Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection (google redirects)


  • This topic is locked This topic is locked
32 replies to this topic

#1 cammeh

cammeh

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 09 July 2010 - 02:34 PM

G'day,

Recently Firefox has started throwing me random re-directs from google search results once in a while, albeit usually to legitimate websites (today I was sent to an Australian Government website when clicking a link for information on wireless networking).

I run Avira AntiVir Premium on my machine, and have done a full system scan/scan for rootkits and malware with that, I've also done a full scan with malwarebytes, and the DDS.scr application. I'm usually quite ample at keeping my system clean, but I'm obviously missing something here, I'm starting to suspect a couple of seemingly legitimate browser addons. (Ad-block plus/Web of Trust).

Before I go turning my browser upside down I figured I would run my logs past the experts here in the meantime. For the sake of not flooding the thread with information you don't need, I'll just paste the dds.txt for now, the rest are available on request.

Thanks in advance!

CODE
DDS (Ver_10-03-17.01) - NTFSX64  
Run by Cam at  4:39:12.67 on Sat 10/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional   6.1.7600.0.1252.61.1033.18.6142.3455 [GMT 9.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
G:\G15LCD\LCDSirReal270\LCDSirReal.exe
C:\Program Files (x86)\Winamp Remote\winampdroid.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\SteamWatch\SteamWatch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\HLSW\hlsw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cam\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [InternodeUsage] c:\progra~2\intern~2\mum.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [MSDiskQuota] regsvr32 /s /u "c:\users\cam\appdata\local\ms\MSDiskQuota.dll"
uRun: [SteamWatchTray] c:\program files (x86)\steamwatch\SteamWatchTray.exe
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [UpdatePDRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink

\powerdirector\8.0"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Winamp Remote Android Server] c:\program files (x86)\winamp remote\winampdroid.exe
mRun: [BtTray] "c:\program files (x86)\ivt corporation\bluesoleil\BtTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mif5ba~1\office12\REFIEBAR.DLL
LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\syswow64\skype4com.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 23944]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\avira\antivir desktop\avmailc.exe [2009-12-19 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-19 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-19 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\avira\antivir desktop\avwebgrd.exe [2009-12-19 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 81072]
R2 BsMobileCS;BsMobileCS;c:\program files (x86)\ivt corporation\bluesoleil\BsMobileCS.exe [2010-4-27 147563]
R2 SteamWatch;SteamWatch;c:\program files (x86)\steamwatch\SteamWatch.exe [2010-6-4 13824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [2010-4-6 29576]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [2010-4-6 25096]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 27016]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2010-2-25 12744]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-5-7 23552]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-5-7 18432]
S3 RTCore64;RTCore64;c:\program files (x86)\evga precision\RTCore64.sys [2010-5-22 14440]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-5-9 43664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-14 1255736]

=============== Created Last 30 ================

2010-07-08 04:46:13    0    d-----w-    C:\test
2010-07-04 06:45:46    0    d-----w-    c:\program files (x86)\RADVideo
2010-07-04 03:54:39    0    d-----w-    c:\users\cam\appdata\roaming\MotionDSP
2010-07-04 03:54:34    0    d-----w-    c:\program files (x86)\vReveal
2010-06-30 17:50:35    0    d-----w-    c:\users\cam\appdata\roaming\Beat Hazard
2010-06-23 18:55:27    122    ----a-w-    c:\windows\syswow64\REMOTEDEVICE.INI
2010-06-23 17:30:57    99176    ----a-w-    c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 17:30:57    49472    ----a-w-    c:\windows\syswow64\netfxperf.dll
2010-06-23 17:30:57    48960    ----a-w-    c:\windows\system32\netfxperf.dll
2010-06-23 17:30:57    444752    ----a-w-    c:\windows\system32\mscoree.dll
2010-06-23 17:30:57    320352    ----a-w-    c:\windows\system32\PresentationHost.exe
2010-06-23 17:30:57    297808    ----a-w-    c:\windows\syswow64\mscoree.dll
2010-06-23 17:30:57    295264    ----a-w-    c:\windows\syswow64\PresentationHost.exe
2010-06-23 17:30:57    1942856    ----a-w-    c:\windows\system32\dfshim.dll
2010-06-23 17:30:57    1130824    ----a-w-    c:\windows\syswow64\dfshim.dll
2010-06-23 17:30:57    109912    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-06-23 11:18:36    1736608    ----a-w-    c:\windows\system32\ntdll.dll
2010-06-23 11:18:36    1289528    ----a-w-    c:\windows\syswow64\ntdll.dll
2010-06-23 11:18:32    961024    ----a-w-    c:\windows\system32\CPFilters.dll
2010-06-23 11:18:32    641536    ----a-w-    c:\windows\syswow64\CPFilters.dll
2010-06-23 11:18:32    552960    ----a-w-    c:\windows\system32\msdri.dll
2010-06-23 11:18:32    288256    ----a-w-    c:\windows\system32\MSNP.ax
2010-06-23 11:18:32    258560    ----a-w-    c:\windows\system32\mpg2splt.ax
2010-06-23 11:18:32    204288    ----a-w-    c:\windows\syswow64\MSNP.ax
2010-06-23 11:18:32    199680    ----a-w-    c:\windows\syswow64\mpg2splt.ax
2010-06-23 05:13:41    0    d-----w-    c:\programdata\NVIDIA Corporation
2010-06-23 05:12:59    255592    ----a-w-    c:\windows\system32\nvcod1921.dll
2010-06-23 05:12:59    255592    ----a-w-    c:\windows\system32\nvcod.dll
2010-06-23 05:12:59    1592424    ----a-w-    c:\windows\syswow64\nvapi.dll
2010-06-23 05:12:59    14511720    ----a-w-    c:\windows\system32\nvcompiler.dll
2010-06-23 04:48:18    6547    ----a-w-    c:\windows\syswow64\LOCALSERVICE.INI
2010-06-23 04:48:17    100    ----a-w-    c:\windows\syswow64\LOCALDEVICE.INI
2010-06-23 04:46:07    0    ----a-w-    c:\windows\syswow64\BSPRINT.INI
2010-06-23 04:45:15    0    d-----w-    c:\program files (x86)\IVT Corporation
2010-06-21 02:04:09    0    d-----w-    C:\DriveKey
2010-06-20 19:10:37    0    d-----w-    c:\users\cam\appdata\roaming\Malwarebytes
2010-06-20 19:10:31    24664    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-20 19:10:31    0    d-----w-    c:\programdata\Malwarebytes
2010-06-20 19:10:31    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-20 17:29:34    0    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-06-20 17:29:34    0    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2010-06-14 16:59:26    38    ----a-w-    c:\windows\avisplitter.ini
2010-06-14 16:59:25    881664    ----a-w-    c:\windows\syswow64\xvidcore.dll
2010-06-14 16:59:25    839680    ----a-w-    c:\windows\syswow64\lameACM.acm
2010-06-14 16:59:25    414    ----a-w-    c:\windows\syswow64\lame_acm.xml
2010-06-14 16:59:25    217088    ----a-w-    c:\windows\syswow64\yv12vfw.dll
2010-06-14 16:59:25    205824    ----a-w-    c:\windows\syswow64\xvidvfw.dll
2010-06-14 16:59:25    151552    ----a-w-    c:\windows\syswow64\ac3acm.acm
2010-06-14 16:59:24    547    ----a-w-    c:\windows\syswow64\ff_vfw.dll.manifest
2010-06-14 16:59:24    108032    ----a-w-    c:\windows\syswow64\ff_vfw.dll
2010-06-14 16:59:23    0    d-----w-    c:\program files (x86)\K-Lite Codec Pack
2010-06-11 05:07:09    0    d-----w-    c:\program files\Nem's Tools

==================== Find3M  ====================

2010-06-07 07:51:00    15282280    ----a-w-    c:\windows\system32\nvcpl.dll
2010-06-07 07:51:00    116328    ----a-w-    c:\windows\system32\nvmctray.dll
2010-06-07 07:50:58    159336    ----a-w-    c:\windows\system32\nvvsvc.exe
2010-06-07 07:50:58    1448040    ----a-w-    c:\windows\system32\nvsvc64.dll
2010-05-27 07:24:13    34304    ----a-w-    c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09    46080    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-27 04:11:32    366080    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-27 03:49:37    293888    ----a-w-    c:\windows\syswow64\atmfd.dll
2010-05-22 16:27:11    15347    ----a-w-    c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-21 05:52:30    1192960    ----a-w-    c:\windows\system32\wininet.dll
2010-05-21 05:18:06    977920    ----a-w-    c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50    48128    ----a-w-    c:\windows\syswow64\jsproxy.dll
2010-05-21 04:44:28    270208    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-20 09:32:10    5653224    ----a-w-    c:\windows\syswow64\SpoonUninstall.exe
2010-05-09 13:59:00    318992    ----a-w-    c:\windows\system32\VBoxNetFltNotify.dll
2010-05-06 12:42:05    1225216    ----a-w-    c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55    606208    ----a-w-    c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53    64512    ----a-w-    c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53    5970944    ----a-w-    c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49    381440    ----a-w-    c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49    10984448    ----a-w-    c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05    3122176    ----a-w-    c:\windows\system32\win32k.sys
2010-04-27 05:15:56    72856    ----a-w-    c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 05:15:56    187544    ----a-w-    c:\windows\syswow64\xliveinstall.dll
2010-04-27 01:22:58    84992    ----a-w-    c:\windows\system32\TS_IExplorer.dll
2010-04-27 01:22:42    13312    ----a-w-    c:\windows\system32\BsMonUI.dll
2010-04-27 01:22:40    25088    ----a-w-    c:\windows\system32\BsMonSvr.dll
2010-04-27 01:22:34    78336    ----a-w-    c:\windows\system32\btfunc.dll
2010-04-27 01:22:20    755712    ----a-w-    c:\windows\system32\BsShell.dll
2010-04-27 01:22:04    926720    ----a-w-    c:\windows\system32\Bscdlg.dll
2010-04-27 01:21:00    145920    ----a-w-    c:\windows\system32\BsProfileFunc.dll
2010-04-27 01:20:54    176640    ----a-w-    c:\windows\system32\BsCommon.dll
2010-04-27 01:20:44    405504    ----a-w-    c:\windows\system32\BsMobileSDK.dll
2010-04-27 01:20:26    12800    ----a-w-    c:\windows\system32\BsMobileCSps.dll
2010-04-27 01:20:20    331264    ----a-w-    c:\windows\system32\BsSDK.dll
2010-04-27 01:19:16    45568    ----a-w-    c:\windows\system32\BlueSoleilCSps.dll
2010-04-27 01:19:12    9728    ----a-w-    c:\windows\system32\BsHelpCSps.dll
2010-04-27 01:18:54    22016    ----a-w-    c:\windows\system32\BsTrace.dll
2010-04-27 01:18:52    92160    ----a-w-    c:\windows\system32\Bs2Res.dll
2010-04-27 01:18:10    10240    ----a-w-    c:\windows\syswow64\BsMonUI.dll
2010-04-27 01:18:06    18944    ----a-w-    c:\windows\syswow64\BsMonSvr.dll
2010-04-27 01:17:52    503897    ----a-w-    c:\windows\syswow64\BsUI.dll
2010-04-27 01:17:44    57430    ----a-w-    c:\windows\syswow64\btfunc.dll
2010-04-27 01:17:36    278647    ----a-w-    c:\windows\syswow64\outlookAddin.dll
2010-04-27 01:17:08    53248    ----a-w-    c:\windows\syswow64\HtmPrintHelper.dll
2010-04-27 01:17:02    114774    ----a-w-    c:\windows\syswow64\versit.dll
2010-04-27 01:16:52    626789    ----a-w-    c:\windows\syswow64\BsShell.dll
2010-04-27 01:16:36    618582    ----a-w-    c:\windows\syswow64\Bscdlg.dll
2010-04-27 01:16:14    127076    ----a-w-    c:\windows\syswow64\BsProfileFunc.dll
2010-04-27 01:15:44    151642    ----a-w-    c:\windows\syswow64\BsCommon.dll
2010-04-27 01:15:36    94314    ----a-w-    c:\windows\syswow64\BsHelpCSps.dll
2010-04-27 01:15:34    606323    ----a-w-    c:\windows\syswow64\BlueSoleilCSps.dll
2010-04-27 01:14:24    28766    ----a-w-    c:\windows\syswow64\PlayerCtrl.dll
2010-04-27 01:14:20    106595    ----a-w-    c:\windows\syswow64\Bs2Res.dll
2010-04-27 01:14:18    139360    ----a-w-    c:\windows\syswow64\BsMobileSDK.dll
2010-04-27 01:14:04    258132    ----a-w-    c:\windows\syswow64\BsSDK.dll
2010-04-27 01:13:30    28672    ----a-w-    c:\windows\syswow64\BsMobileCSps.dll
2010-04-27 01:13:18    28760    ----a-w-    c:\windows\syswow64\BsTrace.dll
2010-04-23 07:13:36    2048    ----a-w-    c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-04-19 06:45:18    19464    ----a-w-    c:\windows\system32\btinstall.dll
2010-04-12 07:59:27    153376    ----a-w-    c:\windows\syswow64\javaws.exe
2010-04-12 07:59:26    145184    ----a-w-    c:\windows\syswow64\javaw.exe
2010-04-12 07:59:25    145184    ----a-w-    c:\windows\syswow64\java.exe
2010-04-12 07:59:19    411368    ----a-w-    c:\windows\syswow64\deployJava1.dll
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2010-01-23 00:19:52    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH:  4:39:29.26 ===============


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 12 July 2010 - 01:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 July 2010 - 09:45 AM

GMER turned up no results, but I ran the DDS program as requested and the new log will be in the code box below.

Still getting a random redirect from google search results from time to time, same as before.

Between when I last posted and now, I found the "ASK Toolbar" had been installed though it wasn't visible in any browser, I quickly removed it as I have no use for any toolbar, must've crept in to the machine during the install of another program.


