Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen cannot remove


  • This topic is locked This topic is locked
14 replies to this topic

#1 cspeer1978

cspeer1978

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 08 June 2010 - 02:45 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/322466/trojangen-i-cant-get-this-darn-thing-deleted/ ~ OB

Here are my logs, please helpme get this thing out of my system. It attacks randomly, maybe when I open or access an associated file, who knows.
Thanks in advance for any help, this is driving me crazy crazy.gif

DDS (Ver_10-03-17.01) - NTFSX64
Run by Chris at 15:32:44.70 on Tue 06/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4030.2427 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acronis\StorageNode\StorageServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe
C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Alcohol.exe Autorun] c:\program files (x86)\alcohol soft\alcohol 120\Alcohol.exe /startup
mRun: [ccApp] "c:\program files (x86)\common files\symantec shared\ccApp.exe"
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
mRun: []
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [BackupAndRecoveryMonitor.exe] c:\program files (x86)\acronis\backupandrecovery\BackupAndRecoveryMonitor.exe
mRun: [TrayMonitor.exe] c:\program files (x86)\acronis\traymonitor\TrayMonitor.exe
mRun: [Logitech G35] c:\program files (x86)\logitech\g35\G35.exe
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [AcronisTimounterMonitor] c:\program files (x86)\common files\acronis\timounter\TimounterMonitor.exe
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {1CAC107B-8D2C-4409-8AE0-16D51FC37194} = 192.168.1.1,71.250.0.12,71.242.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [lxdimon.exe] "c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe"
mRun-x64: [lxdiamon] "c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe"
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\5jbbrzvi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\common files\acronis\agent\agent.exe [2010-4-1 1877880]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-21 72216]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 MMS;Acronis Managed Machine Service;c:\program files (x86)\acronis\backupandrecovery\mms.exe [2010-4-1 4487384]
R2 MSSQL$ACRONIS;SQL Server (ACRONIS);c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-3-16 240232]
R2 StorageNode;Acronis Storage Node Service;c:\program files (x86)\acronis\storagenode\StorageServer.exe [2010-4-1 14663656]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files (x86)\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-23 1831024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\tuneup utilities 2010\TuneUpUtilitiesService64.exe [2010-5-7 1403208]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2010-4-6 301232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 132656]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\tuneup utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-25 11856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-4-24 1320048]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-21 136176]
S2 SinoTCS;Trusted Platform Core Service (SINOSUN);c:\program files (x86)\sinosun\tpm secure tools\tss\SinoTCS.exe [2010-5-26 720960]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2amd64.sys [2009-5-28 61712]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMamd64.sys [2009-5-28 376848]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-21 19544]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-22 1255736]

=============== Created Last 30 ================

2010-06-08 19:26:13 216 ----a-w- c:\users\chris\defogger_reenable
2010-06-08 03:48:36 45056 ----a-w- c:\windows\syswow64\WNASPI32.DLL
2010-06-08 03:48:30 0 d-----w- c:\program files (x86)\Joboshare
2010-06-08 03:03:19 0 d-----w- c:\programdata\Apple Computer
2010-06-08 02:19:33 0 d-----w- c:\programdata\Apple
2010-06-08 00:39:07 0 d-----w- c:\windows\syswow64\spool
2010-06-08 00:39:07 0 d-----w- c:\programdata\Sony
2010-06-08 00:38:59 0 d-----w- c:\program files (x86)\Sony
2010-06-06 12:36:52 0 d-----w- c:\programdata\WOP
2010-06-06 11:05:26 0 dc----w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2010-06-06 07:01:46 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-06-06 03:25:47 0 d-----w- c:\programdata\PlayFirst
2010-06-06 03:25:27 0 d-----w- c:\program files (x86)\Diner Dash
2010-06-06 03:24:58 0 d-----w- c:\program files (x86)\bfgclient
2010-06-06 03:24:20 0 d-----w- C:\BigFishGamesCache
2010-06-06 03:19:52 0 d-----w- c:\program files (x86)\PlayFirst
2010-06-05 02:26:17 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-06-05 02:25:53 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-06-05 02:21:57 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-06-05 02:21:13 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-06-03 01:03:58 0 d-----w- c:\program files (x86)\VideoLAN
2010-06-03 00:42:54 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-06-03 00:41:25 0 d-----w- c:\program files\common files\LogiShrd
2010-06-03 00:41:20 0 d-----w- c:\users\chris\appdata\roaming\Logishrd
2010-06-03 00:39:13 0 d-----w- c:\program files\Intel
2010-06-03 00:38:52 345800 ----a-w- c:\windows\system32\PROUnstl.exe
2010-06-03 00:38:52 1904 ------w- c:\windows\system32\SetupBD.din
2010-06-02 23:38:38 0 d-----w- c:\program files (x86)\Driver-Soft
2010-06-02 21:56:52 0 d-----w- c:\programdata\Fugazo
2010-06-02 20:37:35 0 d---a-w- c:\programdata\TEMP
2010-06-02 20:37:10 0 d-----w- c:\program files (x86)\Shockwave.com
2010-06-01 19:44:04 0 d-----w- c:\programdata\Solidshield
2010-05-29 21:53:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-29 00:55:59 0 d-----w- c:\program files\Defraggler
2010-05-29 00:52:19 0 d-----w- c:\program files (x86)\CCleaner
2010-05-27 01:41:14 0 d-----w- c:\program files (x86)\SINOSUN
2010-05-27 00:56:49 0 d-----w- c:\users\chris\appdata\roaming\LinkManager 4.0
2010-05-27 00:56:46 0 d-----w- c:\users\chris\appdata\roaming\Visioneer
2010-05-27 00:56:25 0 d-----w- c:\program files (x86)\ScanSoft
2010-05-27 00:37:07 951904 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-05-27 00:29:35 24576 ----a-w- c:\windows\syswow64\AsIO.dll
2010-05-27 00:29:27 0 d-----w- c:\program files (x86)\ASUS
2010-05-26 19:53:19 0 d-----w- c:\windows\system32\appmgmt
2010-05-26 03:29:59 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-26 03:29:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 00:43:28 0 d-----w- c:\users\chris\appdata\roaming\NVIDIA
2010-05-26 00:36:35 0 d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-05-26 00:36:31 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-05-26 00:19:47 0 d-----w- c:\program files (x86)\common files\BioWare
2010-05-26 00:14:11 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-05-26 00:14:10 0 d-----w- c:\program files (x86)\MagicDisc
2010-05-25 23:05:32 0 d-----w- c:\windows\Pixtran
2010-05-25 22:49:31 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-25 22:49:31 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-25 22:49:31 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-25 22:49:31 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-25 22:34:11 0 d-----w- c:\users\chris\appdata\roaming\Globe7
2010-05-25 22:33:06 0 d-----w- c:\program files (x86)\Globe7
2010-05-25 22:15:16 0 d-----w- c:\program files (x86)\Visioneer
2010-05-25 07:00:35 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-05-25 02:29:13 414632 ------w- c:\windows\difxapi.dll
2010-05-25 02:29:13 0 d-----w- c:\program files (x86)\VIA
2010-05-25 02:26:57 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-05-25 02:26:45 1769 ----a-w- c:\windows\Language_trs.ini
2010-05-25 02:26:32 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2010-05-25 02:26:32 82432 ----a-w- c:\windows\system32\nQAPO.dll
2010-05-25 02:09:34 0 d-----w- c:\users\chris\appdata\roaming\Lexmark Productivity Studio
2010-05-25 01:57:42 0 d-----w- c:\program files (x86)\Lexmark 3500-4500 Series
2010-05-25 01:55:37 541184 ----a-w- c:\windows\system32\lxdiinpa.dll
2010-05-25 01:55:14 0 d-----w- c:\program files\Lexmark 3500-4500 Series
2010-05-25 01:36:45 738816 ----a-w- c:\windows\system32\lxdidrs.dll
2010-05-25 01:36:45 54784 ----a-w- c:\windows\system32\lxdicnv4.dll
2010-05-25 01:36:45 24576 ----a-w- c:\windows\system32\lxdicaps.dll
2010-05-25 01:36:44 418816 ----a-w- c:\windows\system32\lxdicoin.dll
2010-05-25 01:36:44 1462272 ----a-w- c:\windows\system32\lxdig.dll
2010-05-25 01:36:44 109056 ----a-w- c:\windows\system32\lxdivs.dll
2010-05-25 01:36:25 0 d-----w- c:\programdata\LogiShrd
2010-05-24 23:57:50 218808 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-05-24 17:20:05 0 d-----w- c:\program files\Microsoft Office
2010-05-24 17:19:44 0 d-----w- c:\programdata\Microsoft Help
2010-05-24 17:17:25 0 d-----w- C:\OUTLOOKTEMP
2010-05-24 17:06:31 0 d-----w- c:\users\chris\appdata\roaming\OpenOffice.org
2010-05-24 17:05:29 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-05-24 17:04:06 0 d-----w- c:\programdata\Sun
2010-05-24 00:44:16 0 d-----w- c:\program files (x86)\Nero
2010-05-24 00:43:45 0 d-----w- c:\programdata\Nero
2010-05-23 23:53:17 34632 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-23 23:53:15 36168 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-23 23:53:15 30024 ----a-w- c:\windows\syswow64\uxtuneup.dll
2010-05-23 23:53:15 25928 ----a-w- c:\windows\system32\authuitu.dll
2010-05-23 23:53:14 21320 ----a-w- c:\windows\syswow64\authuitu.dll
2010-05-23 23:52:40 0 d-----w- c:\users\chris\appdata\roaming\TuneUp Software
2010-05-23 23:52:18 0 d-----w- c:\program files (x86)\TuneUp Utilities 2010
2010-05-23 23:51:42 0 d-----w- c:\programdata\TuneUp Software
2010-05-23 23:51:22 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-22 07:24:11 0 d-----w- c:\windows\syswow64\Wat
2010-05-22 07:24:11 0 d-----w- c:\windows\system32\Wat
2010-05-22 07:03:57 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-22 07:03:57 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-05-21 23:34:33 0 d-----w- c:\windows\Acronis
2010-05-21 23:34:14 275552 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-05-21 23:27:32 0 d-----w- c:\windows\PCHEALTH
2010-05-21 23:27:14 0 d-----w- c:\program files\Microsoft SQL Server
2010-05-21 23:27:12 0 d-----w- c:\program files (x86)\Microsoft SQL Server
2010-05-21 23:22:41 0 d-----w- c:\programdata\Acronis
2010-05-21 23:09:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-05-21 23:09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-05-21 23:08:34 0 d-----w- c:\programdata\Logitech
2010-05-21 23:08:34 0 d-----w- c:\program files\Logitech
2010-05-21 21:57:25 0 d-----w- c:\programdata\Electronic Arts
2010-05-21 21:32:34 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-05-21 21:32:32 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-05-21 21:32:31 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe
2010-05-21 21:17:59 411656 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-05-21 19:11:11 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2010-05-21 19:11:11 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-21 17:44:54 111992 ----a-w- c:\windows\syswow64\acaptuser32.dll
2010-05-21 17:40:48 0 d-----w- c:\programdata\FLEXnet
2010-05-21 17:34:34 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-05-21 17:30:19 0 d-----w- c:\programdata\Adobe
2010-05-21 17:18:31 0 d-----w- c:\program files (x86)\Alcohol Soft
2010-05-21 17:00:46 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-21 16:48:40 0 d-----w- c:\program files\WinRAR
2010-05-21 16:07:29 0 d-----w- c:\program files\PeerBlock
2010-05-21 14:33:35 0 d-----w- c:\windows\syswow64\Macromed
2010-05-21 14:04:24 0 d-----w- c:\programdata\NVIDIA
2010-05-21 14:03:54 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-05-21 14:03:44 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-21 13:59:35 930272 ----a-w- c:\windows\system32\dpinst.exe
2010-05-21 13:59:29 254056 ----a-w- c:\windows\system32\nvcod1914.dll
2010-05-21 13:56:57 0 d-----w- c:\program files\Google
2010-05-21 13:56:52 0 d-----w- c:\programdata\Google
2010-05-21 13:14:22 65072 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-21 13:14:13 18480 ----a-w- c:\windows\system32\drivers\VMparport.sys
2010-05-21 13:14:12 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-21 13:14:10 76336 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-21 13:13:20 53296 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-21 13:13:20 20016 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-21 13:13:13 326192 ----a-w- c:\windows\syswow64\vmnetdhcp.exe
2010-05-21 13:13:08 399920 ----a-w- c:\windows\syswow64\vmnat.exe
2010-05-21 13:13:07 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-21 13:13:03 56368 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-05-21 13:13:03 38960 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-21 13:13:03 24112 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-05-21 13:13:00 920112 ----a-w- c:\windows\system32\vnetlib64.dll
2010-05-21 13:12:39 29744 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-21 13:12:35 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-21 13:12:12 734850 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-05-21 13:11:21 0 d-----w- c:\programdata\VMware
2010-05-21 13:11:04 0 d-----w- c:\program files (x86)\VMware
2010-05-21 11:36:29 220208 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-05-21 11:34:19 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-05-21 11:34:19 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-05-21 11:34:19 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-05-21 11:34:19 0 d-----w- c:\program files\Symantec
2010-05-21 11:33:43 511328 ----a-w- c:\windows\syswow64\capicom.dll
2010-05-21 11:33:43 503808 ----a-w- c:\windows\syswow64\MSVCP71.DLL
2010-05-21 11:33:43 348160 ----a-w- c:\windows\syswow64\MSVCR71.DLL
2010-05-21 11:33:43 1060864 ----a-w- c:\windows\syswow64\MFC71.DLL
2010-05-21 11:33:34 0 d-----w- c:\programdata\Symantec
2010-05-21 11:33:34 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-21 11:33:34 0 d-----w- c:\program files (x86)\Symantec
2010-05-21 11:33:34 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-05-21 09:00:31 0 d-----w- c:\windows\Panther
2010-05-21 08:03:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-21 07:02:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-21 05:40:57 0 d-----w- c:\programdata\LogMeIn
2010-05-21 05:40:50 29496 ----a-w- c:\windows\system32\LMIport.dll
2010-05-21 05:40:48 87384 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-05-21 05:40:48 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-05-21 05:40:40 80696 ----a-w- c:\windows\system32\LMIinit.dll
2010-05-21 05:40:10 0 d-----w- c:\program files (x86)\LogMeIn
2010-05-21 05:38:11 0 d-sh--w- c:\windows\Installer
2010-05-21 05:31:18 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:15:14 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-05-21 05:15:14 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-05-21 05:15:14 139264 ----a-w- c:\windows\system32\cabview.dll
2010-05-21 05:15:14 132608 ----a-w- c:\windows\syswow64\cabview.dll

