:36    1470    ----a-w-    c:\program files (x86)\INSTALL.LOG
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2003-12-18 18:33:46    20102    ----a-w-    c:\program files (x86)\Readme.txt
2003-09-03 14:46:54    10960    ----a-w-    c:\program files (x86)\EULA.txt
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:47:35.86 ===============


I would post a GMER log but upon activating the program it tells me "C:\Windows\system32\config\system: The system cannot find the file specified." Thus I am unable to actually select any checkboxes beyond services, registry, and files (and they turn up nothing).

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:16 PM

Posted 14 March 2010 - 12:54 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 logikv9

logikv9
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 14 March 2010 - 04:53 PM

OTL:
OTL logfile created on: 3/14/2010 5:20:46 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\tkcm\Pictures
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 36.00% Memory free
16.00 Gb Paging File | 11.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 286.43 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive D: | 1.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 308.27 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 16.30 Gb Free Space | 1.75% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: GETOUT
Current User Name: tkcm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/14 17:15:11 | 000,293,376 | ---- | M] () -- C:\Users\tkcm\Desktop\777uibcm.exe
PRC - [2010/03/14 17:14:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\tkcm\Pictures\OTL.exe
PRC - [2010/03/06 22:17:56 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/03/03 15:51:46 | 000,332,720 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/02/25 19:42:30 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Users\tkcm\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/24 16:38:19 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010/02/18 17:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/11 14:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 14:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/10 01:00:00 | 001,930,592 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2010/02/05 14:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/02/04 21:00:10 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 15:00:11 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/22 11:33:03 | 000,024,576 | ---- | M] (doubleTwist Corporation) -- C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
PRC - [2010/01/13 18:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/07 16:11:47 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/08/29 02:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/24 14:39:14 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
PRC - [2009/08/20 12:44:38 | 000,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/07/20 07:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/05/26 18:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe
PRC - [2009/02/22 23:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/16 03:32:14 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/11/03 09:11:38 | 000,684,712 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2007/07/31 12:20:12 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
PRC - [2006/12/13 18:02:08 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
PRC - [2006/12/13 18:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/12/13 18:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
PRC - [2006/12/07 17:25:24 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/12/07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 17:14:39 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\tkcm\Pictures\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/11 14:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/02/11 14:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/02/11 14:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/10/16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/10/16 16:53:46 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV:64bit: - [2009/07/20 15:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/03/03 15:51:46 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/04 21:00:10 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/10/13 16:48:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/13 16:43:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/07 16:11:47 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/22 23:43:55 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/23 11:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxducoms.exe -- (lxdu_device)
SRV - [2007/08/28 22:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/12/13 18:01:50 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/12/13 18:01:38 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/12/07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/12/07 17:25:06 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/07 00:32:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/07 00:26:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/03/07 00:26:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/02/11 14:42:38 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/02/11 14:42:19 | 000,120,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/02/11 14:39:04 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/02/11 14:38:49 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/02/11 14:38:25 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/12/19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/12 03:19:50 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2009/12/01 14:03:08 | 000,012,928 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/09/23 08:55:23 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/09/12 16:19:07 | 000,156,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/24 05:35:44 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/17 12:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 19:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/27 04:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/17 13:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV:64bit: - [2007/10/11 11:55:40 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2006/11/22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2006/11/22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2006/11/22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/16 05:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100312.003\EX64.SYS -- (NAVEX15)
DRV - [2010/02/16 05:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100312.003\ENG64.SYS -- (NAVENG)
DRV - [2009/08/27 11:07:30 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/27 11:07:30 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/24 14:39:14 | 000,221,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/08/23 15:10:09 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/05/25 08:01:38 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2006/11/22 16:17:10 | 000,426,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:10 | 000,394,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2006/11/22 16:17:10 | 000,030,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 BC B2 5C E5 B7 CA 01 [binary data]
IE - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/17 21:39:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/19 20:20:04 | 000,000,000 | ---D | M]