CODE
DDS (Ver_10-03-17.01) - NTFSX64  
Run by Cam at  0:12:13.48 on Wed 14/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional   6.1.7600.0.1252.61.1033.18.6142.4035 [GMT 9.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Internode\mum.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Winamp Remote\winampdroid.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
G:\G15LCD\LCDSirReal270\LCDSirReal.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\mstsc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cam\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [InternodeUsage] c:\progra~2\intern~2\mum.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [MSDiskQuota] regsvr32 /s /u "c:\users\cam\appdata\local\ms\MSDiskQuota.dll"
uRun: [SteamWatchTray] c:\program files (x86)\steamwatch\SteamWatchTray.exe
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [UpdatePDRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Winamp Remote Android Server] c:\program files (x86)\winamp remote\winampdroid.exe
mRun: [BtTray] "c:\program files (x86)\ivt corporation\bluesoleil\BtTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\mif5ba~1\office12\REFIEBAR.DLL
LSP: c:\program files (x86)\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\syswow64\skype4com.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath - c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\cam\appdata\roaming\mozilla\firefox\profiles\9mqacty6.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 23944]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\avira\antivir desktop\avmailc.exe [2009-12-19 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-19 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-19 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\avira\antivir desktop\avwebgrd.exe [2009-12-19 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 81072]
R2 BsMobileCS;BsMobileCS;c:\program files (x86)\ivt corporation\bluesoleil\BsMobileCS.exe [2010-4-27 147563]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [2010-4-6 29576]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [2010-4-6 25096]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 27016]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-30 136176]
S2 SteamWatch;SteamWatch;c:\program files (x86)\steamwatch\SteamWatch.exe [2010-6-4 13824]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2010-2-25 12744]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-5-7 23552]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-5-7 18432]
S3 RTCore64;RTCore64;c:\program files (x86)\evga precision\RTCore64.sys [2010-5-22 14440]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-5-9 43664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-14 1255736]

=============== Created Last 30 ================

2010-07-08 04:46:13    0    d-----w-    C:\test
2010-07-04 06:45:46    0    d-----w-    c:\program files (x86)\RADVideo
2010-07-04 03:54:39    0    d-----w-    c:\users\cam\appdata\roaming\MotionDSP
2010-07-04 03:54:34    0    d-----w-    c:\program files (x86)\vReveal
2010-06-30 17:50:35    0    d-----w-    c:\users\cam\appdata\roaming\Beat Hazard
2010-06-23 18:55:27    122    ----a-w-    c:\windows\syswow64\REMOTEDEVICE.INI
2010-06-23 17:30:57    99176    ----a-w-    c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 17:30:57    49472    ----a-w-    c:\windows\syswow64\netfxperf.dll
2010-06-23 17:30:57    48960    ----a-w-    c:\windows\system32\netfxperf.dll
2010-06-23 17:30:57    444752    ----a-w-    c:\windows\system32\mscoree.dll
2010-06-23 17:30:57    320352    ----a-w-    c:\windows\system32\PresentationHost.exe
2010-06-23 17:30:57    297808    ----a-w-    c:\windows\syswow64\mscoree.dll
2010-06-23 17:30:57    295264    ----a-w-    c:\windows\syswow64\PresentationHost.exe
2010-06-23 17:30:57    1942856    ----a-w-    c:\windows\system32\dfshim.dll
2010-06-23 17:30:57    1130824    ----a-w-    c:\windows\syswow64\dfshim.dll
2010-06-23 17:30:57    109912    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-06-23 11:18:36    1736608    ----a-w-    c:\windows\system32\ntdll.dll
2010-06-23 11:18:36    1289528    ----a-w-    c:\windows\syswow64\ntdll.dll
2010-06-23 11:18:32    961024    ----a-w-    c:\windows\system32\CPFilters.dll
2010-06-23 11:18:32    641536    ----a-w-    c:\windows\syswow64\CPFilters.dll
2010-06-23 11:18:32    552960    ----a-w-    c:\windows\system32\msdri.dll
2010-06-23 11:18:32    288256    ----a-w-    c:\windows\system32\MSNP.ax
2010-06-23 11:18:32    258560    ----a-w-    c:\windows\system32\mpg2splt.ax
2010-06-23 11:18:32    204288    ----a-w-    c:\windows\syswow64\MSNP.ax
2010-06-23 11:18:32    199680    ----a-w-    c:\windows\syswow64\mpg2splt.ax
2010-06-23 05:13:41    0    d-----w-    c:\programdata\NVIDIA Corporation
2010-06-23 05:12:59    255592    ----a-w-    c:\windows\system32\nvcod1921.dll
2010-06-23 05:12:59    255592    ----a-w-    c:\windows\system32\nvcod.dll
2010-06-23 05:12:59    1592424    ----a-w-    c:\windows\syswow64\nvapi.dll
2010-06-23 05:12:59    14511720    ----a-w-    c:\windows\system32\nvcompiler.dll
2010-06-23 04:48:18    6547    ----a-w-    c:\windows\syswow64\LOCALSERVICE.INI
2010-06-23 04:48:17    100    ----a-w-    c:\windows\syswow64\LOCALDEVICE.INI
2010-06-23 04:46:07    0    ----a-w-    c:\windows\syswow64\BSPRINT.INI
2010-06-23 04:45:15    0    d-----w-    c:\program files (x86)\IVT Corporation
2010-06-21 02:04:09    0    d-----w-    C:\DriveKey
2010-06-20 19:10:37    0    d-----w-    c:\users\cam\appdata\roaming\Malwarebytes
2010-06-20 19:10:31    24664    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-20 19:10:31    0    d-----w-    c:\programdata\Malwarebytes
2010-06-20 19:10:31    0    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-20 17:29:34    0    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-06-20 17:29:34    0    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2010-06-14 16:59:26    38    ----a-w-    c:\windows\avisplitter.ini
2010-06-14 16:59:25    881664    ----a-w-    c:\windows\syswow64\xvidcore.dll
2010-06-14 16:59:25    839680    ----a-w-    c:\windows\syswow64\lameACM.acm
2010-06-14 16:59:25    414    ----a-w-    c:\windows\syswow64\lame_acm.xml
2010-06-14 16:59:25    217088    ----a-w-    c:\windows\syswow64\yv12vfw.dll
2010-06-14 16:59:25    205824    ----a-w-    c:\windows\syswow64\xvidvfw.dll
2010-06-14 16:59:25    151552    ----a-w-    c:\windows\syswow64\ac3acm.acm
2010-06-14 16:59:24    547    ----a-w-    c:\windows\syswow64\ff_vfw.dll.manifest
2010-06-14 16:59:24    108032    ----a-w-    c:\windows\syswow64\ff_vfw.dll
2010-06-14 16:59:23    0    d-----w-    c:\program files (x86)\K-Lite Codec Pack

==================== Find3M  ====================

2010-06-07 07:51:00    15282280    ----a-w-    c:\windows\system32\nvcpl.dll
2010-06-07 07:51:00    116328    ----a-w-    c:\windows\system32\nvmctray.dll
2010-06-07 07:50:58    159336    ----a-w-    c:\windows\system32\nvvsvc.exe
2010-06-07 07:50:58    1448040    ----a-w-    c:\windows\system32\nvsvc64.dll
2010-05-27 07:24:13    34304    ----a-w-    c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09    46080    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-27 04:11:32    366080    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-27 03:49:37    293888    ----a-w-    c:\windows\syswow64\atmfd.dll
2010-05-22 16:27:11    15347    ----a-w-    c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-21 05:52:30    1192960    ----a-w-    c:\windows\system32\wininet.dll
2010-05-21 05:18:06    977920    ----a-w-    c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50    48128    ----a-w-    c:\windows\syswow64\jsproxy.dll
2010-05-21 04:44:28    270208    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-20 09:32:10    5653224    ----a-w-    c:\windows\syswow64\SpoonUninstall.exe
2010-05-09 13:59:00    318992    ----a-w-    c:\windows\system32\VBoxNetFltNotify.dll
2010-05-06 12:42:05    1225216    ----a-w-    c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55    606208    ----a-w-    c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53    64512    ----a-w-    c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53    5970944    ----a-w-    c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49    381440    ----a-w-    c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49    10984448    ----a-w-    c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05    3122176    ----a-w-    c:\windows\system32\win32k.sys
2010-04-27 05:15:56    72856    ----a-w-    c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 05:15:56    187544    ----a-w-    c:\windows\syswow64\xliveinstall.dll
2010-04-27 01:22:58    84992    ----a-w-    c:\windows\system32\TS_IExplorer.dll
2010-04-27 01:22:42    13312    ----a-w-    c:\windows\system32\BsMonUI.dll
2010-04-27 01:22:40    25088    ----a-w-    c:\windows\system32\BsMonSvr.dll
2010-04-27 01:22:34    78336    ----a-w-    c:\windows\system32\btfunc.dll
2010-04-27 01:22:20    755712    ----a-w-    c:\windows\system32\BsShell.dll
2010-04-27 01:22:04    926720    ----a-w-    c:\windows\system32\Bscdlg.dll
2010-04-27 01:21:00    145920    ----a-w-    c:\windows\system32\BsProfileFunc.dll
2010-04-27 01:20:54    176640    ----a-w-    c:\windows\system32\BsCommon.dll
2010-04-27 01:20:44    405504    ----a-w-    c:\windows\system32\BsMobileSDK.dll
2010-04-27 01:20:26    12800    ----a-w-    c:\windows\system32\BsMobileCSps.dll
2010-04-27 01:20:20    331264    ----a-w-    c:\windows\system32\BsSDK.dll
2010-04-27 01:19:16    45568    ----a-w-    c:\windows\system32\BlueSoleilCSps.dll
2010-04-27 01:19:12    9728    ----a-w-    c:\windows\system32\BsHelpCSps.dll
2010-04-27 01:18:54    22016    ----a-w-    c:\windows\system32\BsTrace.dll
2010-04-27 01:18:52    92160    ----a-w-    c:\windows\system32\Bs2Res.dll
2010-04-27 01:18:10    10240    ----a-w-    c:\windows\syswow64\BsMonUI.dll
2010-04-27 01:18:06    18944    ----a-w-    c:\windows\syswow64\BsMonSvr.dll
2010-04-27 01:17:52    503897    ----a-w-    c:\windows\syswow64\BsUI.dll
2010-04-27 01:17:44    57430    ----a-w-    c:\windows\syswow64\btfunc.dll
2010-04-27 01:17:36    278647    ----a-w-    c:\windows\syswow64\outlookAddin.dll
2010-04-27 01:17:08    53248    ----a-w-    c:\windows\syswow64\HtmPrintHelper.dll
2010-04-27 01:17:02    114774    ----a-w-    c:\windows\syswow64\versit.dll
2010-04-27 01:16:52    626789    ----a-w-    c:\windows\syswow64\BsShell.dll
2010-04-27 01:16:36    618582    ----a-w-    c:\windows\syswow64\Bscdlg.dll
2010-04-27 01:16:14    127076    ----a-w-    c:\windows\syswow64\BsProfileFunc.dll
2010-04-27 01:15:44    151642    ----a-w-    c:\windows\syswow64\BsCommon.dll
2010-04-27 01:15:36    94314    ----a-w-    c:\windows\syswow64\BsHelpCSps.dll
2010-04-27 01:15:34    606323    ----a-w-    c:\windows\syswow64\BlueSoleilCSps.dll
2010-04-27 01:14:24    28766    ----a-w-    c:\windows\syswow64\PlayerCtrl.dll
2010-04-27 01:14:20    106595    ----a-w-    c:\windows\syswow64\Bs2Res.dll
2010-04-27 01:14:18    139360    ----a-w-    c:\windows\syswow64\BsMobileSDK.dll
2010-04-27 01:14:04    258132    ----a-w-    c:\windows\syswow64\BsSDK.dll
2010-04-27 01:13:30    28672    ----a-w-    c:\windows\syswow64\BsMobileCSps.dll
2010-04-27 01:13:18    28760    ----a-w-    c:\windows\syswow64\BsTrace.dll
2010-04-23 07:13:36    2048    ----a-w-    c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-04-19 06:45:18    19464    ----a-w-    c:\windows\system32\btinstall.dll
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38    31548    ----a-w-    c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38    291294    ----a-w-    c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24    174    --sha-w-    c:\program files\desktop.ini
2009-07-14 04:54:24    174    --sha-w-    c:\program files (x86)\desktop.ini
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34    291294    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32    31548    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08    9633792    --sha-r-    c:\windows\fonts\StaticCache.dat
2010-01-23 00:19:52    245760    --sha-w-    c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53    398848    --sha-w-    c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45    396800    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH:  0:12:48.16 ===============

Edited by cammeh, 13 July 2010 - 10:11 AM.


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 14 July 2010 - 11:25 PM

Hello, cammeh
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 15 July 2010 - 12:18 AM

OTL.txt:
CODE
OTL logfile created on: 15/07/2010 2:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Cam\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 308.07 Gb Free Space | 51.68% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 290.94 Gb Free Space | 41.64% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 28.82 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 22.32 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMSI7PC
Current User Name: Cam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/15 14:29:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL.exe
PRC - [2010/07/13 02:03:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/07/10 22:06:47 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/07/10 22:06:23 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/07/10 09:00:04 | 000,113,768 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
PRC - [2010/07/10 09:00:02 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2010/06/28 15:06:57 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 15:06:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/25 00:10:50 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/07 23:32:51 | 001,363,456 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/30 21:27:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/26 21:18:42 | 000,115,200 | ---- | M] () -- G:\G15LCD\LCDSirReal270\LCDSirReal.exe
PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/14 10:44:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/05/24 01:58:34 | 000,858,624 | ---- | M] () -- C:\Program Files (x86)\Winamp Remote\winampdroid.exe
PRC - [2009/03/19 16:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/15 14:29:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL.exe
MOD - [2010/05/29 08:02:46 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
MOD - [2009/07/14 10:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 10:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/10 22:06:47 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010/04/27 10:49:08 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/28 00:11:06 | 000,013,824 | ---- | M] (CL) [Auto | Stopped] -- C:\Program Files (x86)\SteamWatch\SteamWatch.exe -- (SteamWatch)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:[b]64bit:[/b] - [2010/05/09 23:29:02 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010/04/19 16:15:16 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:[b]64bit:[/b] - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:34 | 000,025,096 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:30 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2009/12/21 13:15:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 11:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 09:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/14 09:31:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2009/07/14 08:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2009/06/17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:[b]64bit:[/b] - [2009/06/11 06:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/11 06:05:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008/06/06 08:25:44 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2008/05/07 06:40:02 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:[b]64bit:[/b] - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2010/07/10 09:00:02 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2004/06/22 14:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 00 7D EE 49 0C CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/14 16:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/06 02:57:13 | 000,000,000 | ---D | M]