==================== Find3M ====================

2010-04-25 02:42:04 544368 ----a-w- c:\windows\system32\VIASysFx.dll
2010-04-25 02:41:58 987760 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2010-04-25 02:41:56 83056 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2010-04-25 02:41:54 199280 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2010-04-25 02:41:52 1320048 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2010-04-25 02:41:48 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2010-04-25 02:41:42 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2010-04-17 01:06:36 52784 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2010-04-17 01:06:16 137544 ----a-w- c:\windows\syswow64\SymVPN.dll
2010-04-17 01:06:16 137544 ----a-w- c:\windows\system32\SymVPN.dll
2010-04-17 01:02:16 87368 ----a-w- c:\windows\syswow64\FwsVpn.dll
2010-04-14 04:47:44 91840 ----a-w- c:\windows\system32\NicInstK.dll
2010-04-03 22:42:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-04-02 04:56:24 68264 ----a-w- c:\windows\system32\e1kmsg.dll
2010-03-31 15:27:48 3628 ----a-w- c:\windows\fonts\OneTouchLED.TTF
2010-03-24 21:31:22 225280 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-03-24 21:07:12 963704 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-03-24 21:07:12 861816 ----a-w- c:\windows\system32\accesor.dll
2010-03-24 20:44:02 202360 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-03-24 20:27:52 2245240 ----a-w- c:\windows\system32\ncscolib.dll
2010-03-16 06:53:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 06:53:00 14828648 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 06:53:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 06:53:00 1067624 ----a-w- c:\windows\system32\nvsvc64.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:33:18.14 ===============

Attached Files


Edited by Orange Blossom, 08 June 2010 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 11 June 2010 - 05:26 PM

Hello cspeer1978

Welcome to BleepingComputer smile.gif

Can you post the exact file path to where the threat is found?
==========================
  • Download OTL to your desktop.
  • Double click OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 13 June 2010 - 07:41 PM

Thanks and sorry for the delay.

The risks always are in C:\Users\Chris\Appdata\Temp and always are in the format DWH*.tmp (random letters/numbers after the DWH)

only OTL.txt was output and no Extras.txt, I followed your instructions exactly.

Below are the results of OTL scan as requested:

OTL logfile created on: 6/13/2010 8:34:32 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Chris\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 575.99 Gb Free Space | 82.45% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 162.25 Gb Free Space | 34.84% Space Free | Partition Type: NTFS
Drive E: | 5.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 527.35 Gb Free Space | 56.61% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LANBOXLITE
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe (Alcohol Soft Development Team)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Acronis\StorageNode\StorageServer.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
PRC - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtMonEx.exe (Visioneer Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (lxdi_device) -- C:\Windows\SysNative\lxdicoms.exe ( )
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (StorageNode) -- C:\Program Files (x86)\Acronis\StorageNode\StorageServer.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (MMS) -- C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Acronis)
SRV - (OneTouch 4.0 Monitor) -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxdi_device) -- C:\Windows\SysWow64\lxdicoms.exe ( )
SRV - (SinoTCS) Trusted Platform Core Service (SINOSUN) -- C:\Program Files (x86)\SINOSUN\TPM Secure Tools\TSS\SinoTCS.exe ( SINOSUN Technology)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (CSC) -- C:\Windows\CSC [2010/05/21 04:01:45 | 000,000,000 | ---D | M]
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100613.018\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100613.018\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 52 61 E6 A6 F8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/07 23:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/07 23:03:41 | 000,000,000 | ---D | M]