[2009/11/25 00:35:15 | 000,000,000 | ---D | M] -- C:\Users\tkcm\AppData\Roaming\Mozilla\Extensions
[2009/11/25 00:35:15 | 000,000,000 | ---D | M] -- C:\Users\tkcm\AppData\Roaming\Mozilla\Firefox\Profiles\b2ok1938.default\extensions
[2010/01/17 14:16:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Application Layer Gateway] C:\Program Files (x86)\Common Files\alg.exe (SornSoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CtaMon] C:\Windows\SysWow64\CtaMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe File not found
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000..\Run: [doubleTwist] C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe (doubleTwist Corporation)
O4 - HKU\S-1-5-21-3648304186-4152115358-1990779111-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\tkcm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/09 20:43:54 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/04/01 14:53:24 | 000,000,071 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/13 23:54:03 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\vlc
[2010/03/12 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/11 16:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/11 16:46:46 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/11 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/03/11 16:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/03/07 16:43:43 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\Egosoft
[2010/03/07 16:30:07 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/03/07 16:30:06 | 000,120,912 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/03/07 16:30:04 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/03/07 16:30:02 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/03/07 16:29:58 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/03/07 16:29:31 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/03/07 16:29:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/03/07 16:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/03/07 16:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/07 00:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/03/07 00:31:17 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\DAEMON Tools Lite
[2010/03/07 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/03/06 22:55:16 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\Square Enix
[2010/03/06 13:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Commander 2
[2010/03/06 00:25:45 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\SH5
[2010/03/06 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010/03/06 00:17:02 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2010/03/05 22:04:16 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\Ubisoft
[2010/03/05 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010/03/05 17:53:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHT
[2010/03/05 17:53:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-TW
[2010/03/05 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\zh-TW
[2010/03/05 17:53:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHT
[2010/03/05 17:53:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2010/03/05 17:53:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-HK
[2010/03/05 17:53:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-CN
[2010/03/05 17:53:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHS
[2010/03/05 17:52:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHS
[2010/03/05 17:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2010/03/05 17:52:37 | 000,000,000 | ---D | C] -- C:\Windows\zh-CN
[2010/03/05 17:52:21 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP
[2010/03/05 17:52:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010/03/05 17:52:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP
[2010/03/05 17:52:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja
[2010/03/05 17:52:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411
[2010/03/05 17:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja
[2010/03/05 17:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2010/03/05 17:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2010/03/04 22:38:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\tcpip.sys.mui
[2010/03/04 22:38:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\bfe.dll.mui
[2010/03/04 22:38:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\scfilter.sys.mui
[2010/03/04 22:38:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\qwavedrv.sys.mui
[2010/03/04 22:38:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\pacer.sys.mui
[2010/03/04 22:38:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\ndiscap.sys.mui
[2010/03/04 22:38:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbport.sys.mui
[2010/03/04 22:38:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbhub.sys.mui
[2010/03/04 22:38:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volsnap.sys.mui
[2010/03/04 22:38:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\portcls.sys.mui
[2010/03/04 22:38:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vhdmp.sys.mui
[2010/03/04 22:38:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\umbus.sys.mui
[2010/03/04 22:38:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tpm.sys.mui
[2010/03/04 22:38:16 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-TW\pscr.sys.mui
[2010/03/04 22:38:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serscan.sys.mui
[2010/03/04 22:38:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wd.sys.mui
[2010/03/04 22:38:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mpio.sys.mui
[2010/03/04 22:38:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\afd.sys.mui
[2010/03/04 22:38:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\msdsm.sys.mui
[2010/03/04 22:38:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serial.sys.mui
[2010/03/04 22:38:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\sermouse.sys.mui
[2010/03/04 22:38:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismpx.sys.mui
[2010/03/04 22:38:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismp6.sys.mui
[2010/03/04 22:38:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pcmcia.sys.mui
[2010/03/04 22:38:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouclass.sys.mui
[2010/03/04 22:38:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\parport.sys.mui
[2010/03/04 22:38:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\MTConfig.sys.mui
[2010/03/04 22:38:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouhid.sys.mui
[2010/03/04 22:38:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ataport.sys.mui
[2010/03/04 22:38:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vwifibus.sys.mui
[2010/03/04 22:38:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdide.sys.mui
[2010/03/04 22:38:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bfe.dll.mui
[2010/03/04 22:38:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tunnel.sys.mui
[2010/03/04 22:38:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\modem.sys.mui
[2010/03/04 22:38:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ws2ifsl.sys.mui
[2010/03/04 22:38:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wdf01000.sys.mui
[2010/03/04 22:38:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbrpm.sys.mui
[2010/03/04 22:38:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tcpip.sys.mui
[2010/03/04 22:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fvevol.sys.mui
[2010/03/04 22:38:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\scfilter.sys.mui
[2010/03/04 22:38:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdbss.sys.mui
[2010/03/04 22:38:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pacer.sys.mui
[2010/03/04 22:38:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\qwavedrv.sys.mui
[2010/03/04 22:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\partmgr.sys.mui
[2010/03/04 22:38:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ntfs.sys.mui
[2010/03/04 22:38:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\nwifi.sys.mui
[2010/03/04 22:38:06 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndis.sys.mui
[2010/03/04 22:38:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndisuio.sys.mui
[2010/03/04 22:38:05 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndiscap.sys.mui
[2010/03/04 22:38:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mountmgr.sys.mui
[2010/03/04 22:38:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\luafv.sys.mui
[2010/03/04 22:38:01 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\http.sys.mui
[2010/03/04 22:37:59 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fltmgr.sys.mui
[2010/03/04 22:37:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volmgrx.sys.mui
[2010/03/04 22:37:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\processr.sys.mui
[2010/03/04 22:37:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\intelppm.sys.mui
[2010/03/04 22:37:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdppm.sys.mui
[2010/03/04 22:37:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdk8.sys.mui
[2010/03/04 22:37:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pci.sys.mui
[2010/03/04 22:37:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\i8042prt.sys.mui