[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions
[2009/12/21 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/15 00:00:58 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions
[2010/04/28 03:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 22:38:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/02 12:39:16 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/14 00:00:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 17:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 12:04:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/19 17:21:29 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2010/04/15 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\allglassv2@ambroos.neowin.net
[2009/12/19 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2010/07/03 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\foxmarks@kei.com
[2010/04/28 03:04:56 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\youtube2mp3@mondayx.de
[2008/11/17 18:21:26 | 000,000,705 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\searchplugins\webster.xml
[2010/05/12 02:24:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 02:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 02:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/29 12:17:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/29 12:17:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/29 12:17:08 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/29 12:17:08 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Winamp Remote Android Server] C:\Program Files (x86)\Winamp Remote\winampdroid.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - HKCU..\Run: [MSDiskQuota]  File not found
O4 - HKCU..\Run: [SteamWatchTray] C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe (CL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/07/12 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\vlc
[2010/07/08 14:16:13 | 000,000,000 | ---D | C] -- C:\test
[2010/07/04 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2010/07/04 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MotionDSP
[2010/07/04 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/07/04 13:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal
[2010/07/01 03:20:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/06/25 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Deus Ex - Invisible War
[2010/06/23 14:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/06/23 14:43:05 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/23 14:43:05 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/23 14:18:19 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\bluesoleil
[2010/06/23 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2010/06/21 11:34:09 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/06/21 04:40:37 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Malwarebytes
[2010/06/21 04:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/21 04:40:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/16 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Media Player Classic
[2010/06/15 02:29:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010/06/15 02:29:25 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/06/15 02:29:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/06/15 02:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/06/11 14:37:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Nem's Tools
[2010/06/11 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2010/06/04 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamWatch
[2010/06/02 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Games for Windows - LIVE Demos
[2010/05/31 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Disney Interactive Studios
[2010/05/31 11:52:02 | 000,000,000 | ---D | C] -- C:\Split Second
[2010/05/30 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\InstallShield Installation Information
[2010/05/30 20:34:25 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/05/24 23:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2010/05/23 01:57:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\AccurateRip
[2010/05/23 01:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/05/23 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MS
[2010/05/12 01:44:04 | 000,000,000 | ---D | C] -- C:\Users\Cam\.VirtualBox
[2010/05/12 01:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/10 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\mIRC
[2010/05/10 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/05/05 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/05/04 02:42:57 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\HLSW
[2010/05/04 02:42:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/05/03 02:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quake III Arena
[2010/05/03 02:19:00 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/05/03 02:18:56 | 000,000,000 | ---D | C] -- C:\Q3Ademo
[2010/04/30 04:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/04/30 04:09:29 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Google
[2010/04/29 18:10:29 | 000,000,000 | ---D | C] -- C:\vmware
[2010/04/29 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/04/29 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2010/04/27 10:52:42 | 000,013,312 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMonUI.dll
[2010/04/27 10:52:40 | 000,025,088 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMonSvr.dll
[2010/04/27 10:52:34 | 000,078,336 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\btfunc.dll
[2010/04/27 10:52:20 | 000,755,712 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsShell.dll
[2010/04/27 10:52:04 | 000,926,720 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\Bscdlg.dll
[2010/04/27 10:50:54 | 000,176,640 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsCommon.dll
[2010/04/27 10:50:44 | 000,405,504 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMobileSDK.dll
[2010/04/27 10:50:20 | 000,331,264 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsSDK.dll
[2010/04/27 10:48:52 | 000,092,160 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\Bs2Res.dll
[2010/04/27 10:48:10 | 000,010,240 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | C] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- C:\Windows\SysWow64\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsSDK.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsTrace.dll
[2010/04/23 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stone Giant
[2010/04/21 16:31:53 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Mumble
[2010/04/21 16:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2010/04/19 16:15:18 | 000,019,464 | ---- | C] (IVT Corporation.) -- C:\Windows\SysNative\btinstall.dll
[2010/04/19 16:15:16 | 000,042,888 | ---- | C] (IVT Corporation.) -- C:\Windows\SysNative\drivers\btcusb.sys
[2010/04/19 04:17:50 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Yahoo!
[2010/04/19 04:17:50 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Yahoo
[2010/04/19 04:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/19 04:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/04/17 18:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Diagnostics
[2010/04/17 18:21:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\caches
[2010/04/17 18:19:02 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\NVIDIA Corporation
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/07/15 14:33:15 | 005,242,880 | -HS- | M] () -- C:\Users\Cam\NTUSER.DAT
[2010/07/15 14:32:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/15 11:31:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/15 10:58:38 | 000,001,237 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2010/07/15 10:58:36 | 000,006,532 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/07/15 10:58:33 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/07/15 10:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/15 03:35:02 | 000,119,592 | ---- | M] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/15 03:17:41 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 03:17:41 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/15 03:17:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/15 03:17:25 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/15 03:17:25 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/15 03:10:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/15 03:10:08 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/15 02:50:20 | 000,001,074 | ---- | M] () -- C:\Users\Cam\Desktop\EVGA Precision.lnk
[2010/07/15 01:17:17 | 000,002,090 | -H-- | M] () -- C:\Users\Cam\Documents\Default.rdp
[2010/07/14 17:00:07 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20091219_233400_Cam2.job
[2010/07/14 16:02:50 | 000,001,003 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/13 08:47:47 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20091219_233200_Cam1.job
[2010/07/12 05:12:55 | 003,059,692 | -H-- | M] () -- C:\Users\Cam\AppData\Local\IconCache.db
[2010/07/09 04:57:39 | 000,000,122 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/07/09 02:46:48 | 000,385,036 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 02:45:50 | 000,368,044 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | M] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | M] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:46 | 002,043,617 | ---- | M] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:32:31 | 151,461,824 | ---- | M] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:03 | 000,046,919 | ---- | M] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/04 13:29:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/02 00:19:25 | 001,469,770 | ---- | M] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:51 | 000,763,761 | ---- | M] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | M] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:21 | 000,091,761 | ---- | M] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:03 | 000,126,225 | ---- | M] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:55 | 000,061,683 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:52 | 000,063,831 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | M] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:40 | 000,034,403 | ---- | M] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:55 | 000,065,028 | ---- | M] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/23 14:16:19 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010/06/23 14:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:39 | 000,041,470 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:13 | 000,050,702 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:51 | 000,064,111 | ---- | M] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | M] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:29 | 000,031,511 | ---- | M] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 12:00:00 | 000,980,619 | ---- | M] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:32 | 000,006,926 | ---- | M] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | M] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:20 | 000,008,107 | ---- | M] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:36 | 002,668,454 | ---- | M] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:38 | 000,109,098 | ---- | M] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:26 | 000,047,725 | ---- | M] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 01:45:13 | 000,089,088 | ---- | M] () -- C:\Users\Cam\Documents\Cameron Plumb Resume10.doc
[2010/06/16 21:45:21 | 000,032,258 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:11 | 000,033,650 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:15 | 000,140,061 | ---- | M] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | M] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:03 | 000,055,174 | ---- | M] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:31 | 000,079,566 | ---- | M] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | M] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/12 16:55:12 | 000,055,228 | ---- | M] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/12 02:49:19 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 11:53:21 | 000,039,178 | ---- | M] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:21 | 002,124,747 | ---- | M] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:28 | 004,030,173 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:24 | 000,076,104 | ---- | M] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:56 | 000,022,333 | ---- | M] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/08 09:28:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/08 09:28:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/08 09:28:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/07 20:48:16 | 000,174,645 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:48:00 | 000,226,539 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | M] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:17 | 000,252,878 | ---- | M] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:49 | 001,394,555 | ---- | M] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | M] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:21 | 000,140,033 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | M] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:09 | 000,064,814 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:29 | 000,033,578 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:30:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/02 17:30:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/06/02 17:20:16 | 000,123,664 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:54 | 000,504,491 | ---- | M] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:25 | 000,085,307 | ---- | M] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | M] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:28 | 000,041,782 | ---- | M] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:28 | 000,078,975 | ---- | M] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:52 | 000,165,899 | ---- | M] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:03 | 000,067,594 | ---- | M] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:06 | 000,204,784 | ---- | M] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/24 23:37:02 | 000,115,013 | ---- | M] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:05 | 000,145,895 | ---- | M] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:55 | 000,341,602 | ---- | M] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:56 | 000,467,033 | ---- | M] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 000,015,347 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 01:56:59 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 00:16:19 | 000,073,140 | ---- | M] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | M] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:02 | 000,645,151 | ---- | M] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:12 | 000,195,037 | ---- | M] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:52 | 000,031,231 | ---- | M] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | M] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:48 | 000,076,713 | ---- | M] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:33 | 000,058,978 | ---- | M] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 19:02:10 | 005,653,224 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/20 13:25:19 | 000,244,846 | ---- | M] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:19 | 000,494,094 | ---- | M] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:17 | 000,045,034 | ---- | M] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:05 | 000,087,154 | ---- | M] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | M] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/17 01:16:47 | 000,039,424 | ---- | M] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:14 | 000,013,383 | ---- | M] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:58 | 000,016,103 | ---- | M] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:13 | 000,048,218 | ---- | M] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:37 | 000,121,582 | ---- | M] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | M] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:20 | 001,842,134 | ---- | M] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:41 | 000,125,549 | ---- | M] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:39 | 000,016,893 | ---- | M] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:22 | 000,069,294 | ---- | M] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:23 | 000,054,024 | ---- | M] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:02 | 000,107,368 | ---- | M] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:52 | 000,002,558 | ---- | M] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:58 | 000,062,584 | ---- | M] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | M] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:11 | 000,091,916 | ---- | M] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:48 | 000,055,430 | ---- | M] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | M] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | M] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | M] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 15:28:29 | 000,082,059 | ---- | M] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:23 | 000,272,040 | ---- | M] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | M] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:06 | 000,198,748 | ---- | M] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | M] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | M] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 00:58:33 | 000,039,891 | ---- | M] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:06 | 002,085,684 | ---- | M] () -- C:\Users\Cam\Documents\1272438656529.gif
[2010/04/27 13:21:16 | 000,027,648 | ---- | M] () -- C:\Users\Cam\Documents\12335.doc
[2010/04/27 10:52:58 | 000,084,992 | ---- | M] () -- C:\Windows\SysNative\TS_IExplorer.dll
[2010/04/27 10:52:42 | 000,013,312 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMonUI.dll
[2010/04/27 10:52:40 | 000,025,088 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMonSvr.dll
[2010/04/27 10:52:34 | 000,078,336 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\btfunc.dll
[2010/04/27 10:52:20 | 000,755,712 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsShell.dll
[2010/04/27 10:52:04 | 000,926,720 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\Bscdlg.dll
[2010/04/27 10:51:00 | 000,145,920 | ---- | M] () -- C:\Windows\SysNative\BsProfileFunc.dll
[2010/04/27 10:50:54 | 000,176,640 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsCommon.dll
[2010/04/27 10:50:44 | 000,405,504 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMobileSDK.dll
[2010/04/27 10:50:26 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\BsMobileCSps.dll
[2010/04/27 10:50:20 | 000,331,264 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsSDK.dll
[2010/04/27 10:49:16 | 000,045,568 | ---- | M] () -- C:\Windows\SysNative\BlueSoleilCSps.dll
[2010/04/27 10:49:12 | 000,009,728 | ---- | M] () -- C:\Windows\SysNative\BsHelpCSps.dll
[2010/04/27 10:48:54 | 000,022,016 | ---- | M] () -- C:\Windows\SysNative\BsTrace.dll
[2010/04/27 10:48:52 | 000,092,160 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\Bs2Res.dll
[2010/04/27 10:48:10 | 000,010,240 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | M] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- C:\Windows\SysWow64\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsSDK.dll
[2010/04/27 10:43:30 | 000,028,672 | ---- | M] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsTrace.dll
[2010/04/25 13:57:44 | 000,089,892 | ---- | M] () -- C:\Users\Cam\Documents\helpeh.png
[2010/04/23 16:16:11 | 000,028,672 | ---- | M] () -- C:\Users\Cam\Documents\bmspeechdraft1.doc
[2010/04/23 16:11:21 | 000,011,770 | ---- | M] () -- C:\Users\Cam\Documents\bmspeechdraft1.docx
[2010/04/21 16:34:40 | 000,002,377 | ---- | M] () -- C:\Users\Cam\Documents\MumbleAutomaticCertificateBackup.p12
[2010/04/20 22:53:20 | 000,105,305 | ---- | M] () -- C:\Users\Cam\Documents\koobysmum.jpg
[2010/04/20 20:46:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/04/19 16:15:18 | 000,019,464 | ---- | M] (IVT Corporation.) -- C:\Windows\SysNative\btinstall.dll
[2010/04/19 16:15:16 | 000,042,888 | ---- | M] (IVT Corporation.) -- C:\Windows\SysNative\drivers\btcusb.sys
[2010/04/17 22:44:01 | 000,498,373 | ---- | M] () -- C:\Users\Cam\Documents\trust_beard.jpg
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/15 03:35:01 | 000,119,592 | ---- | C] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/15 02:50:20 | 000,001,074 | ---- | C] () -- C:\Users\Cam\Desktop\EVGA Precision.lnk
[2010/07/09 03:07:01 | 000,385,036 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 03:07:01 | 000,368,044 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | C] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | C] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:43 | 002,043,617 | ---- | C] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:30:07 | 151,461,824 | ---- | C] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:02 | 000,046,919 | ---- | C] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/02 00:19:23 | 001,469,770 | ---- | C] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:48 | 000,763,761 | ---- | C] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | C] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:17 | 000,091,761 | ---- | C] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:01 | 000,126,225 | ---- | C] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:53 | 000,061,683 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:50 | 000,063,831 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | C] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:38 | 000,034,403 | ---- | C] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:53 | 000,065,028 | ---- | C] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/24 04:25:27 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/06/23 14:18:18 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/06/23 14:18:17 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/06/23 14:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:38 | 000,041,470 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:12 | 000,050,702 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:50 | 000,064,111 | ---- | C] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | C] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:28 | 000,031,511 | ---- | C] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 11:59:59 | 000,980,619 | ---- | C] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:31 | 000,006,926 | ---- | C] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | C] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:19 | 000,008,107 | ---- | C] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:34 | 002,668,454 | ---- | C] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:37 | 000,109,098 | ---- | C] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:25 | 000,047,725 | ---- | C] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 16:51:44 | 000,252,853 | ---- | C] () -- C:\Users\Cam\Documents\DSC00270.JPG
[2010/06/16 21:45:21 | 000,032,258 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:09 | 000,033,650 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:14 | 000,140,061 | ---- | C] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | C] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:00 | 000,055,174 | ---- | C] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:30 | 000,079,566 | ---- | C] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | C] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/15 02:29:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/15 02:29:25 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/15 02:29:25 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 02:29:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/06/15 02:29:24 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/15 02:29:24 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/06/12 16:55:10 | 000,055,228 | ---- | C] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/10 11:53:20 | 000,039,178 | ---- | C] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:20 | 002,124,747 | ---- | C] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:27 | 004,030,173 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:23 | 000,076,104 | ---- | C] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:55 | 000,022,333 | ---- | C] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/07 20:48:16 | 000,174,645 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:47:51 | 000,226,539 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | C] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:16 | 000,252,878 | ---- | C] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:48 | 001,394,555 | ---- | C] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | C] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:19 | 000,140,033 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | C] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:08 | 000,064,814 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:25 | 000,033,578 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:20:14 | 000,123,664 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:53 | 000,504,491 | ---- | C] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:21 | 000,085,307 | ---- | C] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | C] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:27 | 000,041,782 | ---- | C] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:27 | 000,078,975 | ---- | C] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:50 | 000,165,899 | ---- | C] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:02 | 000,067,594 | ---- | C] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:05 | 000,204,784 | ---- | C] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/25 11:51:08 | 000,001,237 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2010/05/24 23:37:02 | 000,115,013 | ---- | C] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:03 | 000,145,895 | ---- | C] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:54 | 000,341,602 | ---- | C] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:55 | 000,467,033 | ---- | C] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 005,653,224 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/23 01:57:11 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 01:57:11 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 00:16:17 | 000,073,140 | ---- | C] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | C] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:00 | 000,645,151 | ---- | C] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:11 | 000,195,037 | ---- | C] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:49 | 000,031,231 | ---- | C] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | C] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:47 | 000,076,713 | ---- | C] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:32 | 000,058,978 | ---- | C] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 13:25:19 | 000,244,846 | ---- | C] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:18 | 000,494,094 | ---- | C] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:16 | 000,045,034 | ---- | C] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:01 | 000,087,154 | ---- | C] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | C] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/16 21:16:20 | 000,039,424 | ---- | C] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:13 | 000,013,383 | ---- | C] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:57 | 000,016,103 | ---- | C] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:11 | 000,048,218 | ---- | C] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:35 | 000,121,582 | ---- | C] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | C] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:06 | 001,842,134 | ---- | C] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:40 | 000,125,549 | ---- | C] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:37 | 000,016,893 | ---- | C] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:21 | 000,069,294 | ---- | C] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:22 | 000,054,024 | ---- | C] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:01 | 000,107,368 | ---- | C] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:49 | 000,002,558 | ---- | C] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:56 | 000,062,584 | ---- | C] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | C] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:10 | 000,091,916 | ---- | C] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:47 | 000,055,430 | ---- | C] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | C] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | C] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | C] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 19:02:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/03 15:28:29 | 000,082,059 | ---- | C] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:22 | 000,272,040 | ---- | C] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | C] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:05 | 000,198,748 | ---- | C] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | C] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | C] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/30 04:09:34 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/30 04:09:33 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/29 00:58:32 | 000,039,891 | ---- | C] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:01 | 002,085,684 | ---- | C] () -- C:\Users\Cam\Documents\1272438656529.gif
[2010/04/27 13:21:15 | 000,027,648 | ---- | C] () -- C:\Users\Cam\Documents\12335.doc
[2010/04/27 10:52:58 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\TS_IExplorer.dll
[2010/04/27 10:51:00 | 000,145,920 | ---- | C] () -- C:\Windows\SysNative\BsProfileFunc.dll
[2010/04/27 10:50:26 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\BsMobileCSps.dll
[2010/04/27 10:49:16 | 000,045,568 | ---- | C] () -- C:\Windows\SysNative\BlueSoleilCSps.dll
[2010/04/27 10:49:12 | 000,009,728 | ---- | C] () -- C:\Windows\SysNative\BsHelpCSps.dll
[2010/04/27 10:48:54 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\BsTrace.dll
[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2010/04/25 13:57:42 | 000,089,892 | ---- | C] () -- C:\Users\Cam\Documents\helpeh.png
[2010/04/23 16:11:33 | 000,028,672 | ---- | C] () -- C:\Users\Cam\Documents\bmspeechdraft1.doc
[2010/04/23 16:11:21 | 000,011,770 | ---- | C] () -- C:\Users\Cam\Documents\bmspeechdraft1.docx
[2010/04/21 16:34:40 | 000,002,377 | ---- | C] () -- C:\Users\Cam\Documents\MumbleAutomaticCertificateBackup.p12
[2010/04/20 22:53:18 | 000,105,305 | ---- | C] () -- C:\Users\Cam\Documents\koobysmum.jpg
[2010/04/20 20:46:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/04/17 22:43:59 | 000,498,373 | ---- | C] () -- C:\Users\Cam\Documents\trust_beard.jpg
[2010/04/17 18:49:23 | 000,012,507 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/31 03:36:56 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/02/20 14:25:16 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/02/09 15:30:32 | 000,000,104 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2010/01/20 00:22:28 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/29 03:44:59 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2009/12/19 21:46:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/19 17:13:41 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/19 17:13:41 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/10/16 08:24:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/10/03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010/07/01 03:20:35 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/03/30 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Bioshock
[2010/01/05 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Conor O'Kane
[2009/12/21 15:45:01 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\DAEMON Tools Lite
[2010/02/20 23:29:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Gmote
[2010/05/03 02:39:47 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\GrabIt
[2010/07/15 02:49:46 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/07/12 00:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVU
[2010/06/15 00:54:19 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVUClient
[2010/05/13 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Internode
[2010/02/06 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IsolatedStorage
[2010/07/12 01:06:01 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\LimeWire
[2010/07/04 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/04/21 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mumble
[2010/05/10 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/01/18 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Subversion
[2010/04/07 00:09:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\SystemRequirementsLab
[2010/07/03 15:54:09 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\uTorrent
[2009/12/22 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Vivox
[2010/07/13 08:47:47 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20091219_233200_Cam1.job
[2010/07/14 17:00:07 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20091219_233400_Cam2.job
[2009/07/14 14:38:49 | 000,022,790 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 11:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/06/06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 11:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 11:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemdrive%\*.sys /90 /md5 >[/color]
[2010/07/15 03:10:08 | 535,683,071 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\hiberfil.sys
[2010/07/15 03:10:11 | 2145,902,591 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\pagefile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 741 bytes -> C:\Users\Cam\Documents\simon goodes pc.eml:OECustomProperty
@Alternate Data Stream - 1693 bytes -> C:\Users\Cam\Documents\FW_  Back packers seedy flight. dont get on this plane.eml:OECustomProperty
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >


Extras.txt:
CODE
OTL Extras logfile created on: 15/07/2010 2:30:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Cam\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 308.07 Gb Free Space | 51.68% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 290.94 Gb Free Space | 41.64% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 28.82 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 22.32 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMSI7PC
Current User Name: Cam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F313496-82E8-4A99-9D4C-311531023746}" = TortoiseSVN 1.6.7.18415 (64 bit)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{E69C8BA6-9D68-49D9-8596-4AB7860C53DB}" = BlueSoleil 6.4.314.3
"{E982A82F-7A72-4165-A05B-40F5C073E165}" = Sun VirtualBox
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GCFScape_is1" = GCFScape 1.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinImage" = WinImage
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{1681FE1F-CF02-4B73-A780-C23C247876F7}" = Dark Void Demo
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1" = Stone Giant 1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584267B8-0BB0-4D18-9FFA-726576619E9A}" = Doom 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F62F54-9CF5-480A-9BB4-2087B90A7A6B}_is1" = SteamWatch
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D4D657-DAA4-4C68-B01E-11736C1D8C0D}" = Unigine Heaven Benchmark v1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{E268ADBD-A002-4684-AEDF-EA0F83F7E00B}" = WOL Magic Packet Sender
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16837E3-B99C-4F39-BB40-E95D54CA5182}" = NVIDIA Design Garage
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AviSynth" = AviSynth 2.5
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fraps" = Fraps (remove only)
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 8.1s
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full)
"LastFM_is1" = Last.fm 1.5.4.24567
"LimeWire" = LimeWire 5.4.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medusa" = Medusa demo by NVIDIA (remove only)
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Precision" = EVGA Precision 1.9.5
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Quake 3 Arena Demo" = Quake 3 Arena Demo
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"QuickPar" = QuickPar 0.9
"RADVideo" = RAD Video Tools
"RealAlt_is1" = Real Alternative 1.7.5
"ROM CHECK FAIL_is1" = ROM CHECK FAIL 1.0
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Steam App 11500" = ToCA Race Driver 3
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 1260" = Killing Floor SDK
"Steam App 12840" = DiRT 2
"Steam App 12900" = Audiosurf
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17330" = Crysis Warhead
"Steam App 17520" = Synergy
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22620" = Alien Breed: Impact Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3480" = Peggle Deluxe
"Steam App 35420" = Defence Alliance 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 40100" = Supreme Commander 2
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 49600" = Beat Hazard
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 7670" = BioShock
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 9480" = Saints Row 2
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"The FilmMachine_is1" = The FilmMachine 1.6.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"VobSub" = VobSub v2.23 (Remove Only)
"vReveal" = vReveal
"Winamp" = Winamp
"Winamp Remote Android Server" = Winamp Remote Android Server 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"Winamp Detect" = Winamp Application Detect

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 14/07/2010 11:17:05 AM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line .  A component
version required by the application conflicts with another component version already
active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 14/07/2010 11:17:05 AM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .  A component
version required by the application conflicts with another component version already
active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 14/07/2010 11:17:47 AM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 14/07/2010 11:18:07 AM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8.  The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 14/07/2010 11:19:13 AM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
found in manifest does not match the identity of the component requested.  Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
sxstrace.exe for detailed diagnosis.

Error - 14/07/2010 12:09:50 PM | Computer Name = Camsi7PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 14/07/2010 1:40:43 PM | Computer Name = Camsi7PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.  .

Error - 14/07/2010 3:04:26 PM | Computer Name = Camsi7PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
found in manifest does not match the identity of the component requested.  Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
sxstrace.exe for detailed diagnosis.

Error - 14/07/2010 9:28:47 PM | Computer Name = Camsi7PC | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 14/07/2010 9:28:48 PM | Computer Name = Camsi7PC | Source = WindowsLiveMessenger | ID = 15728647
Description =

[ System Events ]
Error - 17/06/2010 3:07:45 AM | Computer Name = Camsi7PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 17/06/2010 3:07:45 AM | Computer Name = Camsi7PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR17.

Error - 17/06/2010 8:14:03 AM | Computer Name = Camsi7PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 17/06/2010 8:14:03 AM | Computer Name = Camsi7PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error:   %%1053

Error - 20/06/2010 12:40:42 AM | Computer Name = Camsi7PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 20/06/2010 12:40:42 AM | Computer Name = Camsi7PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 20/06/2010 12:40:43 AM | Computer Name = Camsi7PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 20/06/2010 1:16:21 PM | Computer Name = Camsi7PC | Source = DCOM | ID = 10010
Description =

Error - 20/06/2010 1:19:00 PM | Computer Name = Camsi7PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:46:47 AM on ?21/?06/?2010 was unexpected.

Error - 20/06/2010 3:16:20 PM | Computer Name = Camsi7PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition.  Please check for updated firmware for your system.


< End of report >


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 16 July 2010 - 02:04 PM

Hi,

Do you use a router?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 16 July 2010 - 10:30 PM

Yes I do, NAT router/gateway with the internal firewall switched off.

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 18 July 2010 - 12:28 PM

What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.


Please go to start >> run and type

ipconfig /flushdns

and hit enter. Reboot.

Please post back with a fresh OTL logfile and tell me how the system is running.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 18 July 2010 - 07:48 PM

After running through that process (turns out there was new firmware available for my router anyway, so that's a bonus), I fired Firefox back up searched for "dedicated server", clicked the first suggestion, and it re-directed me once again. Just out of curiosity a friend and I did some packet sniffing on port 80, found that the connection is getting handed around between a few re-direct services, most of the time the re-direct comes from 7search (scanning for the infamous 7search.dll revealed nothing), sometimes other random re-direct sites.

Here's the OTL log.

CODE
OTL logfile created on: 19/07/2010 10:01:15 AM - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Cam\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 314.99 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 336.19 Gb Free Space | 48.12% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 28.77 Gb Free Space | 19.31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 24.38 Gb Free Space | 16.35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMSI7PC
Current User Name: Cam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/15 14:29:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL.exe
PRC - [2010/07/06 00:47:16 | 000,191,488 | ---- | M] () -- G:\G15LCD\LCDSirReal\LCDSirReal.exe
PRC - [2010/06/28 15:06:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/25 00:10:50 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/07 23:32:51 | 001,363,456 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/30 21:27:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/14 10:44:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/05/24 01:58:34 | 000,858,624 | ---- | M] () -- C:\Program Files (x86)\Winamp Remote\winampdroid.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/15 14:29:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL.exe
MOD - [2009/07/14 10:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 10:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/10 22:06:47 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010/04/27 10:49:08 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/28 00:11:06 | 000,013,824 | ---- | M] (CL) [Auto | Running] -- C:\Program Files (x86)\SteamWatch\SteamWatch.exe -- (SteamWatch)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:[b]64bit:[/b] - [2010/05/09 23:29:02 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010/04/19 16:15:16 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:[b]64bit:[/b] - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:34 | 000,025,096 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:30 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2009/12/21 13:15:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 11:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 09:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/14 09:31:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2009/07/14 08:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2009/06/17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:[b]64bit:[/b] - [2009/06/11 06:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/11 06:05:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008/06/06 08:25:44 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2008/05/07 06:40:02 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:[b]64bit:[/b] - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007/02/08 03:57:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004/06/22 14:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 00 7D EE 49 0C CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/14 16:02:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/06 02:57:13 | 000,000,000 | ---D | M]