[2010/05/21 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/05/21 10:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/21 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\5jbbrzvi.default\extensions
[2010/05/25 18:49:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/21 10:31:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/25 18:49:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/05/25 18:49:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:41 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/07 23:03:40 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/07 23:03:40 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/07 23:03:41 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/07 23:03:41 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/07 23:03:41 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/07 23:03:41 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/07 23:03:41 | 000,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Alcohol.exe Autorun] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/09 21:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/10 02:21:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010/01/31 04:21:13 | 000,367,686 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 22:55:03 | 009,965,568 | R--- | M] () - E:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 22:54:55 | 000,000,155 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/11/05 18:29:58 | 000,000,000 | ---D | M] - J:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2009/11/05 16:21:47 | 003,113,608 | R--- | M] (UBISOFT) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/11/04 17:12:54 | 000,000,059 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{00973da6-64fc-11df-bee9-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{00973da6-64fc-11df-bee9-005056c00008}\Shell\AutoRun\command - "" = I:\Autoplay.exe -- File not found
O33 - MountPoints2\{012f0fd3-64af-11df-86e2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{012f0fd3-64af-11df-86e2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/02/09 21:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{0adc29eb-679c-11df-aa78-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0adc29eb-679c-11df-aa78-005056c00008}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{1d1c9d66-685a-11df-a499-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1d1c9d66-685a-11df-a499-005056c00008}\Shell\AutoRun\command - "" = J:\autorun.exe -- [2009/11/05 16:21:47 | 003,113,608 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 20:31:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/06/10 00:18:23 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/10 00:18:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/10 00:18:11 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/10 00:18:11 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/10 00:18:11 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/10 00:18:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/10 00:17:55 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/10 00:17:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/10 00:17:54 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/10 00:17:54 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/10 00:17:53 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/10 00:17:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/10 00:17:53 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/10 00:17:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/10 00:17:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/10 00:17:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/09 11:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unknown Device Identifier
[2010/06/09 10:38:56 | 000,000,000 | ---D | C] -- D:\My Documents\DriverGenius
[2010/06/09 10:29:20 | 084,535,712 | ---- | C] (NVIDIA Corporation) -- D:\My Documents\Nvidia 190.38_desktop_winxp_32bit_english_whql.exe
[2010/06/09 10:29:17 | 000,000,000 | ---D | C] -- D:\My Documents\Updater5
[2010/06/09 10:14:02 | 000,000,000 | ---D | C] -- D:\My Documents\TEMP
[2010/06/09 10:02:47 | 000,000,000 | ---D | C] -- D:\My Documents\TECH BOOKS
[2010/06/09 10:02:47 | 000,000,000 | ---D | C] -- D:\My Documents\Simply Super Software
[2010/06/09 10:02:44 | 000,000,000 | ---D | C] -- D:\My Documents\Scanned
[2010/06/09 10:02:43 | 000,000,000 | ---D | C] -- D:\My Documents\Rockstar Games
[2010/06/09 10:02:43 | 000,000,000 | ---D | C] -- D:\My Documents\RECEIPTS
[2010/06/09 10:02:43 | 000,000,000 | ---D | C] -- D:\My Documents\Re Logmein_files
[2010/06/09 10:02:42 | 000,000,000 | ---D | C] -- D:\My Documents\Outlook Mail
[2010/06/09 10:02:42 | 000,000,000 | ---D | C] -- D:\My Documents\OneTouch Docs
[2010/06/09 10:02:42 | 000,000,000 | ---D | C] -- D:\My Documents\NFS Undercover
[2010/06/09 10:02:42 | 000,000,000 | ---D | C] -- D:\My Documents\My Web Sites
[2010/06/09 10:02:41 | 000,000,000 | ---D | C] -- D:\My Documents\My PaperPort Documents
[2010/06/09 10:02:41 | 000,000,000 | ---D | C] -- D:\My Documents\My OneTouch Archive
[2010/06/09 10:02:41 | 000,000,000 | ---D | C] -- D:\My Documents\My DAP Downloads
[2010/06/09 10:02:40 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2010/06/09 10:02:40 | 000,000,000 | ---D | C] -- D:\My Documents\BioWare
[2010/06/09 10:02:40 | 000,000,000 | ---D | C] -- D:\My Documents\BFBC2
[2010/06/09 07:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetData
[2010/06/07 23:58:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Vegas Videos
[2010/06/07 23:48:36 | 000,045,056 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\WNASPI32.DLL
[2010/06/07 23:48:36 | 000,016,512 | ---- | C] (Adaptec) -- C:\Windows\SysWow64\drivers\ASPI32.SYS
[2010/06/07 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Joboshare
[2010/06/07 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/07 23:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/07 22:26:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2010/06/07 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2010/06/07 22:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/07 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2010/06/07 22:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/07 22:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/07 21:45:23 | 000,000,000 | ---D | C] -- D:\My Documents\BlackBerry BACKUP 06-07-10
[2010/06/07 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Publish Providers
[2010/06/07 20:58:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Sony
[2010/06/07 20:58:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Sony
[2010/06/07 20:39:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/06/07 20:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/06/07 20:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010/06/07 18:53:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Trojan.Gen
[2010/06/06 08:36:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\WOP
[2010/06/06 08:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WOP
[2010/06/06 07:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010/06/06 03:01:46 | 000,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2010/06/05 23:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010/06/05 23:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diner Dash
[2010/06/05 23:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2010/06/05 23:24:20 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010/06/05 23:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PlayFirst
[2010/06/05 23:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayFirst
[2010/06/04 22:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/06/04 22:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/04 22:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/06/04 22:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/06/04 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/04 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/02 21:06:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc
[2010/06/02 21:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/06/02 20:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010/06/02 20:42:54 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/06/02 20:42:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/06/02 20:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/06/02 20:41:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Logitech
[2010/06/02 20:41:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Logishrd
[2010/06/02 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/06/02 20:38:52 | 000,345,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2010/06/02 19:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2010/06/02 17:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/06/02 16:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/02 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shockwave.com
[2010/06/01 20:26:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\britishtv
[2010/06/01 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\CBT Nuggets (CEH v.5) - Hacker Black CD Der Jager
[2010/06/01 15:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010/05/28 20:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/05/28 20:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/05/27 20:39:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Acronis
[2010/05/26 21:41:16 | 000,475,136 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysWow64\TpmOperator.dll
[2010/05/26 21:41:16 | 000,468,992 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysNative\TpmOperator64.dll
[2010/05/26 21:41:16 | 000,182,272 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysNative\KeyStore64.dll
[2010/05/26 21:41:16 | 000,125,440 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysNative\TpmErr64.dll
[2010/05/26 21:41:16 | 000,122,880 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysWow64\TpmErr.dll
[2010/05/26 21:41:16 | 000,110,592 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysWow64\KeyStore.dll
[2010/05/26 21:41:15 | 001,593,344 | ---- | C] (Sinosun Technology co.,ltd) -- C:\Windows\SysNative\SinoTSP64.dll
[2010/05/26 21:41:15 | 001,093,632 | ---- | C] (Sinosun Technology co.,ltd) -- C:\Windows\SysWow64\SinoTSP.dll
[2010/05/26 21:41:14 | 001,035,776 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysNative\sinosuncsp64.dll
[2010/05/26 21:41:14 | 000,380,928 | ---- | C] (SINOSUN Technology) -- C:\Windows\SysWow64\sinosuncsp.dll
[2010/05/26 21:41:14 | 000,049,152 | ---- | C] (SinoSun Technology Co.,Ltd.) -- C:\Windows\SysWow64\tpmddl.dll
[2010/05/26 21:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SINOSUN
[2010/05/26 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\LinkManager 4.0
[2010/05/26 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Visioneer
[2010/05/26 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2010/05/26 20:37:07 | 000,951,904 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/05/26 20:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/05/26 15:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/05/26 08:50:22 | 000,000,000 | ---D | C] -- D:\My Documents\Virtual Machines
[2010/05/25 20:43:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\NVIDIA
[2010/05/25 20:36:35 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010/05/25 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/25 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/05/25 20:17:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Razor1911
[2010/05/25 20:14:11 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/05/25 20:14:11 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/05/25 20:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010/05/25 19:05:32 | 000,000,000 | ---D | C] -- C:\Windows\Pixtran
[2010/05/25 18:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/05/25 18:49:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/25 18:49:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/05/25 18:49:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/05/25 18:49:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/05/25 18:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/05/25 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Globe7
[2010/05/25 18:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Globe7
[2010/05/25 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Visioneer
[2010/05/25 18:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visioneer
[2010/05/25 03:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/05/24 22:29:13 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010/05/24 22:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/05/24 22:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/05/24 22:26:57 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/05/24 22:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/05/24 22:26:32 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/05/24 22:26:32 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/05/24 22:09:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Lexmark Productivity Studio
[2010/05/24 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 3500-4500 Series
[2010/05/24 21:56:39 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2010/05/24 21:56:39 | 000,126,976 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxdilnks.dll
[2010/05/24 21:56:36 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2010/05/24 21:56:36 | 000,143,360 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdijswr.dll
[2010/05/24 21:56:35 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2010/05/24 21:56:35 | 000,503,808 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdiutil.dll
[2010/05/24 21:56:35 | 000,208,896 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdiinsb.dll
[2010/05/24 21:56:35 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdiinsr.dll