[2010/03/04 22:37:56 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerIb.sys.mui
[2010/03/04 22:37:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wacompen.sys.mui
[2010/03/04 22:37:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\hdaudbus.sys.mui
[2010/03/04 22:37:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\IPMIDrv.sys.mui
[2010/03/04 22:37:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\HdAudio.sys.mui
[2010/03/04 22:37:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vdrvroot.sys.mui
[2010/03/04 22:37:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mssmbios.sys.mui
[2010/03/04 22:37:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdclass.sys.mui
[2010/03/04 22:37:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\isapnp.sys.mui
[2010/03/04 22:37:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ULIAGPKX.SYS.mui
[2010/03/04 22:37:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\hidbth.sys.mui
[2010/03/04 22:37:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\Dot4usb.sys.mui
[2010/03/04 22:37:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pnpmem.sys.mui
[2010/03/04 22:37:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\NV_AGP.SYS.mui
[2010/03/04 22:37:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdhid.sys.mui
[2010/03/04 22:37:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\disk.sys.mui
[2010/03/04 22:37:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\AGP440.sys.mui
[2010/03/04 22:37:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ohci1394.sys.mui
[2010/03/04 22:37:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\1394ohci.sys.mui
[2010/03/04 22:37:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\battc.sys.mui
[2010/03/04 22:37:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\acpi.sys.mui
[2010/03/04 22:37:55 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerId.sys.mui
[2010/03/04 22:37:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthport.sys.mui
[2010/03/04 22:37:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bthpan.sys.mui
[2010/03/04 22:37:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\GAGP30KX.SYS.mui
[2010/03/04 22:37:55 | 000,002,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\zh-TW\atikmdag.sys.mui
[2010/03/04 22:37:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\UAGP35.SYS.mui
[2010/03/04 22:37:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\cdrom.sys.mui
[2010/03/04 22:37:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\BTHUSB.SYS.mui
[2010/03/04 22:37:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthenum.sys.mui
[2010/03/04 22:37:55 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrParwdm.sys.mui
[2010/03/04 22:27:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\tcpip.sys.mui
[2010/03/04 22:27:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\bfe.dll.mui
[2010/03/04 22:27:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\scfilter.sys.mui
[2010/03/04 22:27:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\qwavedrv.sys.mui
[2010/03/04 22:27:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\pacer.sys.mui
[2010/03/04 22:27:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\ndiscap.sys.mui
[2010/03/04 22:27:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbport.sys.mui
[2010/03/04 22:27:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbhub.sys.mui
[2010/03/04 22:27:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volsnap.sys.mui
[2010/03/04 22:27:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\portcls.sys.mui
[2010/03/04 22:27:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vhdmp.sys.mui
[2010/03/04 22:27:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\umbus.sys.mui
[2010/03/04 22:27:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tpm.sys.mui
[2010/03/04 22:27:19 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-CN\pscr.sys.mui
[2010/03/04 22:27:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serscan.sys.mui
[2010/03/04 22:27:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wd.sys.mui
[2010/03/04 22:27:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pcmcia.sys.mui
[2010/03/04 22:27:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mpio.sys.mui
[2010/03/04 22:27:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\afd.sys.mui
[2010/03/04 22:27:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\msdsm.sys.mui
[2010/03/04 22:27:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serial.sys.mui
[2010/03/04 22:27:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\sermouse.sys.mui
[2010/03/04 22:27:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismpx.sys.mui
[2010/03/04 22:27:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismp6.sys.mui
[2010/03/04 22:27:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouclass.sys.mui
[2010/03/04 22:27:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\parport.sys.mui
[2010/03/04 22:27:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\MTConfig.sys.mui
[2010/03/04 22:27:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouhid.sys.mui
[2010/03/04 22:27:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ataport.sys.mui
[2010/03/04 22:27:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vwifibus.sys.mui
[2010/03/04 22:27:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdide.sys.mui
[2010/03/04 22:27:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bfe.dll.mui
[2010/03/04 22:27:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ws2ifsl.sys.mui
[2010/03/04 22:27:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wdf01000.sys.mui
[2010/03/04 22:27:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tcpip.sys.mui
[2010/03/04 22:27:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tunnel.sys.mui
[2010/03/04 22:27:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\modem.sys.mui
[2010/03/04 22:27:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbrpm.sys.mui
[2010/03/04 22:27:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fvevol.sys.mui
[2010/03/04 22:27:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\scfilter.sys.mui
[2010/03/04 22:27:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pacer.sys.mui
[2010/03/04 22:27:11 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdbss.sys.mui
[2010/03/04 22:27:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\qwavedrv.sys.mui
[2010/03/04 22:27:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\partmgr.sys.mui
[2010/03/04 22:27:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ntfs.sys.mui
[2010/03/04 22:27:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndis.sys.mui
[2010/03/04 22:27:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\nwifi.sys.mui
[2010/03/04 22:27:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndisuio.sys.mui
[2010/03/04 22:27:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndiscap.sys.mui
[2010/03/04 22:27:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mountmgr.sys.mui
[2010/03/04 22:27:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\luafv.sys.mui
[2010/03/04 22:27:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\http.sys.mui
[2010/03/04 22:27:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fltmgr.sys.mui
[2010/03/04 22:27:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volmgrx.sys.mui
[2010/03/04 22:26:57 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerIb.sys.mui
[2010/03/04 22:26:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pnpmem.sys.mui
[2010/03/04 22:26:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\processr.sys.mui
[2010/03/04 22:26:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\intelppm.sys.mui
[2010/03/04 22:26:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdppm.sys.mui
[2010/03/04 22:26:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdk8.sys.mui
[2010/03/04 22:26:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ohci1394.sys.mui
[2010/03/04 22:26:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\1394ohci.sys.mui
[2010/03/04 22:26:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\battc.sys.mui
[2010/03/04 22:26:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pci.sys.mui
[2010/03/04 22:26:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\acpi.sys.mui
[2010/03/04 22:26:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\i8042prt.sys.mui
[2010/03/04 22:26:56 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerId.sys.mui
[2010/03/04 22:26:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthport.sys.mui
[2010/03/04 22:26:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthpan.sys.mui
[2010/03/04 22:26:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wacompen.sys.mui
[2010/03/04 22:26:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hdaudbus.sys.mui
[2010/03/04 22:26:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\IPMIDrv.sys.mui
[2010/03/04 22:26:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\HdAudio.sys.mui
[2010/03/04 22:26:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vdrvroot.sys.mui
[2010/03/04 22:26:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mssmbios.sys.mui
[2010/03/04 22:26:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdclass.sys.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ULIAGPKX.SYS.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\isapnp.sys.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hidbth.sys.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\GAGP30KX.SYS.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\Dot4usb.sys.mui