[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions
[2009/12/21 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/19 02:27:23 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions
[2010/04/28 03:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 22:38:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/02 12:39:16 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/14 00:00:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 17:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 12:04:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/19 17:21:29 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2010/04/15 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\allglassv2@ambroos.neowin.net
[2009/12/19 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2010/07/03 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\foxmarks@kei.com
[2010/04/28 03:04:56 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\youtube2mp3@mondayx.de
[2008/11/17 18:21:26 | 000,000,705 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\searchplugins\webster.xml
[2010/05/12 02:24:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 02:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 02:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/29 12:17:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/29 12:17:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/29 12:17:08 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/29 12:17:08 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Winamp Remote Android Server] C:\Program Files (x86)\Winamp Remote\winampdroid.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - HKCU..\Run: [MSDiskQuota]  File not found
O4 - HKCU..\Run: [SteamWatchTray] C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe (CL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/07/18 03:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageShack Uploader
[2010/07/15 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/07/12 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\vlc
[2010/07/08 14:16:13 | 000,000,000 | ---D | C] -- C:\test
[2010/07/04 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2010/07/04 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MotionDSP
[2010/07/04 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/07/04 13:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal
[2010/07/01 03:20:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/06/25 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Deus Ex - Invisible War
[2010/06/23 14:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/06/23 14:43:05 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/23 14:43:05 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/23 14:18:19 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\bluesoleil
[2010/06/23 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2010/06/21 11:34:09 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/06/21 04:40:37 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Malwarebytes
[2010/06/21 04:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/21 04:40:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/16 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Media Player Classic
[2010/06/15 02:29:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010/06/15 02:29:25 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/06/15 02:29:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/06/15 02:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/06/11 14:37:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Nem's Tools
[2010/06/11 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2010/06/04 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamWatch
[2010/06/02 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Games for Windows - LIVE Demos
[2010/05/31 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Disney Interactive Studios
[2010/05/31 11:52:02 | 000,000,000 | ---D | C] -- C:\Split Second
[2010/05/30 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\InstallShield Installation Information
[2010/05/30 20:34:25 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/05/24 23:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2010/05/23 01:57:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\AccurateRip
[2010/05/23 01:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/05/23 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MS
[2010/05/12 01:44:04 | 000,000,000 | ---D | C] -- C:\Users\Cam\.VirtualBox
[2010/05/12 01:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/10 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\mIRC
[2010/05/10 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/05/05 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/05/04 02:42:57 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\HLSW
[2010/05/04 02:42:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/05/03 02:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quake III Arena
[2010/05/03 02:19:00 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/05/03 02:18:56 | 000,000,000 | ---D | C] -- C:\Q3Ademo
[2010/04/30 04:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/04/30 04:09:29 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Google
[2010/04/29 18:10:29 | 000,000,000 | ---D | C] -- C:\vmware
[2010/04/29 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/04/29 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2010/04/27 10:52:42 | 000,013,312 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMonUI.dll
[2010/04/27 10:52:40 | 000,025,088 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMonSvr.dll
[2010/04/27 10:52:34 | 000,078,336 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\btfunc.dll
[2010/04/27 10:52:20 | 000,755,712 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsShell.dll
[2010/04/27 10:52:04 | 000,926,720 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\Bscdlg.dll
[2010/04/27 10:50:54 | 000,176,640 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsCommon.dll
[2010/04/27 10:50:44 | 000,405,504 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsMobileSDK.dll
[2010/04/27 10:50:20 | 000,331,264 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\BsSDK.dll
[2010/04/27 10:48:52 | 000,092,160 | ---- | C] (IVT Corporation) -- C:\Windows\SysNative\Bs2Res.dll
[2010/04/27 10:48:10 | 000,010,240 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | C] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- C:\Windows\SysWow64\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsSDK.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | C] (IVT Corporation) -- C:\Windows\SysWow64\BsTrace.dll
[2010/04/23 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stone Giant
[2010/04/21 16:31:53 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Mumble
[2010/04/21 16:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/07/19 10:04:14 | 005,242,880 | -HS- | M] () -- C:\Users\Cam\NTUSER.DAT
[2010/07/19 10:03:34 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 10:03:34 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 10:03:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/19 10:03:22 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/19 10:03:22 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/19 09:56:39 | 000,006,532 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/07/19 09:56:39 | 000,001,237 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2010/07/19 09:56:38 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/07/19 09:56:33 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 09:56:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/19 09:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/19 09:56:09 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 09:54:31 | 003,060,896 | -H-- | M] () -- C:\Users\Cam\AppData\Local\IconCache.db
[2010/07/19 09:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 01:47:27 | 000,002,082 | -H-- | M] () -- C:\Users\Cam\Documents\Default.rdp
[2010/07/18 17:00:13 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20091219_233400_Cam2.job
[2010/07/18 16:25:31 | 056,119,012 | ---- | M] () -- C:\Users\Cam\Documents\left4cheats2.wmv
[2010/07/18 16:21:16 | 199,080,908 | ---- | M] () -- C:\Users\Cam\Documents\Produce_0.m2ts
[2010/07/18 04:14:29 | 000,200,500 | ---- | M] () -- C:\Users\Cam\Documents\P0912142034146.jpg
[2010/07/18 03:30:32 | 000,001,007 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedFan.lnk
[2010/07/18 03:30:27 | 000,002,483 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageShack Uploader.lnk
[2010/07/18 03:11:16 | 000,233,291 | ---- | M] () -- C:\Users\Cam\Documents\diycamber.jpg
[2010/07/16 00:08:01 | 000,042,826 | ---- | M] () -- C:\Users\Cam\Documents\a50f6325-da9c-4f57-96ee-a50.jpg
[2010/07/16 00:02:37 | 002,095,219 | ---- | M] () -- C:\Users\Cam\Documents\6a0120a721c2d7970b0133f1759c5d970b-800wi.gif
[2010/07/15 17:37:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/07/15 03:35:02 | 000,119,592 | ---- | M] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/14 16:02:50 | 000,001,003 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/13 08:47:47 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20091219_233200_Cam1.job
[2010/07/09 04:57:39 | 000,000,122 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/07/09 02:46:48 | 000,385,036 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 02:45:50 | 000,368,044 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | M] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | M] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:46 | 002,043,617 | ---- | M] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:32:31 | 151,461,824 | ---- | M] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:03 | 000,046,919 | ---- | M] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/04 13:29:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/02 01:12:43 | 003,297,280 | ---- | M] () -- C:\Users\Cam\Desktop\FOR_PCRange_7401VGPR3_6.02c.tar
[2010/07/02 00:19:25 | 001,469,770 | ---- | M] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:51 | 000,763,761 | ---- | M] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | M] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:21 | 000,091,761 | ---- | M] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:03 | 000,126,225 | ---- | M] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:55 | 000,061,683 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:52 | 000,063,831 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | M] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:40 | 000,034,403 | ---- | M] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:55 | 000,065,028 | ---- | M] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/23 14:16:19 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010/06/23 14:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:39 | 000,041,470 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:13 | 000,050,702 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:51 | 000,064,111 | ---- | M] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | M] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:29 | 000,031,511 | ---- | M] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 12:00:00 | 000,980,619 | ---- | M] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:32 | 000,006,926 | ---- | M] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | M] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:20 | 000,008,107 | ---- | M] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:36 | 002,668,454 | ---- | M] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:38 | 000,109,098 | ---- | M] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:26 | 000,047,725 | ---- | M] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 01:45:13 | 000,089,088 | ---- | M] () -- C:\Users\Cam\Documents\Cameron Plumb Resume10.doc
[2010/06/16 21:45:21 | 000,032,258 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:11 | 000,033,650 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:15 | 000,140,061 | ---- | M] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | M] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:03 | 000,055,174 | ---- | M] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:31 | 000,079,566 | ---- | M] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | M] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/12 16:55:12 | 000,055,228 | ---- | M] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/12 02:49:19 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 11:53:21 | 000,039,178 | ---- | M] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:21 | 002,124,747 | ---- | M] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:28 | 004,030,173 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:24 | 000,076,104 | ---- | M] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:56 | 000,022,333 | ---- | M] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/08 09:28:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/08 09:28:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/08 09:28:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/07 20:48:16 | 000,174,645 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:48:00 | 000,226,539 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | M] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:17 | 000,252,878 | ---- | M] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:49 | 001,394,555 | ---- | M] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | M] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:21 | 000,140,033 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | M] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:09 | 000,064,814 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:29 | 000,033,578 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:30:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/02 17:30:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/06/02 17:20:16 | 000,123,664 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:54 | 000,504,491 | ---- | M] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:25 | 000,085,307 | ---- | M] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | M] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:28 | 000,041,782 | ---- | M] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:28 | 000,078,975 | ---- | M] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:52 | 000,165,899 | ---- | M] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:03 | 000,067,594 | ---- | M] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:06 | 000,204,784 | ---- | M] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/24 23:37:02 | 000,115,013 | ---- | M] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:05 | 000,145,895 | ---- | M] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:55 | 000,341,602 | ---- | M] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:56 | 000,467,033 | ---- | M] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 000,015,347 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 01:56:59 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 00:16:19 | 000,073,140 | ---- | M] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | M] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:02 | 000,645,151 | ---- | M] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:12 | 000,195,037 | ---- | M] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:52 | 000,031,231 | ---- | M] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | M] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:48 | 000,076,713 | ---- | M] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:33 | 000,058,978 | ---- | M] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 19:02:10 | 005,653,224 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/20 13:25:19 | 000,244,846 | ---- | M] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:19 | 000,494,094 | ---- | M] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:17 | 000,045,034 | ---- | M] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:05 | 000,087,154 | ---- | M] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | M] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/17 01:16:47 | 000,039,424 | ---- | M] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:14 | 000,013,383 | ---- | M] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:58 | 000,016,103 | ---- | M] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:13 | 000,048,218 | ---- | M] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:37 | 000,121,582 | ---- | M] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | M] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:20 | 001,842,134 | ---- | M] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:41 | 000,125,549 | ---- | M] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:39 | 000,016,893 | ---- | M] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:22 | 000,069,294 | ---- | M] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:23 | 000,054,024 | ---- | M] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:02 | 000,107,368 | ---- | M] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:52 | 000,002,558 | ---- | M] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:58 | 000,062,584 | ---- | M] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | M] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:11 | 000,091,916 | ---- | M] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:48 | 000,055,430 | ---- | M] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | M] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | M] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | M] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 15:28:29 | 000,082,059 | ---- | M] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:23 | 000,272,040 | ---- | M] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | M] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:06 | 000,198,748 | ---- | M] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | M] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | M] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 00:58:33 | 000,039,891 | ---- | M] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:06 | 002,085,684 | ---- | M] () -- C:\Users\Cam\Documents\1272438656529.gif
[2010/04/27 13:21:16 | 000,027,648 | ---- | M] () -- C:\Users\Cam\Documents\12335.doc
[2010/04/27 10:52:58 | 000,084,992 | ---- | M] () -- C:\Windows\SysNative\TS_IExplorer.dll
[2010/04/27 10:52:42 | 000,013,312 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMonUI.dll
[2010/04/27 10:52:40 | 000,025,088 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMonSvr.dll
[2010/04/27 10:52:34 | 000,078,336 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\btfunc.dll
[2010/04/27 10:52:20 | 000,755,712 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsShell.dll
[2010/04/27 10:52:04 | 000,926,720 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\Bscdlg.dll
[2010/04/27 10:51:00 | 000,145,920 | ---- | M] () -- C:\Windows\SysNative\BsProfileFunc.dll
[2010/04/27 10:50:54 | 000,176,640 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsCommon.dll
[2010/04/27 10:50:44 | 000,405,504 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsMobileSDK.dll
[2010/04/27 10:50:26 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\BsMobileCSps.dll
[2010/04/27 10:50:20 | 000,331,264 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\BsSDK.dll
[2010/04/27 10:49:16 | 000,045,568 | ---- | M] () -- C:\Windows\SysNative\BlueSoleilCSps.dll
[2010/04/27 10:49:12 | 000,009,728 | ---- | M] () -- C:\Windows\SysNative\BsHelpCSps.dll
[2010/04/27 10:48:54 | 000,022,016 | ---- | M] () -- C:\Windows\SysNative\BsTrace.dll
[2010/04/27 10:48:52 | 000,092,160 | ---- | M] (IVT Corporation) -- C:\Windows\SysNative\Bs2Res.dll
[2010/04/27 10:48:10 | 000,010,240 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMonUI.dll
[2010/04/27 10:48:06 | 000,018,944 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMonSvr.dll
[2010/04/27 10:47:52 | 000,503,897 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsUI.dll
[2010/04/27 10:47:44 | 000,057,430 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\btfunc.dll
[2010/04/27 10:47:36 | 000,278,647 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\outlookAddin.dll
[2010/04/27 10:47:08 | 000,053,248 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\HtmPrintHelper.dll
[2010/04/27 10:47:02 | 000,114,774 | ---- | M] (Versit Consortium (Apple Computer, AT&T, IBM and Siemens)) -- C:\Windows\SysWow64\versit.dll
[2010/04/27 10:46:52 | 000,626,789 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsShell.dll
[2010/04/27 10:46:36 | 000,618,582 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\Bscdlg.dll
[2010/04/27 10:46:14 | 000,127,076 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsProfileFunc.dll
[2010/04/27 10:45:44 | 000,151,642 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsCommon.dll
[2010/04/27 10:45:36 | 000,094,314 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsHelpCSps.dll
[2010/04/27 10:45:34 | 000,606,323 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BlueSoleilCSps.dll
[2010/04/27 10:44:24 | 000,028,766 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\PlayerCtrl.dll
[2010/04/27 10:44:20 | 000,106,595 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\Bs2Res.dll
[2010/04/27 10:44:18 | 000,139,360 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsMobileSDK.dll
[2010/04/27 10:44:04 | 000,258,132 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsSDK.dll
[2010/04/27 10:43:30 | 000,028,672 | ---- | M] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2010/04/27 10:43:18 | 000,028,760 | ---- | M] (IVT Corporation) -- C:\Windows\SysWow64\BsTrace.dll
[2010/04/25 13:57:44 | 000,089,892 | ---- | M] () -- C:\Users\Cam\Documents\helpeh.png
[2010/04/23 16:16:11 | 000,028,672 | ---- | M] () -- C:\Users\Cam\Documents\bmspeechdraft1.doc
[2010/04/23 16:11:21 | 000,011,770 | ---- | M] () -- C:\Users\Cam\Documents\bmspeechdraft1.docx
[2010/04/21 16:34:40 | 000,002,377 | ---- | M] () -- C:\Users\Cam\Documents\MumbleAutomaticCertificateBackup.p12
[2010/04/20 22:53:20 | 000,105,305 | ---- | M] () -- C:\Users\Cam\Documents\koobysmum.jpg
[2010/04/20 20:46:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/19 09:34:35 | 003,297,280 | ---- | C] () -- C:\Users\Cam\Desktop\FOR_PCRange_7401VGPR3_6.02c.tar
[2010/07/18 16:22:04 | 056,119,012 | ---- | C] () -- C:\Users\Cam\Documents\left4cheats2.wmv
[2010/07/18 16:18:42 | 199,080,908 | ---- | C] () -- C:\Users\Cam\Documents\Produce_0.m2ts
[2010/07/18 04:14:44 | 000,200,500 | ---- | C] () -- C:\Users\Cam\Documents\P0912142034146.jpg
[2010/07/18 03:30:32 | 000,001,007 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedFan.lnk
[2010/07/18 03:30:27 | 000,002,483 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageShack Uploader.lnk
[2010/07/18 03:11:15 | 000,233,291 | ---- | C] () -- C:\Users\Cam\Documents\diycamber.jpg
[2010/07/16 00:08:01 | 000,042,826 | ---- | C] () -- C:\Users\Cam\Documents\a50f6325-da9c-4f57-96ee-a50.jpg
[2010/07/16 00:02:36 | 002,095,219 | ---- | C] () -- C:\Users\Cam\Documents\6a0120a721c2d7970b0133f1759c5d970b-800wi.gif
[2010/07/15 17:37:14 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/07/15 03:35:01 | 000,119,592 | ---- | C] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/09 03:07:01 | 000,385,036 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 03:07:01 | 000,368,044 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | C] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | C] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:43 | 002,043,617 | ---- | C] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:30:07 | 151,461,824 | ---- | C] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:02 | 000,046,919 | ---- | C] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/02 00:19:23 | 001,469,770 | ---- | C] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:48 | 000,763,761 | ---- | C] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | C] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:17 | 000,091,761 | ---- | C] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:01 | 000,126,225 | ---- | C] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:53 | 000,061,683 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:50 | 000,063,831 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | C] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:38 | 000,034,403 | ---- | C] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:53 | 000,065,028 | ---- | C] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/24 04:25:27 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/06/23 14:18:18 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/06/23 14:18:17 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/06/23 14:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:38 | 000,041,470 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:12 | 000,050,702 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:50 | 000,064,111 | ---- | C] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | C] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:28 | 000,031,511 | ---- | C] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 11:59:59 | 000,980,619 | ---- | C] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:31 | 000,006,926 | ---- | C] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | C] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:19 | 000,008,107 | ---- | C] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:34 | 002,668,454 | ---- | C] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:37 | 000,109,098 | ---- | C] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:25 | 000,047,725 | ---- | C] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 16:51:44 | 000,252,853 | ---- | C] () -- C:\Users\Cam\Documents\DSC00270.JPG
[2010/06/16 21:45:21 | 000,032,258 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:09 | 000,033,650 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:14 | 000,140,061 | ---- | C] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | C] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:00 | 000,055,174 | ---- | C] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:30 | 000,079,566 | ---- | C] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | C] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/15 02:29:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/15 02:29:25 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/15 02:29:25 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 02:29:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/06/15 02:29:24 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/15 02:29:24 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/06/12 16:55:10 | 000,055,228 | ---- | C] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/10 11:53:20 | 000,039,178 | ---- | C] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:20 | 002,124,747 | ---- | C] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:27 | 004,030,173 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:23 | 000,076,104 | ---- | C] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:55 | 000,022,333 | ---- | C] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/07 20:48:16 | 000,174,645 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:47:51 | 000,226,539 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | C] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:16 | 000,252,878 | ---- | C] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:48 | 001,394,555 | ---- | C] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | C] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:19 | 000,140,033 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | C] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:08 | 000,064,814 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:25 | 000,033,578 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:20:14 | 000,123,664 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:53 | 000,504,491 | ---- | C] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:21 | 000,085,307 | ---- | C] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | C] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:27 | 000,041,782 | ---- | C] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:27 | 000,078,975 | ---- | C] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:50 | 000,165,899 | ---- | C] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:02 | 000,067,594 | ---- | C] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:05 | 000,204,784 | ---- | C] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/25 11:51:08 | 000,001,237 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2010/05/24 23:37:02 | 000,115,013 | ---- | C] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:03 | 000,145,895 | ---- | C] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:54 | 000,341,602 | ---- | C] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:55 | 000,467,033 | ---- | C] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 005,653,224 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/23 01:57:11 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 01:57:11 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 00:16:17 | 000,073,140 | ---- | C] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | C] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:00 | 000,645,151 | ---- | C] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:11 | 000,195,037 | ---- | C] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:49 | 000,031,231 | ---- | C] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | C] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:47 | 000,076,713 | ---- | C] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:32 | 000,058,978 | ---- | C] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 13:25:19 | 000,244,846 | ---- | C] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:18 | 000,494,094 | ---- | C] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:16 | 000,045,034 | ---- | C] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:01 | 000,087,154 | ---- | C] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | C] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/16 21:16:20 | 000,039,424 | ---- | C] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:13 | 000,013,383 | ---- | C] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:57 | 000,016,103 | ---- | C] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:11 | 000,048,218 | ---- | C] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:35 | 000,121,582 | ---- | C] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | C] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:06 | 001,842,134 | ---- | C] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:40 | 000,125,549 | ---- | C] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:37 | 000,016,893 | ---- | C] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:21 | 000,069,294 | ---- | C] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:22 | 000,054,024 | ---- | C] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:01 | 000,107,368 | ---- | C] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:49 | 000,002,558 | ---- | C] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:56 | 000,062,584 | ---- | C] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | C] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:10 | 000,091,916 | ---- | C] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:47 | 000,055,430 | ---- | C] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | C] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | C] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | C] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 19:02:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/03 15:28:29 | 000,082,059 | ---- | C] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:22 | 000,272,040 | ---- | C] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | C] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:05 | 000,198,748 | ---- | C] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | C] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | C] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/30 04:09:34 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/30 04:09:33 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/29 00:58:32 | 000,039,891 | ---- | C] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:01 | 002,085,684 | ---- | C] () -- C:\Users\Cam\Documents\1272438656529.gif
[2010/04/27 13:21:15 | 000,027,648 | ---- | C] () -- C:\Users\Cam\Documents\12335.doc
[2010/04/27 10:52:58 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\TS_IExplorer.dll
[2010/04/27 10:51:00 | 000,145,920 | ---- | C] () -- C:\Windows\SysNative\BsProfileFunc.dll
[2010/04/27 10:50:26 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\BsMobileCSps.dll
[2010/04/27 10:49:16 | 000,045,568 | ---- | C] () -- C:\Windows\SysNative\BlueSoleilCSps.dll
[2010/04/27 10:49:12 | 000,009,728 | ---- | C] () -- C:\Windows\SysNative\BsHelpCSps.dll
[2010/04/27 10:48:54 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\BsTrace.dll
[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2010/04/25 13:57:42 | 000,089,892 | ---- | C] () -- C:\Users\Cam\Documents\helpeh.png
[2010/04/23 16:11:33 | 000,028,672 | ---- | C] () -- C:\Users\Cam\Documents\bmspeechdraft1.doc
[2010/04/23 16:11:21 | 000,011,770 | ---- | C] () -- C:\Users\Cam\Documents\bmspeechdraft1.docx
[2010/04/21 16:34:40 | 000,002,377 | ---- | C] () -- C:\Users\Cam\Documents\MumbleAutomaticCertificateBackup.p12
[2010/04/20 22:53:18 | 000,105,305 | ---- | C] () -- C:\Users\Cam\Documents\koobysmum.jpg
[2010/04/20 20:46:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/31 03:36:56 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/02/20 14:25:16 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/02/09 15:30:32 | 000,000,104 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2010/01/20 00:22:28 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/29 03:44:59 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2009/12/19 21:46:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/19 17:13:41 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/19 17:13:41 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/10/16 08:24:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/10/03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010/07/01 03:20:35 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/03/30 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Bioshock
[2010/01/05 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Conor O'Kane
[2009/12/21 15:45:01 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\DAEMON Tools Lite
[2010/02/20 23:29:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Gmote
[2010/05/03 02:39:47 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\GrabIt
[2010/07/17 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/07/12 00:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVU
[2010/06/15 00:54:19 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVUClient
[2010/05/13 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Internode
[2010/02/06 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IsolatedStorage
[2010/07/18 22:19:13 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\LimeWire
[2010/07/04 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/04/21 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mumble
[2010/05/10 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/01/18 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Subversion
[2010/04/07 00:09:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\SystemRequirementsLab
[2010/07/03 15:54:09 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\uTorrent
[2009/12/22 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Vivox
[2010/07/13 08:47:47 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20091219_233200_Cam1.job
[2010/07/18 17:00:13 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20091219_233400_Cam2.job
[2009/07/14 14:38:49 | 000,023,294 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 11:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/06/06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 11:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 11:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemdrive%\*.sys /90 /md5 >[/color]
[2010/07/19 09:56:09 | 535,683,071 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\hiberfil.sys
[2010/07/19 09:56:13 | 2145,902,591 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\pagefile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 741 bytes -> C:\Users\Cam\Documents\simon goodes pc.eml:OECustomProperty
@Alternate Data Stream - 1693 bytes -> C:\Users\Cam\Documents\FW_  Back packers seedy flight. dont get on this plane.eml:OECustomProperty
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 20 July 2010 - 11:39 AM