[2010/05/24 21:56:35 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdicur.dll
[2010/05/24 21:56:34 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdiins.dll
[2010/05/24 21:56:33 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2010/05/24 21:56:33 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxdigf.dll
[2010/05/24 21:56:33 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2010/05/24 21:56:33 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdicub.dll
[2010/05/24 21:56:33 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxdicu.dll
[2010/05/24 21:56:32 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2010/05/24 21:56:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2010/05/24 21:56:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2010/05/24 21:56:31 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2010/05/24 21:56:31 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2010/05/24 21:56:31 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2010/05/24 21:56:30 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2010/05/24 21:56:30 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2010/05/24 21:56:29 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2010/05/24 21:56:29 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2010/05/24 21:56:29 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\lxdicfg.dll
[2010/05/24 21:55:37 | 000,541,184 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiinpa.dll
[2010/05/24 21:55:37 | 000,474,624 | ---- | C] ( ) -- C:\Windows\SysNative\lxdihcp.dll
[2010/05/24 21:55:36 | 000,714,240 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdiutil.dll
[2010/05/24 21:55:36 | 000,507,904 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiiesc.dll
[2010/05/24 21:55:35 | 001,871,872 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiserv.dll
[2010/05/24 21:55:35 | 001,497,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiusb1.dll
[2010/05/24 21:55:33 | 000,924,160 | ---- | C] ( ) -- C:\Windows\SysNative\lxdipmui.dll
[2010/05/24 21:55:33 | 000,821,760 | ---- | C] ( ) -- C:\Windows\SysNative\lxdilmpm.dll
[2010/05/24 21:55:33 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiprox.dll
[2010/05/24 21:55:33 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysNative\lxdipplc.dll
[2010/05/24 21:55:32 | 000,189,952 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdiinsb.dll
[2010/05/24 21:55:32 | 000,128,512 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdijswr.dll
[2010/05/24 21:55:32 | 000,090,624 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdiinsr.dll
[2010/05/24 21:55:31 | 000,514,480 | ---- | C] ( ) -- C:\Windows\SysNative\lxdiih.exe
[2010/05/24 21:55:31 | 000,236,032 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdiins.dll
[2010/05/24 21:55:29 | 001,086,464 | ---- | C] ( ) -- C:\Windows\SysNative\lxdihbn3.dll
[2010/05/24 21:55:29 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdigf.dll
[2010/05/24 21:55:28 | 000,876,976 | ---- | C] ( ) -- C:\Windows\SysNative\lxdicoms.exe
[2010/05/24 21:55:28 | 000,100,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdicu.dll
[2010/05/24 21:55:28 | 000,073,216 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdicub.dll
[2010/05/24 21:55:28 | 000,022,528 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxdicur.dll
[2010/05/24 21:55:26 | 000,560,640 | ---- | C] ( ) -- C:\Windows\SysNative\lxdicomm.dll
[2010/05/24 21:55:24 | 001,305,088 | ---- | C] ( ) -- C:\Windows\SysNative\lxdicomc.dll
[2010/05/24 21:55:23 | 000,563,632 | ---- | C] ( ) -- C:\Windows\SysNative\lxdicfg.exe
[2010/05/24 21:55:22 | 000,065,536 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\lxdicfg.dll
[2010/05/24 21:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2010/05/24 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010/05/24 21:46:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/05/24 21:36:44 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lxdig.dll
[2010/05/24 21:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010/05/24 21:34:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2010/05/24 21:10:55 | 006,279,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/05/24 21:10:55 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/05/24 21:10:55 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/05/24 21:10:55 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/05/24 21:10:55 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/05/24 21:10:54 | 021,005,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/05/24 21:10:54 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/05/24 21:10:54 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010/05/24 21:10:52 | 011,906,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/05/24 21:10:52 | 009,386,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/05/24 21:10:52 | 003,215,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010/05/24 21:10:52 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/05/24 21:10:52 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/05/24 21:10:52 | 000,384,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/05/24 21:10:52 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/05/24 21:10:51 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/05/24 21:10:51 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/05/24 21:10:51 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/05/24 21:10:51 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/05/24 21:10:51 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/05/24 21:10:50 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/05/24 21:10:50 | 001,592,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/05/24 21:10:50 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/05/24 21:10:50 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010/05/24 21:10:50 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/05/24 19:57:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PunkBuster
[2010/05/24 19:57:35 | 000,000,000 | RH-D | C] -- C:\Users\Chris\AppData\Roaming\SecuROM
[2010/05/24 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\DVD2
[2010/05/24 16:08:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\DVD1
[2010/05/24 13:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/24 13:19:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2010/05/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/05/24 13:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/24 13:17:25 | 000,000,000 | ---D | C] -- C:\OUTLOOKTEMP
[2010/05/24 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2010/05/24 13:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/05/24 13:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/24 11:35:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Nero
[2010/05/23 20:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/05/23 20:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/05/23 20:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010/05/23 19:53:17 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010/05/23 19:53:15 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010/05/23 19:53:15 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010/05/23 19:53:15 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010/05/23 19:53:14 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010/05/23 19:52:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2010/05/23 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010/05/23 19:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/05/23 19:51:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/05/23 19:43:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\TEMP
[2010/05/22 03:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/22 03:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/21 19:34:33 | 000,000,000 | ---D | C] -- C:\Windows\Acronis
[2010/05/21 19:34:14 | 000,275,552 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/05/21 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/05/21 19:27:32 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/21 19:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/05/21 19:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/05/21 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/05/21 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/05/21 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/05/21 19:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Logitech
[2010/05/21 19:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/05/21 19:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/05/21 19:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/05/21 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/05/21 17:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/05/21 17:18:18 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/05/21 17:18:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/05/21 17:18:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/05/21 17:18:18 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/05/21 17:18:17 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/05/21 17:18:17 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/05/21 17:18:16 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/05/21 17:18:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/05/21 17:18:15 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/05/21 17:18:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/05/21 17:18:14 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/05/21 17:18:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/05/21 17:18:14 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/05/21 17:18:14 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/05/21 17:18:13 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/05/21 17:18:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/05/21 17:18:13 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/05/21 17:18:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/05/21 17:18:12 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/05/21 17:18:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/05/21 17:18:12 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/05/21 17:18:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/05/21 17:18:12 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/05/21 17:18:12 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/05/21 17:18:12 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/05/21 17:18:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/05/21 17:18:11 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/05/21 17:18:11 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/05/21 17:18:11 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/05/21 17:18:11 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/05/21 17:18:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/05/21 17:18:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/05/21 17:18:10 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/05/21 17:18:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/05/21 17:18:08 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/05/21 17:18:08 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/05/21 17:18:08 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/05/21 17:18:08 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/05/21 17:18:08 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/05/21 17:18:08 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/05/21 17:18:07 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/05/21 17:18:07 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/05/21 17:18:06 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/05/21 17:18:06 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/05/21 17:18:06 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/05/21 17:18:06 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/05/21 17:18:06 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/05/21 17:18:06 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/05/21 17:18:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/05/21 17:18:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/05/21 17:18:06 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/05/21 17:18:06 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/05/21 17:18:05 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/05/21 17:18:05 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/05/21 17:18:05 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/05/21 17:18:05 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/05/21 17:18:05 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/05/21 17:18:05 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/05/21 17:18:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/05/21 17:18:04 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/05/21 17:18:04 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/05/21 17:18:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/05/21 17:18:02 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/05/21 17:18:02 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/05/21 17:18:02 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/05/21 17:18:02 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/05/21 17:18:02 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/05/21 17:18:02 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/05/21 17:18:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/05/21 17:18:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/05/21 17:18:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/05/21 17:18:01 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/05/21 17:18:01 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/05/21 17:18:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/05/21 17:18:00 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/05/21 