[2010/03/04 22:26:56 | 000,002,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\zh-CN\atikmdag.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\UAGP35.SYS.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\NV_AGP.SYS.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdhid.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\disk.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\cdrom.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\BTHUSB.SYS.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthenum.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\AGP440.sys.mui
[2010/03/04 22:26:56 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrParwdm.sys.mui
[2010/03/04 22:20:24 | 001,661,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxduserv.dll
[2010/03/04 22:20:24 | 000,521,216 | ---- | C] ( ) -- C:\Windows\SysNative\lxduih.exe
[2010/03/04 22:20:23 | 001,039,360 | ---- | C] ( ) -- C:\Windows\SysNative\lxducoms.exe
[2010/03/04 22:20:23 | 000,987,648 | ---- | C] ( ) -- C:\Windows\SysNative\lxdupmui.dll
[2010/03/04 22:20:23 | 000,897,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxdulmpm.dll
[2010/03/04 22:20:22 | 001,338,368 | ---- | C] ( ) -- C:\Windows\SysNative\lxduusb1.dll
[2010/03/04 22:20:22 | 001,291,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomc.dll
[2010/03/04 22:20:22 | 001,091,584 | ---- | C] ( ) -- C:\Windows\SysNative\lxduhbn3.dll
[2010/03/04 22:20:22 | 000,580,608 | ---- | C] ( ) -- C:\Windows\SysNative\lxducomm.dll
[2010/03/04 22:20:22 | 000,548,352 | ---- | C] ( ) -- C:\Windows\SysNative\lxduinpa.dll
[2010/03/04 22:20:22 | 000,513,024 | ---- | C] ( ) -- C:\Windows\SysNative\lxduiesc.dll
[2010/03/04 22:20:21 | 000,610,304 | ---- | C] ( ) -- C:\Windows\SysNative\lxducfg.exe
[2010/03/04 22:15:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\tcpip.sys.mui
[2010/03/04 22:15:18 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\bfe.dll.mui
[2010/03/04 22:15:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\scfilter.sys.mui
[2010/03/04 22:15:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\qwavedrv.sys.mui
[2010/03/04 22:15:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\pacer.sys.mui
[2010/03/04 22:15:07 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\ndiscap.sys.mui
[2010/03/04 22:15:06 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lzhfldr2.dll
[2010/03/04 22:15:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbport.sys.mui
[2010/03/04 22:15:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volsnap.sys.mui
[2010/03/04 22:15:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbhub.sys.mui
[2010/03/04 22:15:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vhdmp.sys.mui
[2010/03/04 22:15:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\portcls.sys.mui
[2010/03/04 22:15:02 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui
[2010/03/04 22:15:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\umbus.sys.mui
[2010/03/04 22:15:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tpm.sys.mui
[2010/03/04 22:15:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serscan.sys.mui
[2010/03/04 22:15:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wd.sys.mui
[2010/03/04 22:15:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mpio.sys.mui
[2010/03/04 22:15:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serial.sys.mui
[2010/03/04 22:15:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\msdsm.sys.mui
[2010/03/04 22:15:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\i8042prt.sys.mui
[2010/03/04 22:15:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\sermouse.sys.mui
[2010/03/04 22:15:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouclass.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scsiport.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismpx.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismp6.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pcmcia.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\parport.sys.mui
[2010/03/04 22:15:00 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ataport.sys.mui
[2010/03/04 22:15:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\MTConfig.sys.mui
[2010/03/04 22:15:00 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouhid.sys.mui
[2010/03/04 22:15:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vwifibus.sys.mui
[2010/03/04 22:15:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdide.sys.mui
[2010/03/04 22:14:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\afd.sys.mui
[2010/03/04 22:14:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bfe.dll.mui
[2010/03/04 22:14:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ws2ifsl.sys.mui
[2010/03/04 22:14:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wdf01000.sys.mui
[2010/03/04 22:14:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tcpip.sys.mui
[2010/03/04 22:14:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tunnel.sys.mui
[2010/03/04 22:14:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\modem.sys.mui
[2010/03/04 22:14:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbrpm.sys.mui
[2010/03/04 22:14:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fvevol.sys.mui
[2010/03/04 22:14:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\srv.sys.mui
[2010/03/04 22:14:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scfilter.sys.mui
[2010/03/04 22:14:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdbss.sys.mui
[2010/03/04 22:14:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pacer.sys.mui
[2010/03/04 22:14:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\RNDISMP.sys.mui
[2010/03/04 22:14:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\qwavedrv.sys.mui
[2010/03/04 22:14:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\partmgr.sys.mui
[2010/03/04 22:14:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ntfs.sys.mui
[2010/03/04 22:14:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndis.sys.mui
[2010/03/04 22:14:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\nwifi.sys.mui
[2010/03/04 22:14:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndisuio.sys.mui
[2010/03/04 22:14:43 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndiscap.sys.mui
[2010/03/04 22:14:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mountmgr.sys.mui
[2010/03/04 22:14:41 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lzhfldr2.dll
[2010/03/04 22:14:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\luafv.sys.mui
[2010/03/04 22:14:40 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ipnat.sys.mui
[2010/03/04 22:14:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\http.sys.mui
[2010/03/04 22:14:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fltmgr.sys.mui
[2010/03/04 22:14:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volmgrx.sys.mui
[2010/03/04 22:14:29 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui
[2010/03/04 22:14:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pnpmem.sys.mui
[2010/03/04 22:14:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\processr.sys.mui
[2010/03/04 22:14:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\intelppm.sys.mui
[2010/03/04 22:14:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdppm.sys.mui
[2010/03/04 22:14:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdk8.sys.mui
[2010/03/04 22:14:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pci.sys.mui
[2010/03/04 22:14:28 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui
[2010/03/04 22:14:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthport.sys.mui
[2010/03/04 22:14:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthpan.sys.mui
[2010/03/04 22:14:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wacompen.sys.mui
[2010/03/04 22:14:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\IPMIDrv.sys.mui
[2010/03/04 22:14:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hdaudbus.sys.mui
[2010/03/04 22:14:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vdrvroot.sys.mui
[2010/03/04 22:14:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdclass.sys.mui
[2010/03/04 22:14:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\HdAudio.sys.mui
[2010/03/04 22:14:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mssmbios.sys.mui
[2010/03/04 22:14:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\isapnp.sys.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ULIAGPKX.SYS.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\NV_AGP.SYS.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdhid.sys.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hidbth.sys.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\Dot4usb.sys.mui
[2010/03/04 22:14:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\AGP440.sys.mui
[2010/03/04 22:14:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\disk.sys.mui
[2010/03/04 22:14:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\cdrom.sys.mui
[2010/03/04 22:14:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\BTHUSB.SYS.mui
[2010/03/04 22:14:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthenum.sys.mui
[2010/03/04 22:14:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ohci1394.sys.mui