Please uninstall Firefox, delete all firefox related folders and reboot. Reinstall Firefox and post back with a fresh OTL logfile. Still redirects?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 21 July 2010 - 05:43 AM

I tried that a while back, haven't had a redirect in the last couple of days, but I'll keep you posted; I'm sure as soon as I let my guard down one will pop up.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 23 July 2010 - 02:24 PM

Ok let me know and post back with a fresh OTL logfile please smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 25 July 2010 - 01:53 AM

Any problems? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:42 PM

Posted 26 July 2010 - 12:27 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 cammeh

cammeh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 26 July 2010 - 06:57 PM

Got a redirect this morning whilst clicking on "www.dedicatedservers.com.au" in a google search for "dedicated servers", it took me to http://rs4.3971_3276802.blueseek.com/jump2...cated%20servers I noticed it bounce through meta.7search.com in the status bar. PS: Sorry for the delay, those pesky non-computer-related issues have been plentiful lately.

Here's the OTL log file:
CODE
OTL logfile created on: 27/07/2010 9:14:49 AM - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Cam\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.37 Gb Total Space | 646.61 Gb Free Space | 69.43% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 414.29 Gb Free Space | 59.30% Space Free | Partition Type: NTFS
Drive E: | 298.08 Gb Total Space | 199.96 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 41.01 Gb Free Space | 27.51% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAMSI7PC
Current User Name: Cam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/27 09:14:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL(2).exe
PRC - [2010/07/23 11:39:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/20 11:25:14 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/07/13 02:03:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2010/07/10 22:06:23 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/07/06 00:47:16 | 000,191,488 | ---- | M] () -- G:\G15LCD\LCDSirReal\LCDSirReal.exe
PRC - [2010/06/07 17:48:42 | 000,362,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/06/07 17:47:46 | 002,605,424 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010/04/27 10:47:12 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/25 00:10:50 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/07 23:32:51 | 001,363,456 | ---- | M] (Angus Johnson) -- C:\Program Files (x86)\Internode\mum.exe
PRC - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/11/25 22:54:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/10/30 21:27:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/30 18:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 15:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/26 15:44:34 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
PRC - [2009/07/14 10:44:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/05/24 01:58:34 | 000,858,624 | ---- | M] () -- C:\Program Files (x86)\Winamp Remote\winampdroid.exe
PRC - [2009/03/19 16:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/27 09:14:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cam\Downloads\OTL(2).exe
MOD - [2009/07/14 10:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 10:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:[b]64bit:[/b] - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2009/07/14 11:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/20 11:25:14 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/07 17:50:20 | 001,164,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/25 11:51:02 | 000,929,792 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010/04/27 10:49:08 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010/04/27 10:43:26 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2010/04/19 19:18:39 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/19 19:18:39 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/19 19:18:39 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 01:52:06 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/03/25 00:10:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 21:26:28 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/28 00:11:06 | 000,013,824 | ---- | M] (CL) [Auto | Running] -- C:\Program Files (x86)\SteamWatch\SteamWatch.exe -- (SteamWatch)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VcommMgr.sys -- (VcommMgr)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VComm.sys -- (VComm)
DRV:[b]64bit:[/b] - [2010/07/23 15:04:01 | 000,961,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:[b]64bit:[/b] - [2010/07/23 15:03:51 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:[b]64bit:[/b] - [2010/05/09 23:29:02 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2010/04/19 16:15:16 | 000,042,888 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:[b]64bit:[/b] - [2010/04/06 18:33:10 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:46 | 000,023,944 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:34 | 000,025,096 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:[b]64bit:[/b] - [2010/04/06 18:32:30 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2010/03/25 00:10:54 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2009/12/21 13:15:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009/11/23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 11:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:[b]64bit:[/b] - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 09:36:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2009/07/14 09:31:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:[b]64bit:[/b] - [2009/07/14 09:12:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:[b]64bit:[/b] - [2009/07/14 08:54:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2009/06/17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:[b]64bit:[/b] - [2009/06/11 06:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/11 06:05:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:[b]64bit:[/b] - [2008/06/06 08:25:44 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:[b]64bit:[/b] - [2008/05/07 06:40:02 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:[b]64bit:[/b] - [2008/05/07 06:39:44 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:[b]64bit:[/b] - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007/02/08 03:57:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004/06/22 14:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 4E B9 09 1C 2D CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Webster"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: en-AU@dictionaries.addons.mozilla.org:2.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/27 09:12:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/27 09:12:55 | 000,000,000 | ---D | M]