17:18:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/05/21 17:18:00 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/05/21 17:18:00 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/05/21 17:18:00 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/05/21 17:18:00 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/05/21 17:17:59 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/05/21 17:17:59 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/05/21 17:17:57 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/05/21 17:17:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/05/21 17:17:57 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/05/21 17:17:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/05/21 17:17:56 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/05/21 17:17:56 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/05/21 17:17:55 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/05/21 17:17:55 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/05/21 17:17:54 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/05/21 17:17:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/05/21 17:17:54 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/05/21 17:17:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/05/21 17:17:54 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/05/21 17:17:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/05/21 17:17:53 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/05/21 17:17:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/05/21 17:17:53 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/05/21 17:17:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/05/21 17:17:52 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/05/21 17:17:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/05/21 17:17:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/05/21 17:17:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/05/21 17:17:51 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/05/21 17:17:51 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/05/21 17:17:50 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/05/21 17:17:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/05/21 17:17:50 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/05/21 17:17:50 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/05/21 17:17:48 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/05/21 17:17:48 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/05/21 17:17:48 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/05/21 17:17:48 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/05/21 17:17:48 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/05/21 17:17:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/05/21 17:17:45 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/05/21 17:17:45 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/05/21 17:17:44 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/05/21 17:17:44 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/05/21 17:17:44 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/05/21 17:17:44 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/05/21 17:17:44 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/05/21 17:17:44 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/05/21 17:17:43 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/05/21 17:17:43 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/05/21 17:17:43 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/05/21 17:17:43 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/05/21 17:17:42 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/05/21 17:17:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/05/21 17:17:42 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/05/21 17:17:42 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/05/21 17:17:42 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/05/21 17:17:42 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/05/21 17:17:41 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/05/21 17:17:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/05/21 17:17:41 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/05/21 17:17:41 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/05/21 17:17:39 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/05/21 17:17:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/05/21 17:17:35 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/05/21 17:17:35 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/05/21 17:17:35 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/05/21 17:17:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/05/21 17:17:35 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/05/21 17:17:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/05/21 17:17:34 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/05/21 17:17:34 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/05/21 17:17:34 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/05/21 17:17:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/05/21 17:17:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/05/21 17:17:33 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/05/21 17:17:33 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/05/21 17:17:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/05/21 17:17:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/05/21 17:17:33 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/05/21 17:17:32 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/05/21 17:17:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/05/21 15:11:11 | 000,052,568 | R--- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2010/05/21 15:11:11 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/05/21 13:44:54 | 000,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\acaptuser32.dll
[2010/05/21 13:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/05/21 13:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/05/21 13:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/21 13:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/05/21 13:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/05/21 13:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/05/21 13:00:46 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/05/21 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2010/05/21 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/21 12:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/05/21 11:54:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2010/05/21 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2010/05/21 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2010/05/21 10:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/05/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2010/05/21 10:31:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Mozilla
[2010/05/21 10:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/05/21 10:10:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\VMware
[2010/05/21 10:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/05/21 10:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/05/21 10:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/21 09:59:35 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2010/05/21 09:59:29 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010/05/21 09:58:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Google
[2010/05/21 09:57:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2010/05/21 09:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/21 09:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/21 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/05/21 09:14:22 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2010/05/21 09:14:13 | 000,018,480 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMparport.sys
[2010/05/21 09:14:12 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2010/05/21 09:14:10 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2010/05/21 09:13:20 | 000,020,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetadapter.sys
[2010/05/21 09:13:13 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2010/05/21 09:13:08 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2010/05/21 09:13:07 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2010/05/21 09:13:03 | 000,056,368 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\vmnetbridge.dll
[2010/05/21 09:13:03 | 000,038,960 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetbridge.sys
[2010/05/21 09:13:03 | 000,024,112 | R--- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnet.sys
[2010/05/21 09:13:00 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2010/05/21 09:12:39 | 000,029,744 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2010/05/21 09:12:35 | 000,037,680 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmusb.sys
[2010/05/21 09:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/05/21 09:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2010/05/21 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2010/05/21 07:36:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Symantec
[2010/05/21 07:36:29 | 000,220,208 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2010/05/21 07:34:19 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/05/21 07:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/21 07:33:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL
[2010/05/21 07:33:43 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2010/05/21 07:33:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.DLL
[2010/05/21 07:33:43 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.DLL
[2010/05/21 07:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/21 07:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/05/21 07:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/05/21 07:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2010/05/21 05:00:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/21 04:06:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/21 04:01:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/21 03:03:15 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/05/21 03:03:15 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/05/21 03:03:14 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/05/21 03:03:13 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/05/21 03:03:12 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/05/21 03:03:12 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/05/21 03:03:11 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/05/21 03:03:11 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/05/21 03:03:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/05/21 03:03:04 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/05/21 03:03:04 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/05/21 03:03:04 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/05/21 03:03:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/05/21 03:03:04 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/05/21 03:03:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/05/21 03:03:04 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/05/21 03:03:04 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/05/21 03:03:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/05/21 03:03:03 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/05/21 03:03:03 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/05/21 03:03:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/05/21 03:03:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/05/21 03:03:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/05/21 03:03:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/05/21 03:02:58 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/05/21 03:02:58 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/05/21 03:02:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/05/21 03:02:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/05/21 03:02:56 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/21 03:02:56 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/05/21 03:02:56 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/05/21 03:02:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/05/21 03:02:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/05/21 03:02:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/05/21 03:02:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/05/21 03:02:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/05/21 03:02:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/05/21 03:02:41 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/05/21 03:02:38 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/05/21 03:02:38 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/05/21 03:02:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/05/21 03:02:38 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/05/21 03:02:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/05/21 03:02:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/05/21 03:02:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/05/21 03:02:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/05/21 03:02:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/05/21 03:02:35 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/05/21 03:02:35 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/05/21 03:02:35 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/05/21 03:02:31 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/05/21 03:02:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/05/21 03:02:29 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/05/21 03:02:29 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/05/21 03:02:26 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/05/21 03:02:26 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/05/21 03:02:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/05/21 03:02:26 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/05/21 03:02:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/05/21 03:02:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/05/21 03:02:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/05/21 03:02:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/05/21 01:40:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\LogMeIn