[2010/03/04 22:14:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\1394ohci.sys.mui
[2010/03/04 22:14:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\battc.sys.mui
[2010/03/04 22:14:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\acpi.sys.mui
[2010/03/04 22:14:27 | 000,003,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ja-JP\atikmdag.sys.mui
[2010/03/04 22:14:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\UAGP35.SYS.mui
[2010/03/04 22:14:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\GAGP30KX.SYS.mui
[2010/03/04 22:14:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui
[2010/03/04 22:02:43 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/03/04 22:02:43 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/04 22:02:43 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/04 22:02:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/04 22:02:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/04 22:02:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/03/04 22:02:39 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/03/04 22:02:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/03/04 22:02:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/03/04 22:02:38 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/03/04 22:02:38 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/03/04 22:02:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/03/04 22:02:38 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/03/04 22:02:33 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/04 22:02:33 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/03/04 22:02:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/03/04 22:02:31 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/03/04 22:02:30 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/03/04 22:02:30 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/03/04 22:02:30 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/03/04 22:02:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/03/04 22:02:30 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/03/04 22:02:30 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/03/04 22:02:30 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/03/04 22:02:30 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/03/04 22:02:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/03/04 22:02:30 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/03/04 22:02:30 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/03/04 22:02:30 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/03/04 22:02:30 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/03/04 22:02:30 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/03/04 22:02:30 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/03/04 22:02:27 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/03/04 22:02:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/03/04 22:02:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/03/04 22:02:27 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/03/04 22:02:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/03/04 22:02:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/03/04 22:02:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/03/04 22:02:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/03/04 22:02:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/03/04 22:02:26 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/03/04 22:02:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/03/04 22:02:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/03/04 22:02:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/03/04 22:02:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/03/04 22:02:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/03/04 22:02:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/03/04 22:02:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/03/04 22:02:16 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/03/04 22:02:16 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/03/04 22:02:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/03/04 22:02:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/03/04 19:59:06 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.prepare
[2010/02/28 21:44:37 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/02/28 21:44:37 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/02/28 21:44:37 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/02/28 21:44:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/02/28 21:44:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/02/28 21:44:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/02/28 21:44:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/02/28 21:44:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/02/26 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\StarCraft II Beta
[2010/02/26 20:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II Beta
[2010/02/26 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Local\Blizzard Entertainment
[2010/02/26 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/02/26 20:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/02/26 20:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/02/26 14:11:31 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\Rainmeter
[2010/02/26 14:10:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/26 02:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2010/02/22 22:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFPortChecker
[2010/02/22 20:17:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/20 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Local\Futuremark
[2010/02/20 13:32:49 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\EA Games
[2010/02/20 13:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2010/02/20 13:21:30 | 000,000,000 | ---D | C] -- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
[2010/02/17 13:33:41 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Local\doubleTwist Corporation
[2010/02/17 13:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\doubleTwist Corporation
[2010/02/17 13:33:30 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2010/02/17 13:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2010/02/17 13:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\doubleTwist 2.0
[2010/02/16 20:01:00 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\Razer
[2010/02/16 19:57:25 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
[2010/02/16 19:57:21 | 000,012,928 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys
[2010/02/16 19:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2010/02/13 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\tkcm\Documents\Bioshock2
[2010/02/13 13:47:56 | 000,000,000 | ---D | C] -- C:\Users\tkcm\AppData\Roaming\Bioshock2
[2010/02/13 13:18:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/01/26 09:41:29 | 000,033,792 | ---- | C] (SornSoft) -- C:\Program Files (x86)\Common Files\alg.exe
[2009/09/05 20:06:27 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2009/09/05 20:06:27 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2009/09/05 20:06:27 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2009/09/05 20:06:27 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2009/09/05 20:06:27 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2009/09/05 20:06:27 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2009/09/05 20:06:27 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2009/09/05 20:06:27 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2009/09/05 20:06:27 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/14 17:22:08 | 017,563,648 | -HS- | M] () -- C:\Users\tkcm\NTUSER.DAT
[2010/03/14 17:15:11 | 000,293,376 | ---- | M] () -- C:\Users\tkcm\Desktop\777uibcm.exe
[2010/03/14 16:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648304186-4152115358-1990779111-1000UA.job
[2010/03/14 02:01:04 | 002,158,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/14 02:01:04 | 000,623,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/14 02:01:04 | 000,395,944 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2010/03/14 02:01:04 | 000,382,762 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2010/03/14 02:01:04 | 000,366,592 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2010/03/14 02:01:04 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2010/03/14 02:01:04 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/14 02:01:04 | 000,105,382 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2010/03/14 02:01:04 | 000,100,468 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2010/03/14 01:32:12 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/14 01:32:12 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/14 01:27:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/14 01:27:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/03/14 01:27:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/03/14 01:27:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/03/14 01:27:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/03/14 01:27:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/14 01:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/14 01:26:47 | 2140,545,023 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 00:29:06 | 008,832,762 | -H-- | M] () -- C:\Users\tkcm\AppData\Local\IconCache.db