[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions
[2009/12/21 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/02/18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/27 09:13:15 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions
[2010/04/28 03:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 22:38:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/02 12:39:16 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/27 09:13:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/10 17:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 12:04:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/19 17:21:29 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2010/04/15 02:25:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\allglassv2@ambroos.neowin.net
[2009/12/19 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\en-AU@dictionaries.addons.mozilla.org
[2010/07/03 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\extensions\foxmarks@kei.com
[2008/11/17 18:21:26 | 000,000,705 | ---- | M] () -- C:\Users\Cam\AppData\Roaming\Mozilla\Firefox\Profiles\9mqacty6.default\searchplugins\webster.xml
[2010/07/27 09:12:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/12 02:24:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/13 02:03:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/07/23 09:59:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 09:59:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 09:59:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 09:59:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 06:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Winamp Remote Android Server] C:\Program Files (x86)\Winamp Remote\winampdroid.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [InternodeUsage] C:\Program Files (x86)\Internode\mum.exe (Angus Johnson)
O4 - HKCU..\Run: [MSDiskQuota]  File not found
O4 - HKCU..\Run: [SteamWatchTray] C:\Program Files (x86)\SteamWatch\SteamWatchTray.exe (CL)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/05 23:58:03 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/07/23 15:05:34 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Acronis
[2010/07/23 15:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/07/23 15:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/07/23 15:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/07/20 11:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C Company
[2010/07/20 03:54:26 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\GetRightToGo
[2010/07/18 03:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageShack Uploader
[2010/07/15 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/07/12 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\vlc
[2010/07/08 14:16:13 | 000,000,000 | ---D | C] -- C:\test
[2010/07/04 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo
[2010/07/04 13:24:48 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MotionDSP
[2010/07/04 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/07/04 13:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal
[2010/07/01 03:20:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/06/25 16:37:22 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Deus Ex - Invisible War
[2010/06/23 14:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/06/23 14:43:05 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/23 14:43:05 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/23 14:18:19 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\bluesoleil
[2010/06/23 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IVT Corporation
[2010/06/21 11:34:09 | 000,000,000 | ---D | C] -- C:\DriveKey
[2010/06/21 04:40:37 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Malwarebytes
[2010/06/21 04:40:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/21 04:40:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/21 04:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/21 02:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/16 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Media Player Classic
[2010/06/15 02:29:25 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010/06/15 02:29:25 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/06/15 02:29:25 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/06/15 02:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/06/11 14:37:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Nem's Tools
[2010/06/11 14:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
[2010/06/04 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamWatch
[2010/06/02 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Games for Windows - LIVE Demos
[2010/05/31 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\Cam\Documents\Disney Interactive Studios
[2010/05/31 11:52:02 | 000,000,000 | ---D | C] -- C:\Split Second
[2010/05/30 20:34:36 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\InstallShield Installation Information
[2010/05/30 20:34:25 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/05/24 23:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2010/05/23 01:57:12 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\AccurateRip
[2010/05/23 01:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010/05/23 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\MS
[2010/05/12 01:44:04 | 000,000,000 | ---D | C] -- C:\Users\Cam\.VirtualBox
[2010/05/12 01:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/05/10 21:53:13 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\mIRC
[2010/05/10 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/05/10 21:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/05/05 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/05/04 02:42:57 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\HLSW
[2010/05/04 02:42:57 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/05/03 02:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quake III Arena
[2010/05/03 02:19:00 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/05/03 02:18:56 | 000,000,000 | ---D | C] -- C:\Q3Ademo
[2010/04/30 04:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/04/30 04:09:29 | 000,000,000 | ---D | C] -- C:\Users\Cam\AppData\Local\Google
[2010/04/29 18:10:29 | 000,000,000 | ---D | C] -- C:\vmware
[2010/04/29 18:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2010/04/29 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/07/27 09:17:33 | 005,242,880 | -HS- | M] () -- C:\Users\Cam\NTUSER.DAT
[2010/07/27 09:12:56 | 000,001,963 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 08:48:17 | 000,001,237 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2010/07/27 08:48:16 | 000,006,532 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/07/27 08:48:13 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/07/27 08:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 01:13:01 | 000,002,090 | -H-- | M] () -- C:\Users\Cam\Documents\Default.rdp
[2010/07/27 00:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/26 17:00:08 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20091219_233400_Cam2.job
[2010/07/26 13:41:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/26 05:01:30 | 000,000,552 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/07/25 22:36:48 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/25 22:36:48 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/25 22:36:48 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/25 20:44:00 | 000,003,876 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010/07/25 05:08:03 | 022,090,910 | ---- | M] () -- C:\Users\Cam\Documents\4x4ing.wmv
[2010/07/25 01:41:07 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 01:41:07 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 01:33:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/25 01:33:51 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/25 01:29:11 | 003,044,675 | -H-- | M] () -- C:\Users\Cam\AppData\Local\IconCache.db
[2010/07/23 15:56:11 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2010/07/23 15:04:04 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/07/23 09:43:46 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20100722_141200_Cam5.job
[2010/07/23 04:48:15 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\20100722_140700_Cam4.job
[2010/07/22 16:56:30 | 005,472,373 | ---- | M] () -- C:\Users\Cam\Documents\Mindless Self Indulgence - The Birthday Massacre.mp3
[2010/07/22 03:16:23 | 001,730,420 | ---- | M] () -- C:\Users\Cam\Documents\bring me to wife3.mp3
[2010/07/21 17:16:07 | 004,171,970 | ---- | M] () -- C:\Users\Cam\Documents\corey4x4ing.wmv
[2010/07/21 17:10:20 | 004,387,190 | ---- | M] () -- C:\Users\Cam\Desktop\video-2010-07-21-16-08-49.3gp
[2010/07/21 17:08:39 | 564,306,944 | ---- | M] () -- C:\Users\Cam\Desktop\video-2010-07-21-16-08-49_enhanced.avi
[2010/07/20 11:38:48 | 000,001,176 | ---- | M] () -- C:\Users\Cam\Desktop\Cryostasis.lnk
[2010/07/18 16:25:31 | 056,119,012 | ---- | M] () -- C:\Users\Cam\Documents\left4cheats2.wmv
[2010/07/18 16:21:16 | 199,080,908 | ---- | M] () -- C:\Users\Cam\Documents\Produce_0.m2ts
[2010/07/18 04:14:29 | 000,200,500 | ---- | M] () -- C:\Users\Cam\Documents\P0912142034146.jpg
[2010/07/18 03:30:32 | 000,001,007 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedFan.lnk
[2010/07/18 03:30:27 | 000,002,483 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageShack Uploader.lnk
[2010/07/18 03:11:16 | 000,233,291 | ---- | M] () -- C:\Users\Cam\Documents\diycamber.jpg
[2010/07/16 00:08:01 | 000,042,826 | ---- | M] () -- C:\Users\Cam\Documents\a50f6325-da9c-4f57-96ee-a50.jpg
[2010/07/16 00:02:37 | 002,095,219 | ---- | M] () -- C:\Users\Cam\Documents\6a0120a721c2d7970b0133f1759c5d970b-800wi.gif
[2010/07/15 17:37:15 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/07/15 03:35:02 | 000,119,592 | ---- | M] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/14 16:02:50 | 000,001,003 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/09 02:46:48 | 000,385,036 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 02:45:50 | 000,368,044 | ---- | M] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | M] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | M] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:46 | 002,043,617 | ---- | M] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:32:31 | 151,461,824 | ---- | M] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:03 | 000,046,919 | ---- | M] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/04 13:29:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/07/02 00:19:25 | 001,469,770 | ---- | M] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:51 | 000,763,761 | ---- | M] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | M] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:21 | 000,091,761 | ---- | M] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:03 | 000,126,225 | ---- | M] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:55 | 000,061,683 | ---- | M] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:52 | 000,063,831 | ---- | M] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | M] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:40 | 000,034,403 | ---- | M] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:55 | 000,065,028 | ---- | M] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/23 14:16:19 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010/06/23 14:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:39 | 000,041,470 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:13 | 000,050,702 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:51 | 000,064,111 | ---- | M] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | M] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:29 | 000,031,511 | ---- | M] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 12:00:00 | 000,980,619 | ---- | M] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:32 | 000,006,926 | ---- | M] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | M] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:20 | 000,008,107 | ---- | M] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:36 | 002,668,454 | ---- | M] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:38 | 000,109,098 | ---- | M] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:26 | 000,047,725 | ---- | M] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 01:45:13 | 000,089,088 | ---- | M] () -- C:\Users\Cam\Documents\Cameron Plumb Resume10.doc
[2010/06/16 21:45:21 | 000,032,258 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:11 | 000,033,650 | ---- | M] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:15 | 000,140,061 | ---- | M] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | M] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:03 | 000,055,174 | ---- | M] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:31 | 000,079,566 | ---- | M] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | M] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/12 16:55:12 | 000,055,228 | ---- | M] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/12 02:49:19 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/10 11:53:21 | 000,039,178 | ---- | M] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:21 | 002,124,747 | ---- | M] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:28 | 004,030,173 | ---- | M] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:24 | 000,076,104 | ---- | M] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:56 | 000,022,333 | ---- | M] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/08 09:28:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/08 09:28:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/08 09:28:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/07 20:48:16 | 000,174,645 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:48:00 | 000,226,539 | ---- | M] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | M] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:17 | 000,252,878 | ---- | M] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:49 | 001,394,555 | ---- | M] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | M] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:21 | 000,140,033 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | M] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:09 | 000,064,814 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:29 | 000,033,578 | ---- | M] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:30:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/02 17:30:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/06/02 17:20:16 | 000,123,664 | ---- | M] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:54 | 000,504,491 | ---- | M] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:25 | 000,085,307 | ---- | M] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | M] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:28 | 000,041,782 | ---- | M] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:28 | 000,078,975 | ---- | M] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:52 | 000,165,899 | ---- | M] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:03 | 000,067,594 | ---- | M] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:06 | 000,204,784 | ---- | M] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/24 23:37:02 | 000,115,013 | ---- | M] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:05 | 000,145,895 | ---- | M] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:55 | 000,341,602 | ---- | M] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:56 | 000,467,033 | ---- | M] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 000,015,347 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 01:56:59 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 00:16:19 | 000,073,140 | ---- | M] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | M] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:02 | 000,645,151 | ---- | M] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:12 | 000,195,037 | ---- | M] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:52 | 000,031,231 | ---- | M] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | M] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:48 | 000,076,713 | ---- | M] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:33 | 000,058,978 | ---- | M] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 19:02:10 | 005,653,224 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/20 13:25:19 | 000,244,846 | ---- | M] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:19 | 000,494,094 | ---- | M] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:17 | 000,045,034 | ---- | M] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:05 | 000,087,154 | ---- | M] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | M] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/17 01:16:47 | 000,039,424 | ---- | M] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:14 | 000,013,383 | ---- | M] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:58 | 000,016,103 | ---- | M] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:13 | 000,048,218 | ---- | M] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:37 | 000,121,582 | ---- | M] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | M] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:20 | 001,842,134 | ---- | M] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:41 | 000,125,549 | ---- | M] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:39 | 000,016,893 | ---- | M] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:22 | 000,069,294 | ---- | M] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:23 | 000,054,024 | ---- | M] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:02 | 000,107,368 | ---- | M] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:52 | 000,002,558 | ---- | M] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:58 | 000,062,584 | ---- | M] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | M] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:11 | 000,091,916 | ---- | M] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:48 | 000,055,430 | ---- | M] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | M] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | M] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | M] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | M] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 15:28:29 | 000,082,059 | ---- | M] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:23 | 000,272,040 | ---- | M] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | M] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:06 | 000,198,748 | ---- | M] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | M] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | M] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 00:58:33 | 000,039,891 | ---- | M] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:06 | 002,085,684 | ---- | M] () -- C:\Users\Cam\Documents\1272438656529.gif