[2010/05/21 01:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010/05/21 01:40:50 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/05/21 01:40:48 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/05/21 01:40:48 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll.000.bak
[2010/05/21 01:40:48 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2010/05/21 01:40:40 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/05/21 01:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2010/05/21 01:38:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/21 01:37:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2010/05/21 01:37:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2010/05/21 01:15:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/05/21 01:15:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/05/21 01:15:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/05/21 01:15:14 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/05/21 01:14:36 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2010/05/21 01:14:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2010/05/21 01:14:26 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2010/05/21 01:14:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2010/05/21 01:14:16 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2010/05/21 01:14:16 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2010/05/21 01:14:16 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2010/05/21 01:14:16 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2010/05/21 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2010/05/21 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2010/05/21 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 20:37:08 | 002,097,152 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010/06/13 20:31:54 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010/06/13 20:03:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/13 10:02:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/13 02:47:17 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 02:47:17 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/10 03:24:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/10 03:24:08 | 000,443,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 03:24:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/10 03:23:39 | 3169,345,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/10 03:20:29 | 002,457,799 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010/06/10 03:20:07 | 000,000,110 | ---- | M] () -- D:\My Documents\ax_files.xml
[2010/06/10 01:41:38 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010/06/10 01:41:38 | 000,033,152 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010/06/10 01:41:37 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010/06/09 18:59:44 | 000,783,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/09 18:59:44 | 000,664,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/09 18:59:44 | 000,122,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/09 15:15:07 | 031,408,513 | ---- | M] () -- C:\Users\Chris\Desktop\Popular Science - January 2010.pdf
[2010/06/09 15:07:23 | 058,282,463 | ---- | M] () -- C:\Users\Chris\Desktop\TopGear Magazine (Apr 2009).pdf
[2010/06/09 12:55:39 | 366,767,106 | ---- | M] () -- C:\Users\Chris\Desktop\Glee.S01E22.HDTV.XviD-LOL.avi
[2010/06/09 11:34:31 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/06/09 10:00:55 | 015,675,233 | ---- | M] () -- D:\My Documents\RMF_SaveSearch 06-09-10.rsv
[2010/06/08 15:26:14 | 000,000,216 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2010/06/06 07:41:03 | 1357,966,420 | ---- | M] () -- C:\Users\Chris\Desktop\She's Out of My League (2010) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi
[2010/06/06 03:03:01 | 000,734,850 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/04 22:48:00 | 000,001,354 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/06/04 22:47:19 | 000,115,760 | ---- | M] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/04 22:37:02 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/06/04 22:23:01 | 000,000,672 | ---- | M] () -- C:\Users\Chris\Desktop\MEDIA SAVED - Shortcut.lnk
[2010/06/04 20:54:36 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/06/04 20:54:36 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/03 21:51:57 | 1483,225,088 | ---- | M] () -- C:\Users\Chris\Desktop\PrisM-rh-TS.avi
[2010/06/02 20:42:54 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010/06/02 19:40:17 | 000,000,017 | ---- | M] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2010/06/01 22:58:40 | 141,948,311 | ---- | M] () -- C:\Users\Chris\Desktop\LadyGaga Telephone Music Video.mov
[2010/06/01 19:21:12 | 000,000,651 | ---- | M] () -- C:\Users\Chris\Desktop\SOFTWARE - Shortcut.lnk
[2010/06/01 19:06:46 | 044,571,001 | ---- | M] () -- C:\Users\Chris\Desktop\PC World - June 2010 (7Summits).pdf
[2010/06/01 18:57:42 | 008,503,672 | ---- | M] () -- C:\Users\Chris\Desktop\PC Magazine - June 2010 (Malestrom).pdf
[2010/06/01 14:04:49 | 1478,299,040 | ---- | M] () -- C:\Users\Chris\Desktop\Prince of Persia The Sands of Time TS XViD IMAGiNE.avi
[2010/06/01 09:53:21 | 000,000,230 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2010/05/29 17:53:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/27 03:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/27 02:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/27 00:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 23:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/26 20:37:08 | 000,951,904 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/05/26 01:42:57 | 000,011,929 | ---- | M] () -- D:\My Documents\MassEffectConfigReport2010-05-25.xml
[2010/05/25 20:14:45 | 000,000,989 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/25 18:49:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/25 18:49:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/05/25 18:49:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/05/25 18:49:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/05/24 22:19:26 | 000,072,488 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/05/24 18:08:20 | 000,028,654 | ---- | M] () -- D:\My Documents\MS keys.pdf
[2010/05/23 22:11:35 | 3884,572,672 | ---- | M] () -- C:\Users\Chris\Desktop\rld-avtr.iso
[2010/05/21 19:34:14 | 000,275,552 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/05/21 19:09:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/05/21 19:09:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/05/21 17:32:32 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/21 17:32:32 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/21 13:00:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/05/21 09:12:26 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/05/21 07:34:34 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/05/21 07:34:34 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/05/21 07:34:34 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/05/21 04:05:36 | 000,040,833 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/21 04:05:36 | 000,040,833 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/21 04:03:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/21 03:15:12 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/21 03:15:11 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/21 03:15:11 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/21 01:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/21 01:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/05/21 01:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/21 01:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/05/21 01:14:16 | 000,000,020 | -HS- | M] () -- C:\Users\Chris\ntuser.ini
[2010/05/20 23:15:32 | 000,036,087 | ---- | M] () -- D:\My Documents\9784284_WF_CERT_NAM.pdf
[2010/05/20 23:15:32 | 000,000,026 | ---- | M] () -- D:\My Documents\9784284_WF_CERT_NAM.pdf~Zone.Identifier
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/09 18:40:56 | 1483,225,088 | ---- | C] () -- C:\Users\Chris\Desktop\PrisM-rh-TS.avi
[2010/06/09 18:38:29 | 1357,966,420 | ---- | C] () -- C:\Users\Chris\Desktop\She's Out of My League (2010) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro.avi
[2010/06/09 18:35:11 | 141,948,311 | ---- | C] () -- C:\Users\Chris\Desktop\LadyGaga Telephone Music Video.mov
[2010/06/09 18:34:22 | 366,767,106 | ---- | C] () -- C:\Users\Chris\Desktop\Glee.S01E22.HDTV.XviD-LOL.avi
[2010/06/09 18:30:39 | 058,282,463 | ---- | C] () -- C:\Users\Chris\Desktop\TopGear Magazine (Apr 2009).pdf
[2010/06/09 18:20:33 | 031,408,513 | ---- | C] () -- C:\Users\Chris\Desktop\Popular Science - January 2010.pdf
[2010/06/09 18:17:49 | 042,527,690 | ---- | C] () -- C:\Users\Chris\Desktop\Maximum PC 2010-03.pdf
[2010/06/09 10:29:27 | 001,081,832 | ---- | C] () -- D:\My Documents\USB PASSWORDSecurFlashInstall_v8.2.exe
[2010/06/09 10:29:27 | 000,438,720 | ---- | C] () -- D:\My Documents\Wireless_Broadband_Router.conf
[2010/06/09 10:29:27 | 000,210,732 | ---- | C] () -- D:\My Documents\STUDENT LOAN Consolidation157688038_032720071705.PDF
[2010/06/09 10:29:27 | 000,086,016 | ---- | C] () -- D:\My Documents\tracys1119.doc
[2010/06/09 10:29:27 | 000,085,433 | ---- | C] () -- D:\My Documents\Tracy Christmas 06 order.pdf
[2010/06/09 10:29:27 | 000,048,156 | ---- | C] () -- D:\My Documents\Working Solutions applicantform.pdf
[2010/06/09 10:29:27 | 000,047,916 | ---- | C] () -- D:\My Documents\Stern & Associates - Memory 03-28-07.pdf
[2010/06/09 10:29:27 | 000,015,872 | ---- | C] () -- D:\My Documents\Tracy Diet Log.xls
[2010/06/09 10:29:27 | 000,013,278 | ---- | C] () -- D:\My Documents\TD Register.xlsx
[2010/06/09 10:29:27 | 000,000,542 | ---- | C] () -- D:\My Documents\TV Listings - tvguide.com.url
[2010/06/09 10:29:27 | 000,000,026 | ---- | C] () -- D:\My Documents\Wireless_Broadband_Router.conf~Zone.Identifier
[2010/06/09 10:29:27 | 000,000,026 | ---- | C] () -- D:\My Documents\STUDENT LOAN Consolidation157688038_032720071705.PDF~Zone.Identifier
[2010/06/09 10:29:26 | 001,593,290 | ---- | C] () -- D:\My Documents\Stellar Phoenix NTFS Scan.DAT
[2010/06/09 10:29:26 | 001,593,290 | ---- | C] () -- D:\My Documents\Stellar Phoenix NTFS Scan 10-09.DAT
[2010/06/09 10:29:26 | 001,281,304 | ---- | C] () -- D:\My Documents\Stellar Phoenix NTFS Scan PINNACLE DRIVE 5PM.DAT
[2010/06/09 10:29:26 | 000,038,512 | ---- | C] () -- D:\My Documents\Sovereign Credit APP.pdf
[2010/06/09 10:29:26 | 000,000,026 | ---- | C] () -- D:\My Documents\SlownessAI30edit.PNG~Zone.Identifier
[2010/06/09 10:29:25 | 001,200,945 | ---- | C] () -- D:\My Documents\SlownessAI30.png
[2010/06/09 10:29:25 | 000,986,025 | ---- | C] () -- D:\My Documents\SlownessAI30edit.PNG
[2010/06/09 10:29:25 | 000,046,169 | ---- | C] () -- D:\My Documents\Sirius Activation.pdf
[2010/06/09 10:29:25 | 000,037,927 | ---- | C] () -- D:\My Documents\Slowness%20AI%2030_disp800.jpg
[2010/06/09 10:29:25 | 000,024,064 | ---- | C] () -- D:\My Documents\Sirius ID #.doc
[2010/06/09 10:29:25 | 000,000,026 | ---- | C] () -- D:\My Documents\SlownessAI30.png~Zone.Identifier
[2010/06/09 10:29:24 | 000,960,119 | ---- | C] () -- D:\My Documents\scrn00101.png
[2010/06/09 10:29:24 | 000,040,892 | ---- | C] () -- D:\My Documents\resume monster sent.pdf
[2010/06/09 10:29:24 | 000,037,376 | ---- | C] () -- D:\My Documents\resume 10-12-06.doc
[2010/06/09 10:29:24 | 000,037,376 | ---- | C] () -- D:\My Documents\resume 09-03-07.doc
[2010/06/09 10:29:24 | 000,034,816 | ---- | C] () -- D:\My Documents\resume Chris Speer.doc
[2010/06/09 10:29:24 | 000,034,816 | ---- | C] () -- D:\My Documents\resume Chris Speer Feb 08.doc
[2010/06/09 10:29:24 | 000,032,768 | ---- | C] () -- D:\My Documents\Psych Dotors.doc
[2010/06/09 10:29:24 | 000,028,160 | ---- | C] () -- D:\My Documents\Public Lands Lab - SCI200Y.doc
[2010/06/09 10:29:24 | 000,022,852 | ---- | C] () -- D:\My Documents\Re Logmein.htm
[2010/06/09 10:29:24 | 000,014,358 | ---- | C] () -- D:\My Documents\ProFlowers 2-14-07.pdf
[2010/06/09 10:29:24 | 000,011,293 | ---- | C] () -- D:\My Documents\PYNE LICENSE KEYS.pdf
[2010/06/09 10:29:24 | 000,006,418 | ---- | C] () -- D:\My Documents\REGISTRY BACKUP.reg
[2010/06/09 10:29:24 | 000,005,324 | ---- | C] () -- D:\My Documents\Psych Dotors.zip
[2010/06/09 10:29:24 | 000,000,026 | ---- | C] () -- D:\My Documents\Premier Pay 9-21-09.rtf~Zone.Identifier
[2010/06/09 10:29:23 | 006,049,913 | ---- | C] () -- D:\My Documents\Premier Pay 9-21-09.rtf
[2010/06/09 10:29:23 | 000,083,028 | ---- | C] () -- D:\My Documents\PAYPALINVOICE070609.pdf
[2010/06/09 10:29:23 | 000,057,573 | ---- | C] () -- D:\My Documents\Pre Form RWJ.pdf
[2010/06/09 10:29:23 | 000,021,879 | ---- | C] () -- D:\My Documents\NYC Ticket.pdf
[2010/06/09 10:29:23 | 000,015,632 | ---- | C] () -- D:\My Documents\order 4-1-7.pdf
[2010/06/09 10:29:23 | 000,001,505 | ---- | C] () -- D:\My Documents\OldNavy and CapitlOne Pay5-14-09.rtf
[2010/06/09 10:29:23 | 000,001,143 | ---- | C] () -- D:\My Documents\OldNavyPay5-14-09.rtf
[2010/06/09 10:29:23 | 000,000,026 | ---- | C] () -- D:\My Documents\Nvidia 190.38_desktop_winxp_32bit_english_whql.exe~Zone.Identifier
[2010/06/09 10:29:20 | 007,524,922 | ---- | C] () -- D:\My Documents\MOV00736.AVI
[2010/06/09 10:29:20 | 000,033,499 | ---- | C] () -- D:\My Documents\Newgg HSF 09-24-07.pdf
[2010/06/09 10:29:20 | 000,028,654 | ---- | C] () -- D:\My Documents\MS keys.pdf
[2010/06/09 10:29:20 | 000,025,711 | ---- | C] () -- D:\My Documents\NewEgg order 7-14-09.pdf