[2010/03/13 23:56:13 | 2058,603,799 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/13 23:53:49 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/03/13 19:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3648304186-4152115358-1990779111-1000Core.job
[2010/03/12 17:59:52 | 000,000,188 | ---- | M] () -- C:\Users\tkcm\defogger_reenable
[2010/03/12 17:34:49 | 000,002,097 | ---- | M] () -- C:\Users\tkcm\Desktop\HijackThis.lnk
[2010/03/10 22:58:27 | 000,014,345 | ---- | M] () -- C:\Users\tkcm\Documents\chap11grq11to20.docx
[2010/03/10 21:14:35 | 000,026,867 | ---- | M] () -- C:\Users\tkcm\Documents\minorities111congress.docx
[2010/03/10 20:46:30 | 000,013,353 | ---- | M] () -- C:\Users\tkcm\Documents\englishoutline.docx
[2010/03/08 22:54:42 | 001,194,887 | ---- | M] () -- C:\Users\tkcm\Desktop\SlideScreenPRO 1.13.apk
[2010/03/07 16:29:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/03/07 00:32:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/03/07 00:26:02 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/03/07 00:26:02 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/03/06 21:07:07 | 000,202,247 | ---- | M] () -- C:\Users\tkcm\Documents\1267924022309.jpg
[2010/03/06 17:31:05 | 000,001,746 | ---- | M] () -- C:\Users\tkcm\Desktop\SupremeCommander2 - Shortcut.lnk
[2010/03/05 18:02:41 | 000,120,896 | ---- | M] () -- C:\Users\tkcm\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/05 17:56:16 | 000,432,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/04 22:41:57 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0404.dat
[2010/03/04 22:41:56 | 000,117,840 | ---- | M] () -- C:\Windows\SysNative\prfi0404.dat
[2010/03/04 22:31:20 | 000,111,310 | ---- | M] () -- C:\Windows\SysNative\prfi0804.dat
[2010/03/04 22:31:20 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0804.dat
[2010/03/04 22:23:35 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/03/04 22:19:20 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat
[2010/03/04 22:19:20 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat
[2010/03/04 21:51:55 | 000,016,401 | ---- | M] () -- C:\Users\tkcm\Documents\notecards2.docx
[2010/03/04 20:59:07 | 000,010,628 | ---- | M] () -- C:\Users\tkcm\Documents\sources2.docx
[2010/03/04 19:59:06 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll.prepare
[2010/03/03 22:35:30 | 000,015,550 | ---- | M] () -- C:\Users\tkcm\Documents\chap11grq1to10.docx
[2010/02/28 18:39:15 | 000,018,122 | ---- | M] () -- C:\Users\tkcm\Documents\notecards1.docx
[2010/02/28 17:34:52 | 000,012,663 | ---- | M] () -- C:\Users\tkcm\Documents\postmoderncitation.docx
[2010/02/28 15:44:04 | 000,591,872 | ---- | M] () -- C:\Users\tkcm\Documents\NRA.ppt
[2010/02/28 15:43:55 | 000,530,384 | ---- | M] () -- C:\Users\tkcm\Documents\NRA.pptx
[2010/02/27 15:51:01 | 008,060,315 | ---- | M] () -- C:\Users\tkcm\Documents\293dr11.png
[2010/02/26 01:58:23 | 000,002,382 | ---- | M] () -- C:\sc.dat
[2010/02/24 21:09:40 | 000,012,345 | ---- | M] () -- C:\Users\tkcm\Documents\lab40.docx
[2010/02/19 21:20:29 | 000,024,207 | ---- | M] () -- C:\Users\tkcm\Documents\americainc.docx
[2010/02/17 14:32:36 | 000,004,901 | ---- | M] () -- C:\Users\tkcm\Documents\finally.csv
[2010/02/17 13:35:05 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/17 13:33:31 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2010/02/16 20:44:12 | 000,002,043 | ---- | M] () -- C:\Users\tkcm\Desktop\Razer DeathAdder Driver.lnk
[2010/02/15 21:49:26 | 000,112,739 | ---- | M] () -- C:\Users\tkcm\Documents\logitech.wma
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 17:15:10 | 000,293,376 | ---- | C] () -- C:\Users\tkcm\Desktop\777uibcm.exe
[2010/03/13 23:53:49 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/03/12 23:19:50 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/12 23:19:49 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/03/12 23:19:49 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/03/12 23:19:49 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/03/12 23:19:49 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/03/12 23:17:52 | 2058,603,799 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/12 17:59:52 | 000,000,188 | ---- | C] () -- C:\Users\tkcm\defogger_reenable
[2010/03/12 17:34:49 | 000,002,097 | ---- | C] () -- C:\Users\tkcm\Desktop\HijackThis.lnk
[2010/03/10 22:58:27 | 000,014,345 | ---- | C] () -- C:\Users\tkcm\Documents\chap11grq11to20.docx
[2010/03/10 21:14:35 | 000,026,867 | ---- | C] () -- C:\Users\tkcm\Documents\minorities111congress.docx
[2010/03/10 20:46:30 | 000,013,353 | ---- | C] () -- C:\Users\tkcm\Documents\englishoutline.docx
[2010/03/08 22:54:40 | 001,194,887 | ---- | C] () -- C:\Users\tkcm\Desktop\SlideScreenPRO 1.13.apk
[2010/03/07 16:29:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/03/07 00:22:41 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/03/07 00:22:41 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/03/06 21:07:07 | 000,202,247 | ---- | C] () -- C:\Users\tkcm\Documents\1267924022309.jpg
[2010/03/06 17:31:05 | 000,001,746 | ---- | C] () -- C:\Users\tkcm\Desktop\SupremeCommander2 - Shortcut.lnk
[2010/03/05 17:59:37 | 000,395,944 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat
[2010/03/05 17:59:37 | 000,366,592 | ---- | C] () -- C:\Windows\SysNative\prfh0804.dat
[2010/03/05 17:59:37 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat
[2010/03/05 17:59:37 | 000,117,840 | ---- | C] () -- C:\Windows\SysNative\prfi0404.dat
[2010/03/05 17:59:37 | 000,111,310 | ---- | C] () -- C:\Windows\SysNative\prfi0804.dat
[2010/03/05 17:59:37 | 000,107,522 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat
[2010/03/05 17:59:37 | 000,105,382 | ---- | C] () -- C:\Windows\SysNative\prfc0804.dat
[2010/03/05 17:59:37 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0804.dat
[2010/03/05 17:59:37 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat
[2010/03/05 17:59:36 | 000,382,762 | ---- | C] () -- C:\Windows\SysNative\prfh0404.dat
[2010/03/05 17:59:36 | 000,100,468 | ---- | C] () -- C:\Windows\SysNative\prfc0404.dat
[2010/03/05 17:59:36 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0404.dat
[2010/03/04 22:20:40 | 000,300,032 | ---- | C] () -- C:\Windows\SysNative\lxdugrd.dll
[2010/03/04 20:34:56 | 000,016,401 | ---- | C] () -- C:\Users\tkcm\Documents\notecards2.docx
[2010/03/04 20:28:42 | 000,010,628 | ---- | C] () -- C:\Users\tkcm\Documents\sources2.docx
[2010/03/03 22:35:29 | 000,015,550 | ---- | C] () -- C:\Users\tkcm\Documents\chap11grq1to10.docx
[2010/02/28 17:34:52 | 000,012,663 | ---- | C] () -- C:\Users\tkcm\Documents\postmoderncitation.docx
[2010/02/28 17:34:40 | 000,018,122 | ---- | C] () -- C:\Users\tkcm\Documents\notecards1.docx
[2010/02/27 15:51:01 | 008,060,315 | ---- | C] () -- C:\Users\tkcm\Documents\293dr11.png
[2010/02/26 01:58:23 | 000,002,382 | ---- | C] () -- C:\sc.dat
[2010/02/25 00:21:01 | 3221,225,472 | ---- | C] () -- C:\Users\tkcm\mexas4
[2010/02/24 21:09:40 | 000,012,345 | ---- | C] () -- C:\Users\tkcm\Documents\lab40.docx
[2010/02/24 01:19:17 | 000,591,872 | ---- | C] () -- C:\Users\tkcm\Documents\NRA.ppt
[2010/02/24 00:26:03 | 000,530,384 | ---- | C] () -- C:\Users\tkcm\Documents\NRA.pptx
[2010/02/19 20:36:38 | 000,024,207 | ---- | C] () -- C:\Users\tkcm\Documents\americainc.docx
[2010/02/17 14:32:36 | 000,004,901 | ---- | C] () -- C:\Users\tkcm\Documents\finally.csv
[2010/02/17 13:35:05 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/17 13:33:31 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2010/02/17 13:33:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/16 20:44:12 | 000,002,043 | ---- | C] () -- C:\Users\tkcm\Desktop\Razer DeathAdder Driver.lnk
[2009/12/12 14:44:33 | 000,004,608 | ---- | C] () -- C:\Users\tkcm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/19 23:18:43 | 000,000,229 | ---- | C] () -- C:\ProgramData\lxduDiagnostics.log
[2009/10/13 16:44:58 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/13 16:44:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/09/07 16:09:16 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/09/05 20:06:48 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2009/09/05 20:06:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2009/09/05 20:06:48 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2009/09/05 20:06:28 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2009/09/05 20:06:28 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2009/09/05 20:03:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/08/25 12:21:21 | 000,000,092 | ---- | C] () -- C:\Users\tkcm\AppData\Local\fusioncache.dat
[2009/08/25 10:34:16 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/24 08:30:27 | 000,007,601 | ---- | C] () -- C:\Users\tkcm\AppData\Local\resmon.resmoncfg
[2009/08/24 08:01:04 | 000,020,102 | ---- | C] () -- C:\Program Files (x86)\Readme.txt
[2009/08/24 08:01:04 | 000,010,960 | ---- | C] () -- C:\Program Files (x86)\EULA.txt
[2009/08/24 08:01:04 | 000,001,470 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
[2009/08/24 02:14:07 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/09/18 07:45:54 | 000,001,515 | ---- | C] () -- C:\Windows\Ctacfg.ini
[2008/09/18 07:45:50 | 000,000,504 | ---- | C] () -- C:\Windows\CtaMCcfg.ini
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL
< End of report >