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/27 09:12:56 | 000,001,963 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 20:42:47 | 000,003,876 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010/07/25 05:07:02 | 022,090,910 | ---- | C] () -- C:\Users\Cam\Documents\4x4ing.wmv
[2010/07/23 15:54:41 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2010/07/23 15:04:04 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/07/22 16:55:11 | 005,472,373 | ---- | C] () -- C:\Users\Cam\Documents\Mindless Self Indulgence - The Birthday Massacre.mp3
[2010/07/22 14:16:58 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\20100722_141200_Cam5.job
[2010/07/22 14:08:49 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\20100722_140700_Cam4.job
[2010/07/22 03:15:57 | 001,730,420 | ---- | C] () -- C:\Users\Cam\Documents\bring me to wife3.mp3
[2010/07/21 17:15:51 | 004,171,970 | ---- | C] () -- C:\Users\Cam\Documents\corey4x4ing.wmv
[2010/07/21 17:08:17 | 564,306,944 | ---- | C] () -- C:\Users\Cam\Desktop\video-2010-07-21-16-08-49_enhanced.avi
[2010/07/21 17:06:41 | 004,387,190 | ---- | C] () -- C:\Users\Cam\Desktop\video-2010-07-21-16-08-49.3gp
[2010/07/20 11:38:48 | 000,001,176 | ---- | C] () -- C:\Users\Cam\Desktop\Cryostasis.lnk
[2010/07/18 16:22:04 | 056,119,012 | ---- | C] () -- C:\Users\Cam\Documents\left4cheats2.wmv
[2010/07/18 16:18:42 | 199,080,908 | ---- | C] () -- C:\Users\Cam\Documents\Produce_0.m2ts
[2010/07/18 04:14:44 | 000,200,500 | ---- | C] () -- C:\Users\Cam\Documents\P0912142034146.jpg
[2010/07/18 03:30:32 | 000,001,007 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedFan.lnk
[2010/07/18 03:30:27 | 000,002,483 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\ImageShack Uploader.lnk
[2010/07/18 03:11:15 | 000,233,291 | ---- | C] () -- C:\Users\Cam\Documents\diycamber.jpg
[2010/07/16 00:08:01 | 000,042,826 | ---- | C] () -- C:\Users\Cam\Documents\a50f6325-da9c-4f57-96ee-a50.jpg
[2010/07/16 00:02:36 | 002,095,219 | ---- | C] () -- C:\Users\Cam\Documents\6a0120a721c2d7970b0133f1759c5d970b-800wi.gif
[2010/07/15 17:37:14 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/07/15 03:35:01 | 000,119,592 | ---- | C] () -- C:\Users\Cam\Documents\dezlkpbap0.jpg
[2010/07/09 03:07:01 | 000,385,036 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfoottop.jpg
[2010/07/09 03:07:01 | 000,368,044 | ---- | C] () -- C:\Users\Cam\Documents\quantumbigfootbottom.jpg
[2010/07/08 20:06:10 | 000,033,302 | ---- | C] () -- C:\Users\Cam\Documents\wololo.jpg
[2010/07/08 12:48:34 | 000,319,471 | ---- | C] () -- C:\Users\Cam\Documents\pigrideric.gif
[2010/07/08 10:12:43 | 002,043,617 | ---- | C] () -- C:\Users\Cam\Documents\furry2_01.jpg
[2010/07/07 16:30:07 | 151,461,824 | ---- | C] () -- C:\Users\Cam\Documents\dallenbach.m2ts
[2010/07/05 18:57:02 | 000,046,919 | ---- | C] () -- C:\Users\Cam\Documents\haxorpcsized.jpg
[2010/07/02 00:19:23 | 001,469,770 | ---- | C] () -- C:\Users\Cam\Documents\bertstare.gif
[2010/07/01 04:40:48 | 000,763,761 | ---- | C] () -- C:\Users\Cam\Documents\idiot.png
[2010/06/30 23:12:44 | 000,090,519 | ---- | C] () -- C:\Users\Cam\Documents\8286103ce25b41f19ffde66.jpg
[2010/06/30 23:12:17 | 000,091,761 | ---- | C] () -- C:\Users\Cam\Documents\c3376854f0544ec1b5b9688.jpg
[2010/06/29 04:28:01 | 000,126,225 | ---- | C] () -- C:\Users\Cam\Documents\myhawz.jpg
[2010/06/28 14:54:56 | 000,059,612 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.rar
[2010/06/28 14:51:53 | 000,061,683 | ---- | C] () -- C:\Users\Cam\Documents\seafirethugaim.png
[2010/06/27 13:37:02 | 000,060,231 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.rar
[2010/06/27 13:36:50 | 000,063,831 | ---- | C] () -- C:\Users\Cam\Documents\chipmanrouter.png
[2010/06/26 17:01:51 | 000,031,855 | ---- | C] () -- C:\Users\Cam\Documents\inane.rar
[2010/06/26 17:01:38 | 000,034,403 | ---- | C] () -- C:\Users\Cam\Documents\inane.png
[2010/06/25 01:30:53 | 000,065,028 | ---- | C] () -- C:\Users\Cam\Documents\yluj7.jpg
[2010/06/24 04:25:27 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010/06/23 14:18:18 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010/06/23 14:18:17 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010/06/23 14:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010/06/23 14:15:26 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\BlueSoleil Space.lnk
[2010/06/21 23:10:38 | 000,041,470 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3f4q2g3lb1qzh5gn.jpg
[2010/06/21 23:10:12 | 000,050,702 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl3dgjgqmec1qbwsdr.gif
[2010/06/21 23:04:50 | 000,064,111 | ---- | C] () -- C:\Users\Cam\Documents\25290540.jpg
[2010/06/21 12:58:14 | 000,007,736 | ---- | C] () -- C:\Users\Cam\Documents\condump049.rar
[2010/06/21 12:12:28 | 000,031,511 | ---- | C] () -- C:\Users\Cam\Documents\140050ruddandconroy.jpg
[2010/06/21 11:59:59 | 000,980,619 | ---- | C] () -- C:\Users\Cam\Documents\lCeT7.jpg
[2010/06/21 11:14:31 | 000,006,926 | ---- | C] () -- C:\Users\Cam\Documents\n14248956832681.jpg
[2010/06/21 03:38:37 | 000,056,626 | ---- | C] () -- C:\Users\Cam\Documents\ban_football_from_the_vuvuzela_concerts.jpg
[2010/06/20 22:51:19 | 000,008,107 | ---- | C] () -- C:\Users\Cam\Documents\EBG.jpg
[2010/06/18 18:32:34 | 002,668,454 | ---- | C] () -- C:\Users\Cam\Documents\1276621176781.gif
[2010/06/18 00:29:37 | 000,109,098 | ---- | C] () -- C:\Users\Cam\Documents\QUY35.jpg
[2010/06/18 00:29:25 | 000,047,725 | ---- | C] () -- C:\Users\Cam\Documents\1276777699013.jpg
[2010/06/17 16:51:44 | 000,252,853 | ---- | C] () -- C:\Users\Cam\Documents\DSC00270.JPG
[2010/06/16 21:45:21 | 000,032,258 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.rar
[2010/06/16 21:45:09 | 000,033,650 | ---- | C] () -- C:\Users\Cam\Documents\somecunce.png
[2010/06/16 20:32:14 | 000,140,061 | ---- | C] () -- C:\Users\Cam\Documents\1276602096271.gif
[2010/06/16 14:06:24 | 004,189,657 | ---- | C] () -- C:\Users\Cam\Documents\roombacat.gif
[2010/06/16 14:04:00 | 000,055,174 | ---- | C] () -- C:\Users\Cam\Documents\1276077655026.jpg
[2010/06/15 20:54:30 | 000,079,566 | ---- | C] () -- C:\Users\Cam\Documents\358952151.gif
[2010/06/15 20:53:39 | 001,285,803 | ---- | C] () -- C:\Users\Cam\Documents\egowl6m93udjdve450.gif
[2010/06/15 02:29:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/15 02:29:25 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/15 02:29:25 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/15 02:29:25 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/06/15 02:29:24 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/15 02:29:24 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/06/12 16:55:10 | 000,055,228 | ---- | C] () -- C:\Users\Cam\Documents\weddins.jpg
[2010/06/10 11:53:20 | 000,039,178 | ---- | C] () -- C:\Users\Cam\Documents\450px-Eric_Idle.jpg
[2010/06/09 14:34:20 | 002,124,747 | ---- | C] () -- C:\Users\Cam\Documents\129185154050643300.gif
[2010/06/09 13:58:29 | 002,960,872 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoosers.gif
[2010/06/09 13:49:27 | 004,030,173 | ---- | C] () -- C:\Users\Cam\Documents\wtfmoose.gif
[2010/06/08 20:05:23 | 000,076,104 | ---- | C] () -- C:\Users\Cam\Documents\I-am-a-flying-camel-700x466.jpg
[2010/06/08 15:06:55 | 000,022,333 | ---- | C] () -- C:\Users\Cam\Documents\skelelols.jpg
[2010/06/07 20:48:16 | 000,174,645 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.zip
[2010/06/07 20:47:51 | 000,226,539 | ---- | C] () -- C:\Users\Cam\Documents\ardblard.jpg
[2010/06/07 02:21:30 | 000,025,956 | ---- | C] () -- C:\Users\Cam\Documents\Sensor_Noob.jpg
[2010/06/06 15:06:16 | 000,252,878 | ---- | C] () -- C:\Users\Cam\Documents\reusednewspaper.jpg
[2010/06/04 04:26:48 | 001,394,555 | ---- | C] () -- C:\Users\Cam\Documents\WRWW3.gif
[2010/06/04 04:25:05 | 000,702,226 | ---- | C] () -- C:\Users\Cam\Documents\2vG7P.jpg
[2010/06/03 04:24:19 | 000,140,033 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev2.png
[2010/06/03 02:21:15 | 000,148,496 | ---- | C] () -- C:\Users\Cam\Documents\tumblrkztjwisgxu1qa5gvy.png
[2010/06/03 02:20:08 | 000,064,814 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl39tn2bo171qzh5gn.jpg
[2010/06/03 02:15:25 | 000,033,578 | ---- | C] () -- C:\Users\Cam\Documents\tumblrl2nyxzy0mc1qc1na3.jpg
[2010/06/02 17:20:14 | 000,123,664 | ---- | C] () -- C:\Users\Cam\Documents\jetenginev1.png
[2010/06/01 14:40:53 | 000,504,491 | ---- | C] () -- C:\Users\Cam\Documents\1BBMN.png
[2010/06/01 12:09:21 | 000,085,307 | ---- | C] () -- C:\Users\Cam\Documents\ladiesz.jpg
[2010/05/28 22:53:46 | 002,880,366 | ---- | C] () -- C:\Users\Cam\Documents\1878_591d.gif
[2010/05/28 18:06:27 | 000,041,782 | ---- | C] () -- C:\Users\Cam\Documents\28636_110193792357013_100000991784849_63837_5959410_n.jpg
[2010/05/28 04:20:27 | 000,078,975 | ---- | C] () -- C:\Users\Cam\Documents\4113226570_aa74ecc176.jpg
[2010/05/28 01:13:50 | 000,165,899 | ---- | C] () -- C:\Users\Cam\Documents\maydesky.jpg
[2010/05/28 01:12:37 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2010/05/25 22:21:02 | 000,067,594 | ---- | C] () -- C:\Users\Cam\Documents\20z5naa.jpg
[2010/05/25 22:17:05 | 000,204,784 | ---- | C] () -- C:\Users\Cam\Documents\0j9NH.jpg
[2010/05/25 11:51:08 | 000,001,237 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2010/05/24 23:37:02 | 000,115,013 | ---- | C] () -- C:\Users\Cam\Documents\daily_picdump_304_72.jpg
[2010/05/24 21:14:03 | 000,145,895 | ---- | C] () -- C:\Users\Cam\Documents\smiledog.png
[2010/05/24 21:12:54 | 000,341,602 | ---- | C] () -- C:\Users\Cam\Documents\smile.jpg
[2010/05/23 03:48:55 | 000,467,033 | ---- | C] () -- C:\Users\Cam\Documents\comelitered.png
[2010/05/23 01:57:11 | 005,653,224 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/05/23 01:57:11 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/23 01:57:11 | 000,015,347 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/23 00:16:17 | 000,073,140 | ---- | C] () -- C:\Users\Cam\Documents\bahaha.gif
[2010/05/22 16:40:33 | 000,036,314 | ---- | C] () -- C:\Users\Cam\Documents\email-and-bacon.jpg
[2010/05/22 15:43:00 | 000,645,151 | ---- | C] () -- C:\Users\Cam\Documents\busy desky.png
[2010/05/22 05:08:11 | 000,195,037 | ---- | C] () -- C:\Users\Cam\Documents\102r2me.jpg
[2010/05/21 17:09:49 | 000,031,231 | ---- | C] () -- C:\Users\Cam\Documents\uploadables.png
[2010/05/21 15:21:28 | 000,082,730 | ---- | C] () -- C:\Users\Cam\Documents\winfail.png
[2010/05/21 15:20:47 | 000,076,713 | ---- | C] () -- C:\Users\Cam\Documents\lolfaceq.jpg
[2010/05/20 21:18:32 | 000,058,978 | ---- | C] () -- C:\Users\Cam\Documents\7YPXl.jpg
[2010/05/20 13:25:19 | 000,244,846 | ---- | C] () -- C:\Users\Cam\Documents\059h5.gif
[2010/05/20 12:55:18 | 000,494,094 | ---- | C] () -- C:\Users\Cam\Documents\KZhLx.jpg
[2010/05/20 03:38:16 | 000,045,034 | ---- | C] () -- C:\Users\Cam\Documents\terrorholmes.png
[2010/05/18 21:18:01 | 000,087,154 | ---- | C] () -- C:\Users\Cam\Documents\LZaI1.jpg
[2010/05/17 03:36:05 | 000,044,242 | ---- | C] () -- C:\Users\Cam\Documents\pony-mechanic.jpg
[2010/05/16 21:16:20 | 000,039,424 | ---- | C] () -- C:\Users\Cam\Documents\korea.doc
[2010/05/16 21:16:13 | 000,013,383 | ---- | C] () -- C:\Users\Cam\Documents\korea.docx
[2010/05/16 18:23:57 | 000,016,103 | ---- | C] () -- C:\Users\Cam\Documents\a5jxk.jpg
[2010/05/15 01:13:11 | 000,048,218 | ---- | C] () -- C:\Users\Cam\Documents\26236_102509359791082_100000960557731_16620_7982935_n.jpg
[2010/05/13 17:51:35 | 000,121,582 | ---- | C] () -- C:\Users\Cam\Documents\bleep.jpg
[2010/05/13 15:24:12 | 000,112,327 | ---- | C] () -- C:\Users\Cam\Documents\79986607177820472640.png.jpg
[2010/05/12 23:39:06 | 001,842,134 | ---- | C] () -- C:\Users\Cam\Documents\pirate2.png
[2010/05/12 13:58:40 | 000,125,549 | ---- | C] () -- C:\Users\Cam\Documents\1273635871773.jpg
[2010/05/12 13:29:37 | 000,016,893 | ---- | C] () -- C:\Users\Cam\Documents\undercar.png
[2010/05/11 19:07:21 | 000,069,294 | ---- | C] () -- C:\Users\Cam\Documents\yPevl.jpg
[2010/05/09 19:31:22 | 000,054,024 | ---- | C] () -- C:\Users\Cam\Documents\29695_116763375022748_116749711690781_135266_6789795_n.jpg
[2010/05/09 19:31:01 | 000,107,368 | ---- | C] () -- C:\Users\Cam\Documents\guU7F.jpg
[2010/05/09 18:17:49 | 000,002,558 | ---- | C] () -- C:\Users\Cam\Documents\encryptionkey.pfx
[2010/05/09 04:19:56 | 000,062,584 | ---- | C] () -- C:\Users\Cam\Documents\cruisin.jpg
[2010/05/06 22:43:32 | 000,072,876 | ---- | C] () -- C:\Users\Cam\Documents\UJ2rP.png
[2010/05/06 11:24:10 | 000,091,916 | ---- | C] () -- C:\Users\Cam\Documents\deepwater_oil_00.jpg
[2010/05/05 16:53:44 | 000,001,074 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\EVGA Precision.lnk
[2010/05/05 14:00:47 | 000,055,430 | ---- | C] () -- C:\Users\Cam\Documents\friday.jpg
[2010/05/05 14:00:35 | 000,023,998 | ---- | C] () -- C:\Users\Cam\Documents\spam boy.jpg
[2010/05/04 03:48:32 | 000,051,517 | ---- | C] () -- C:\Users\Cam\Documents\d16c552c88934c14ddfe37f.jpg
[2010/05/04 03:47:05 | 000,032,906 | ---- | C] () -- C:\Users\Cam\Documents\Z5iev.jpg
[2010/05/04 03:16:11 | 000,000,951 | ---- | C] () -- C:\Users\Cam\Application Data\Microsoft\Internet Explorer\Quick Launch\HLSW.lnk
[2010/05/03 19:02:31 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/03 15:28:29 | 000,082,059 | ---- | C] () -- C:\Users\Cam\Documents\1271211661717.jpg
[2010/05/03 15:28:22 | 000,272,040 | ---- | C] () -- C:\Users\Cam\Documents\post-11867-1272639678.jpg
[2010/05/03 15:28:12 | 000,012,144 | ---- | C] () -- C:\Users\Cam\Documents\1272415153600.jpg
[2010/05/03 15:28:05 | 000,198,748 | ---- | C] () -- C:\Users\Cam\Documents\3211.jpg
[2010/05/03 15:27:49 | 000,189,823 | ---- | C] () -- C:\Users\Cam\Documents\1272415291571.jpg
[2010/05/03 15:27:35 | 000,045,593 | ---- | C] () -- C:\Users\Cam\Documents\patrickstewartmorepewpe.jpg
[2010/04/30 04:09:34 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/30 04:09:33 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/29 00:58:32 | 000,039,891 | ---- | C] () -- C:\Users\Cam\Documents\pewpewlol.jpg
[2010/04/28 18:33:01 | 002,085,684 | ---- | C] () -- C:\Users\Cam\Documents\1272438656529.gif
[2010/04/27 10:43:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/31 03:36:56 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/02/20 14:25:16 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/02/09 15:30:32 | 000,000,104 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2010/01/20 00:22:28 | 000,000,343 | ---- | C] () -- C:\Windows\doom3.ini
[2009/12/29 03:44:59 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2009/12/19 21:46:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/19 17:13:41 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/19 17:13:41 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/14 09:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 06:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/10/16 08:24:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/10/03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010/07/23 15:05:34 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Acronis
[2010/07/01 03:20:35 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Beat Hazard
[2010/03/30 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Bioshock
[2010/01/05 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Conor O'Kane
[2009/12/21 15:45:01 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\DAEMON Tools Lite
[2010/07/20 11:08:44 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\GetRightToGo
[2010/02/20 23:29:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Gmote
[2010/05/03 02:39:47 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\GrabIt
[2010/07/26 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\HLSW
[2010/07/12 00:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVU
[2010/06/15 00:54:19 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IMVUClient
[2010/05/13 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Internode
[2010/02/06 01:50:34 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\IsolatedStorage
[2010/07/18 22:19:13 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\LimeWire
[2010/07/04 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\MotionDSP
[2010/04/21 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Mumble
[2010/05/10 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Notepad++
[2010/01/18 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Subversion
[2010/04/07 00:09:14 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\SystemRequirementsLab
[2010/07/25 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\uTorrent
[2009/12/22 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\Cam\AppData\Roaming\Vivox
[2010/07/26 17:00:08 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20091219_233400_Cam2.job
[2010/07/23 04:48:15 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20100722_140700_Cam4.job
[2010/07/23 09:43:46 | 000,000,644 | ---- | M] () -- C:\Windows\Tasks\20100722_141200_Cam5.job
[2009/07/14 14:38:49 | 000,024,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 11:22:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:22:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 10:45:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 11:10:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/06/06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:18:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/14 11:11:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 10:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:15:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 10:46:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 11:11:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemdrive%\*.sys /90 /md5 >[/color]
[2010/07/25 01:33:51 | 535,683,071 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\hiberfil.sys
[2010/07/25 01:33:54 | 2145,902,591 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\pagefile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 741 bytes -> C:\Users\Cam\Documents\simon goodes pc.eml:OECustomProperty
@Alternate Data Stream - 1693 bytes -> C:\Users\Cam\Documents\FW_  Back packers seedy flight. dont get on this plane.eml:OECustomProperty
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >

Edited by cammeh, 26 July 2010 - 07:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users