[2010/06/09 10:29:20 | 000,024,064 | ---- | C] () -- D:\My Documents\NEW JERSEY MANUFACTURERS INSURANCE CO.doc
[2010/06/09 10:29:20 | 000,000,583 | ---- | C] () -- D:\My Documents\My Sharing Folders.lnk
[2010/06/09 10:29:19 | 007,334,347 | ---- | C] () -- D:\My Documents\Foxconn G33M Motherboard Manual.pdf
[2010/06/09 10:29:19 | 002,631,828 | ---- | C] () -- D:\My Documents\Manual.pdf
[2010/06/09 10:29:19 | 002,484,916 | ---- | C] () -- D:\My Documents\MOV00680.AVI
[2010/06/09 10:29:19 | 000,907,693 | ---- | C] () -- D:\My Documents\LoaderBackup-(2010-04-27).ipd
[2010/06/09 10:29:19 | 000,414,433 | ---- | C] () -- D:\My Documents\IOGEAR USB DRIVERS GIC251U_NEC_v2_1_9.zip
[2010/06/09 10:29:19 | 000,226,543 | ---- | C] () -- D:\My Documents\HomeLoadChecklist.pdf
[2010/06/09 10:29:19 | 000,125,440 | ---- | C] () -- D:\My Documents\Fairhaven Labor Report 05-03 to 10-06.xls
[2010/06/09 10:29:19 | 000,082,156 | ---- | C] () -- D:\My Documents\linensandthings 12-1-07.MDI
[2010/06/09 10:29:19 | 000,080,620 | ---- | C] () -- D:\My Documents\linensandthings.MDI
[2010/06/09 10:29:19 | 000,052,007 | ---- | C] () -- D:\My Documents\MOM order.pdf
[2010/06/09 10:29:19 | 000,041,054 | ---- | C] () -- D:\My Documents\EZPASSNY payment 06-29-09.pdf
[2010/06/09 10:29:19 | 000,038,400 | ---- | C] () -- D:\My Documents\FW License Code for Stellar Phoenix NTFS - Single User Download (element 5 Ref # 82631345).msg
[2010/06/09 10:29:19 | 000,037,392 | ---- | C] () -- D:\My Documents\linksys.cfg
[2010/06/09 10:29:19 | 000,032,925 | ---- | C] () -- D:\My Documents\MOM laptop.pdf
[2010/06/09 10:29:19 | 000,032,268 | ---- | C] () -- D:\My Documents\Form Confirm.pdf
[2010/06/09 10:29:19 | 000,031,232 | ---- | C] () -- D:\My Documents\Maya Angelou.doc
[2010/06/09 10:29:19 | 000,029,981 | ---- | C] () -- D:\My Documents\EZPASS 9-2-09paymentconfirm.pdf
[2010/06/09 10:29:19 | 000,027,081 | ---- | C] () -- D:\My Documents\Home Purchase Loan_ Home Loans_ Mortgage Rates - LowerMyBills.pdf
[2010/06/09 10:29:19 | 000,026,624 | ---- | C] () -- D:\My Documents\lease.doc
[2010/06/09 10:29:19 | 000,025,600 | ---- | C] () -- D:\My Documents\Food Lab SCI200.doc
[2010/06/09 10:29:19 | 000,024,064 | ---- | C] () -- D:\My Documents\Karen contact.doc
[2010/06/09 10:29:19 | 000,024,064 | ---- | C] () -- D:\My Documents\EZPASS ACCOUNT INFO.doc
[2010/06/09 10:29:19 | 000,022,365 | ---- | C] () -- D:\My Documents\Fairhaven Labor Report 05-03 to 10-06.pdf
[2010/06/09 10:29:19 | 000,022,016 | ---- | C] () -- D:\My Documents\Implant sales.xls
[2010/06/09 10:29:19 | 000,019,968 | ---- | C] () -- D:\My Documents\Hi Craig and Alma.doc
[2010/06/09 10:29:19 | 000,012,878 | ---- | C] () -- D:\My Documents\Insurance PAID.pdf
[2010/06/09 10:29:19 | 000,011,929 | ---- | C] () -- D:\My Documents\MassEffectConfigReport2010-05-25.xml
[2010/06/09 10:29:19 | 000,010,102 | ---- | C] () -- D:\My Documents\Geico pics taken.docx
[2010/06/09 10:29:19 | 000,009,907 | ---- | C] () -- D:\My Documents\Geico Policy Number.docx
[2010/06/09 10:29:19 | 000,004,582 | ---- | C] () -- D:\My Documents\ICC Erin Scan.csv
[2010/06/09 10:29:19 | 000,000,134 | ---- | C] () -- D:\My Documents\LINKSYS ROUTER.url
[2010/06/09 10:29:19 | 000,000,026 | ---- | C] () -- D:\My Documents\linksys.cfg~Zone.Identifier
[2010/06/09 10:29:19 | 000,000,026 | ---- | C] () -- D:\My Documents\IOGEAR USB DRIVERS GIC251U_NEC_v2_1_9.zip~Zone.Identifier
[2010/06/09 10:29:18 | 002,773,953 | ---- | C] () -- D:\My Documents\DSC00735.JPG
[2010/06/09 10:29:18 | 002,694,628 | ---- | C] () -- D:\My Documents\DSC00734.JPG
[2010/06/09 10:29:18 | 002,591,329 | ---- | C] () -- D:\My Documents\DSC00742.JPG
[2010/06/09 10:29:17 | 000,960,119 | ---- | C] () -- D:\My Documents\AI30.png
[2010/06/09 10:29:17 | 000,584,704 | ---- | C] () -- D:\My Documents\Cold Air Intake.doc
[2010/06/09 10:29:17 | 000,330,824 | ---- | C] () -- D:\My Documents\2009TaxReturn.PDF
[2010/06/09 10:29:17 | 000,237,644 | ---- | C] () -- D:\My Documents\2008TaxReturn.PDF
[2010/06/09 10:29:17 | 000,220,694 | ---- | C] () -- D:\My Documents\2008TaxReturn[1].pdf
[2010/06/09 10:29:17 | 000,145,408 | ---- | C] () -- D:\My Documents\Allied Extruders Labor Report 08-06 to 05-07.xls
[2010/06/09 10:29:17 | 000,143,872 | ---- | C] () -- D:\My Documents\Allied Extruders Labor Report 06-06 to 05-07.xls
[2010/06/09 10:29:17 | 000,054,015 | ---- | C] () -- D:\My Documents\AIPM - Labor Report Feb 06.pdf
[2010/06/09 10:29:17 | 000,053,242 | ---- | C] () -- D:\My Documents\AIPM - Labor Report Mar 06.pdf
[2010/06/09 10:29:17 | 000,050,347 | ---- | C] () -- D:\My Documents\Doctors Marriage.pdf
[2010/06/09 10:29:17 | 000,040,607 | ---- | C] () -- D:\My Documents\Chris Dell.pdf
[2010/06/09 10:29:17 | 000,036,087 | ---- | C] () -- D:\My Documents\9784284_WF_CERT_NAM.pdf
[2010/06/09 10:29:17 | 000,033,865 | ---- | C] () -- D:\My Documents\Allied Extruders Labor Report 08-06 to 05-07 rev.pdf
[2010/06/09 10:29:17 | 000,033,776 | ---- | C] () -- D:\My Documents\Allied Extruders Labor Report 08-06 to 05-07.pdf
[2010/06/09 10:29:17 | 000,031,910 | ---- | C] () -- D:\My Documents\8852648_WF_CERT_NAM.pdf
[2010/06/09 10:29:17 | 000,031,007 | ---- | C] () -- D:\My Documents\Allied Extruders Labor Report 06-06 to 05-07.pdf
[2010/06/09 10:29:17 | 000,028,898 | ---- | C] () -- D:\My Documents\AccountCentral brought to you by Direct Merchants Bank.htm
[2010/06/09 10:29:17 | 000,024,064 | ---- | C] () -- D:\My Documents\Aida.doc
[2010/06/09 10:29:17 | 000,021,775 | ---- | C] () -- D:\My Documents\Dr Doss Order Print.pdf
[2010/06/09 10:29:17 | 000,021,673 | ---- | C] () -- D:\My Documents\Dr. Doss HP Warranty.pdf
[2010/06/09 10:29:17 | 000,021,010 | ---- | C] () -- D:\My Documents\December 2009 www.firstenergycorp.com - oneTimeBankDraf.pdf
[2010/06/09 10:29:17 | 000,020,034 | ---- | C] () -- D:\My Documents\AccountCentral brought to you by HSBC.htm
[2010/06/09 10:29:17 | 000,019,579 | ---- | C] () -- D:\My Documents\Dr Doss Claim 9-19-07.pdf
[2010/06/09 10:29:17 | 000,017,325 | ---- | C] () -- D:\My Documents\CapitalonePay07-08-09.pdf
[2010/06/09 10:29:17 | 000,017,090 | ---- | C] () -- D:\My Documents\Dr Doss Unit Config.pdf
[2010/06/09 10:29:17 | 000,016,896 | ---- | C] () -- D:\My Documents\Diet Log.xls
[2010/06/09 10:29:17 | 000,016,760 | ---- | C] () -- D:\My Documents\AoC order GAMESTOP 5-16-08.pdf
[2010/06/09 10:29:17 | 000,016,232 | ---- | C] () -- D:\My Documents\CreditOnePAY07-08-09.pdf
[2010/06/09 10:29:17 | 000,015,601 | ---- | C] () -- D:\My Documents\AO 3-28.pdf
[2010/06/09 10:29:17 | 000,014,400 | ---- | C] () -- D:\My Documents\2010 TAXES RECEIPT taxes.hrblock.com - HRBlock.TaxApplication.pdf
[2010/06/09 10:29:17 | 000,012,958 | ---- | C] () -- D:\My Documents\Cover Letter.docx
[2010/06/09 10:29:17 | 000,010,186 | ---- | C] () -- D:\My Documents\BILLS.docx
[2010/06/09 10:29:17 | 000,009,862 | ---- | C] () -- D:\My Documents\Adobe customer number 156735229.docx
[2010/06/09 10:29:17 | 000,004,949 | ---- | C] () -- D:\My Documents\DEC09 servicing.capitalone.com - SchedulePayme.pdf
[2010/06/09 10:29:17 | 000,002,598 | ---- | C] () -- D:\My Documents\Certificate Export.pfx
[2010/06/09 10:29:17 | 000,001,590 | ---- | C] () -- D:\My Documents\Computer Management.lnk
[2010/06/09 10:29:17 | 000,000,371 | ---- | C] () -- D:\My Documents\Date-Time Screen.csc
[2010/06/09 10:29:17 | 000,000,205 | ---- | C] () -- D:\My Documents\astro login.rtf
[2010/06/09 10:29:17 | 000,000,110 | ---- | C] () -- D:\My Documents\ax_files.xml
[2010/06/09 10:29:17 | 000,000,026 | ---- | C] () -- D:\My Documents\9784284_WF_CERT_NAM.pdf~Zone.Identifier
[2010/06/09 10:29:17 | 000,000,026 | ---- | C] () -- D:\My Documents\8852648_WF_CERT_NAM.pdf~Zone.Identifier
[2010/06/09 10:29:17 | 000,000,026 | ---- | C] () -- D:\My Documents\2009TaxReturn.PDF~Zone.Identifier
[2010/06/09 10:29:17 | 000,000,026 | ---- | C] () -- D:\My Documents\2008TaxReturn.PDF~Zone.Identifier
[2010/06/09 09:57:43 | 015,675,233 | ---- | C] () -- D:\My Documents\RMF_SaveSearch 06-09-10.rsv
[2010/06/08 15:26:13 | 000,000,216 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2010/06/04 22:48:00 | 000,001,354 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/06/04 22:23:01 | 000,000,672 | ---- | C] () -- C:\Users\Chris\Desktop\MEDIA SAVED - Shortcut.lnk
[2010/06/02 20:38:52 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2010/06/02 19:40:17 | 000,000,017 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2010/06/01 19:21:12 | 000,000,651 | ---- | C] () -- C:\Users\Chris\Desktop\SOFTWARE - Shortcut.lnk
[2010/06/01 19:20:38 | 008,503,672 | ---- | C] () -- C:\Users\Chris\Desktop\PC Magazine - June 2010 (Malestrom).pdf
[2010/06/01 19:20:28 | 044,571,001 | ---- | C] () -- C:\Users\Chris\Desktop\PC World - June 2010 (7Summits).pdf
[2010/06/01 15:42:16 | 1478,299,040 | ---- | C] () -- C:\Users\Chris\Desktop\Prince of Persia The Sands of Time TS XViD IMAGiNE.avi
[2010/05/29 17:53:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/05/26 21:41:15 | 001,404,416 | ---- | C] () -- C:\Windows\SysNative\libeay64.dll
[2010/05/26 21:41:15 | 000,872,448 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010/05/26 20:29:38 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/05/26 20:29:35 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/26 20:29:35 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/25 20:14:45 | 000,000,989 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/05/24 22:26:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/24 21:56:40 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2010/05/24 21:56:40 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2010/05/24 21:56:33 | 000,965,785 | ---- | C] () -- C:\Windows\SysWow64\lxdihelp.chm
[2010/05/24 21:56:29 | 000,001,900 | ---- | C] () -- C:\Windows\SysWow64\lxdi.loc
[2010/05/24 21:55:37 | 000,434,176 | ---- | C] () -- C:\Windows\SysNative\lxdiinst.dll
[2010/05/24 21:55:31 | 000,965,785 | ---- | C] () -- C:\Windows\SysNative\lxdihelp.chm
[2010/05/24 21:55:29 | 000,299,520 | ---- | C] () -- C:\Windows\SysNative\lxdigrd.dll
[2010/05/24 21:55:22 | 000,072,488 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2010/05/24 21:55:22 | 000,001,900 | ---- | C] () -- C:\Windows\SysNative\lxdi.loc
[2010/05/24 21:36:45 | 000,738,816 | ---- | C] () -- C:\Windows\SysNative\lxdidrs.dll
[2010/05/24 21:36:45 | 000,054,784 | ---- | C] () -- C:\Windows\SysNative\lxdicnv4.dll
[2010/05/24 21:36:45 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\lxdicaps.dll
[2010/05/24 21:36:44 | 000,418,816 | ---- | C] () -- C:\Windows\SysNative\lxdicoin.dll
[2010/05/24 21:36:44 | 000,109,056 | ---- | C] () -- C:\Windows\SysNative\lxdivs.dll
[2010/05/24 21:10:55 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/05/24 19:57:50 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/24 19:18:48 | 000,000,230 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\default.rss
[2010/05/24 15:24:59 | 3884,572,672 | ---- | C] () -- C:\Users\Chris\Desktop\rld-avtr.iso
[2010/05/21 19:09:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/05/21 19:09:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/05/21 17:32:34 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/21 17:32:32 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/21 17:32:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/21 09:58:00 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 09:57:58 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/21 09:13:20 | 000,053,296 | ---- | C] () -- C:\Windows\SysNative\vnetinst.dll
[2010/05/21 09:12:12 | 000,734,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/21 07:34:19 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/05/21 07:34:19 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/05/21 04:03:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/21 04:01:10 | 3169,345,536 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/21 01:14:16 | 002,097,152 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT
[2010/05/21 01:14:16 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/21 01:14:16 | 000,524,288 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/21 01:14:16 | 000,262,144 | -HS- | C] () -- C:\Users\Chris\ntuser.dat.LOG1
[2010/05/21 01:14:16 | 000,065,536 | -HS- | C] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/21 01:14:16 | 000,000,020 | -HS- | C] () -- C:\Users\Chris\ntuser.ini
[2010/05/21 01:14:16 | 000,000,000 | -HS- | C] () -- C:\Users\Chris\ntuser.dat.LOG2
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/27 20:39:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acronis
[2010/05/25 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Globe7
[2010/05/24 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2010/05/24 22:09:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lexmark Productivity Studio
[2010/05/26 20:56:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LinkManager 4.0
[2010/05/24 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2010/06/05 23:20:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlayFirst
[2010/06/07 21:29:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Publish Providers
[2010/06/07 21:29:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony
[2010/05/23 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2010/05/26 20:56:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Visioneer
[2009/07/14 01:08:49 | 000,006,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/21 09:12:26 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/09/25 17:51:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/10 03:23:39 | 3169,345,536 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/25 17:56:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/29 18:21:11 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/09/25 17:56:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/10 03:23:42 | 4225,798,144 | -HS- | M] () -- C:\pagefile.sys
[2010/06/07 23:48:35 | 000,000,216 | ---- | M] () -- C:\temp.txt