Extras:
OTL Extras logfile created on: 3/14/2010 5:20:46 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\tkcm\Pictures
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 36.00% Memory free
16.00 Gb Paging File | 11.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 286.43 Gb Free Space | 48.05% Space Free | Partition Type: NTFS
Drive D: | 1.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 308.27 Gb Free Space | 33.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 16.30 Gb Free Space | 1.75% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: GETOUT
Current User Name: tkcm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3648304186-4152115358-1990779111-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\tkcm\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A8D232A5-667B-44C5-AF79-BDFADBFD013B}" = Symantec AntiVirus Win64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}" = UltraMon
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F862F297-2252-47E7-986B-B3EC02ADBF65}" = TortoiseSVN 1.6.5.16974 (64 bit)
"EVGA E-LEET TUNING UTILITY_is1" = EVGA E-LEET TUNING UTILITY 1.05.4
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox™2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B3DFF4C8-50BA-463D-8334-4BAFE7172EA6}" = SB Arena Headset
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies™ Stunts & Effects
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F9F327-2274-B414-B3CA-A2A1084E2E24}" = iTunes Export
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"All2WAV Recorder_is1" = All2WAV Recorder 4.0
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Crysis WARHEAD®" = Crysis WARHEAD®
"Darkest of Days_is1" = Raven Squad
"doubleTwist" = doubleTwist
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit Reader" = Foxit Reader
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free Window Registry Repair" = Free Window Registry Repair
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Gajim" = Gajim
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™ Stunts & Effects
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mideast Crisis 2" = Mideast Crisis 2
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PFPortChecker" = PFPortChecker 1.0.32
"Precision" = EVGA Precision 1.7.1
"PunkBusterSvc" = PunkBuster Services
"Real Deal UpGrade" = Real Deal UpGrade
"Red Faction Guerrilla_is1" = Red Faction Guerrilla
"Shockwave" = Shockwave
"StarCraft II Beta" = StarCraft II Beta
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1250" = Killing Floor
"Steam App 17500" = Zombie Panic! Source
"Steam App 18110" = Shattered Horizon
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 34200" = Aliens vs Predator Demo
"Steam App 35110" = Just Cause 2 Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40140" = Supreme Commander 2 Demo
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 590" = Left 4 Dead 2 Demo
"SysInfo" = Creative System Information
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Videora iPod Converter" = Videora iPod Converter 5.03
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp5MLImpex" = Winamp 5 Media Liabrary Import/Export (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3648304186-4152115358-1990779111-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 9:43:22 PM | Computer Name = getout | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Users\tkcm\AppData\Local\Temp\DWH2360.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 3/12/2010 9:43:22 PM | Computer Name = getout | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Users\tkcm\AppData\Local\Temp\DWH65E7.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 3/12/2010 9:43:22 PM | Computer Name = getout | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Users\tkcm\AppData\Local\Temp\DWHA477.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 3/12/2010 9:43:22 PM | Computer Name = getout | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan Horse in File: C:\Users\tkcm\AppData\Local\Temp\DWHE325.tmp
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 3/13/2010 2:16:51 AM | Computer Name = getout | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/13/2010 2:18:09 AM | Computer Name = getout | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/13/2010 1:28:05 PM | Computer Name = getout | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Winamp\Plugins\gen_G15Display.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/14/2010 12:52:27 AM | Computer Name = getout | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Winamp\Plugins\gen_G15Display.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/14/2010 1:45:46 AM | Computer Name = getout | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/14/2010 1:47:25 AM | Computer Name = getout | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 3/7/2010 9:18:19 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 8:11:31 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 3/7/2010 9:59:31 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 8:42:03 PM - Failed to retrieve NetTV (Error: The operation has timed
out)

Error - 3/7/2010 10:17:07 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 9:05:12 PM - Failed to retrieve MCESpotlight (Error: The operation
has timed out)

Error - 3/7/2010 10:56:03 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 9:40:24 PM - Failed to retrieve MCEClientUX (Error: The operation
has timed out)

Error - 3/7/2010 11:14:59 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 10:02:33 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 3/7/2010 11:18:59 PM | Computer Name = getout | Source = MCUpdate | ID = 0
Description = 10:18:24 PM - Failed to retrieve SportsV2 (Error: The operation has
timed out)

[ System Events ]
Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:40:47 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The TrustedInstaller service failed to start due to the following
error: %%2

Error - 3/14/2010 1:43:19 PM | Computer Name = getout | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 3/14/2010 1:43:19 PM | Computer Name = getout | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >

The GMER program still does not work for me, even in safe mode. The error is still the same "C:\Windows\system32\config\system: The system cannot find the file specified.".

For a further clarification of the problem, basically 30 minutes after I boot up my computer a pop-up appears whether a browser is on or not advertising one of those standard "you won something click this to claim it etc etc". While this is relatively minor, it's been persistent for about a week or two now and all the scans I do seems to never find the problem. Basically my biggest worry is that if I can't find the cause of that, there might be more malicious programs hiding along with it like a keylogger or something like that.

Also I didn't bother with the code bbtag since the logs generate color codes which wouldn't work with [code=auto:0].

scans run: ad-aware, symantic, avg, avast, superspyware, defender.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:16 PM

Posted 15 March 2010 - 12:47 PM

Hello logikv9,

GMER will not run too well on 64 bit systems. The way you posted your logs is just fine, its a lot easier for me to read when its not posted in code or quote tags smile.gif

P2P WARNING
-------------------
Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 logikv9

logikv9
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 17 March 2010 - 08:41 PM

I ran mbam and it seems to have fixed the problem. apparently among the infected files was alg.exe but it was in the wrong place so it was removed. no more popups so i think i'm in the clear.

thanks for the help.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:16 PM

Posted 18 March 2010 - 02:36 AM

Hello, can you please post me the log smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:16 PM

Posted 21 March 2010 - 09:09 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,824 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:16 PM

Posted 28 March 2010 - 12:02 PM

Due to lack of activity, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users