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/08/29 02:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:568D4797
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:5D7D48CA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:63238B95
< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 14 June 2010 - 06:51 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 24 June 2010 - 05:06 AM

Sorry it took so long been busy, it seems I am still infected as I still get the Symantec Endpoint detections of Trojan.Gen randomly, and when it comes there are TONS of them.

I did the above and here are the logs that you requested:

OTL LOG
==================================
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.LANBOXLITE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 432699587 bytes
->Temporary Internet Files folder emptied: 9454277 bytes
->Java cache emptied: 77286 bytes
->FireFox cache emptied: 12404994 bytes
->Flash cache emptied: 27362 bytes

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254785 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 190159102 bytes

Total Files Cleaned = 615.00 mb


OTL by OldTimer - Version 3.2.5.3 log created on 06242010_051754

Files\Folders moved on Reboot...
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH14C4.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH1683.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH17AA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH1D3A.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH1E15.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH1E41.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH1FB4.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH255E.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH26DB.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH2BB8.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH2CC8.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH2D0.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH2EBF.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3251.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3364.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH33CE.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH39BA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3A9A.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3D1D.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3EBF.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH3F98.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH43AB.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH49A4.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH4A1F.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH4A45.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH4C20.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH4EF6.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH5151.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH56BF.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH5A56.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH5BAF.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH603E.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH6242.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH6332.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH645A.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH6ACC.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH6AFA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7015.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7096.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH712.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7479.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7817.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH786C.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7897.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH7B64.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH8A0F.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH8CA8.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH8CD3.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH900B.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH9358.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH9525.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWH9E8.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA070.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA15.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA470.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA4DA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA534.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA684.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHA766.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHAA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHAAEA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB0A7.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB0D2.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB13A.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB297.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB6EA.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHB89D.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHBD32.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHBF7B.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHC2EE.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHC502.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHC5A5.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHC75F.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHC813.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHD0A0.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHDAE2.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHDF4.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHDF91.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHE11B.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHE15E.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHE7B3.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHE8A4.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHEC8.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHEEFF.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHF20.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHF204.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHF45A.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHFCC1.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHFDC5.tmp not found!
File\Folder C:\Users\Chris\AppData\Local\Temp\DWHFFB6.tmp not found!
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LB7YGXFA\topic322698[1].htm not found!
File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLZ5CDLO\iframe[1].htm not found!
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\5jbbrzvi.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\5jbbrzvi.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\5jbbrzvi.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\5jbbrzvi.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Chris\AppData\Local\Mozilla\Firefox\Profiles\5jbbrzvi.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...


======================================

Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/24/2010 5:50:54 AM
mbam-log-2010-06-24 (05-50-54).txt

Scan type: Quick scan
Objects scanned: 140815
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


======================================

ESTET Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Edited by cspeer1978, 24 June 2010 - 05:08 AM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 24 June 2010 - 06:33 AM

Ok weird but run Symantec Insight with a full scan remove what it finds reboot and see if they are still detected.
Just let me know what it finds.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 24 June 2010 - 07:33 PM

Ran a full Symantec scan, removed what it found, and rebooted.



Still coming back, I just cant't get this thing sad.gif

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 25 June 2010 - 06:50 AM

Are they picked up right as the computer is booting up or after a little bit while you are online?
Do this as a test.
Unplug the internet from the computer let Norton remove what it finds reboot once more with the internet disconnected and see if it still finds the files.
If it does just let me know either way.
Also can you post the log from Norton so I can see what it says.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 25 June 2010 - 06:51 AM

Also see if you can get me one of the files and upload it Here
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 26 June 2010 - 08:14 PM

I try to open the logs, but I can't it just keeps coming and extending the log constantly so I cannot get it.

I willl do some testing and login safemode no networking and see if I can get some files for you

I do not want to disable Symantec as it may spread.


What to do....what to do smile.gif

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 27 June 2010 - 12:39 PM

You can just unplug the computer from the net via the cable in the back then run a scan with Symantec then try to get me one of those files.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 29 June 2010 - 06:08 PM

Finally I isolated one of the files and zipped it to submit, I got an error submitting so I will try it again.

Thanks again for the help.

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 29 June 2010 - 07:40 PM

Ok you are welcome.

I think I found a solution.
Please refer to this thread:
http://www.symantec.com/connect/forums/gen...tmp-temp-folder
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 cspeer1978

cspeer1978
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 29 June 2010 - 09:48 PM

THANK YOU SO MUCH

I will be able to take it from here, I searched high and low and did not find that solution.


Thanks for the prompt, courteous help. I will be donating for sure.

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:28 PM

Posted 30 June 2010 - 06:50 AM

You are welcome.
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
========
After that your all set.


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users