Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan downloader & Trojan dropper


  • This topic is locked This topic is locked
26 replies to this topic

#1 WillyBob

WillyBob

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 27 July 2010 - 08:59 AM

Not sure if I should follow the recommended Malwarebytes action "remove" or if I should do something else first... keeping the program open for now.

I am running Win7x64 RTM English Retail Professional, genuine version, with all recommended SPs & updates. Phenom II X4 proc, system runs very well in general. 4 GB RAM, plenty of HD space, etc. etc.

I did have a problem with the same virus or trojan a couple of weeks ago (probably the same exact date as the files are stamped with, which is 7/8/2010. The files are:
c:\users\<me>\AppData\Local\Temp\trz7D02.tmp
c:\users\<me>\AppData\Local\Temp\0.2880280364299931.exe

though that probably doesn't help you (afaik usually mal/spyware programs create random file names on the fly, right?)

Anyway, after I found myself infected a couple of weeks ago, I ran a System Restore and thought everything was hunky-dorey. But perhaps not. I am not sure if the system is truly infected, or if the files are just sitting there, but obviously I am concerned and would appreciate your help.

Here is the DDS.txt, and I have attached the zipped Attach.txt. I am also including links from VirusTotal.com on the two files in question, if that is of any use to you.

Link 1, re: trz7D02.tmp:
https://www.virustotal.com/analisis/64cebae...7e18-1280237630
Link 2, re: 0.2880280364299931.exe:
https://www.virustotal.com/analisis/d05d804...214e-1279984996

The Trojan in question when I was infected had taken over my internet connection, permanently and repeatedly setting up my network to use a proxy, which is its evil way of doing business... there didn't seem to be any way to set my connection back to not using a proxy, so thank goodness that the System Restore at least seemed to fix things. dry.gif

Thank you for your help!!!

--William

DDS.TXT:



DDS (Ver_10-03-17.01) - NTFSX64
Run by Will at 6:42:56.52 on Tue 07/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4087.1242 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe
C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Users\Will\RunApps\CoreTemp64Beta2\Core Temp.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Will\RunApps\SysinternalsSuite\procexp.exe
C:\Users\Will\RunApps\SysinternalsSuite\procexp64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\ehome\mcrmgr.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\eHome\ehExtHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\explorer.exe
C:\Windows\system32\mfpmp.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\explorer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\LightningWare\VME 1.2\VME Manager.exe
C:\Program Files\Windows Media Components\Encoder\wmenc.exe
C:\Program Files\Windows Media Components\Encoder\WMEncAgt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Will\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files (x86)\lastpass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BackgroundSwitcher] "c:\program files (x86)\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [OpenDNS Updater] "c:\program files (x86)\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [HFM.NET] "c:\program files (x86)\hfm.net\HFM.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\qt lite\QTTask.exe" -atboottime
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\autorunsdisabled\vme 1.2.lnk.disabled
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: LastPass - file://c:\program files (x86)\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\lastpass\context.html?cmd=fillforms
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files (x86)\lastpass\LPBar.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1258771289085
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
IFEO: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files (x86)\lastpass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [RivaTunerStartupDaemon] "c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S
mRun-x64: [RivaTuner] "c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /T
IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - c:\program files (x86)\xmarks\ie extension\xmarkssync.exe
IFEO-X64: taskmgr.exe - "c:\users\will\runapps\sysinternalssuite\PROCEXP.EXE"
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.2.16 xtrreem

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?source=ig&hl=en&rlz=&=&q=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?source=ig&hl=en&rlz=&=&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\will\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\will\appdata\roaming\mozilla\firefox\profiles\1v9papwg.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-7-14 226616]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-9 121936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-9 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-9 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-28 40384]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\program files (x86)\folding@home windows smp client v1.01\smpd.exe [2010-4-9 1135616]
R2 PhenomMsrTweaker;PhenomMsrTweaker service;c:\program files\phenommsrtweaker\PhenomMsrTweakerService.exe [2010-6-3 188416]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\common files\realtime soft\ultramonmirrordrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-28 40384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-29 327576]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-29 6377496]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-5-31 333928]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 134760]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\phenommsrtweaker\WinRing0x64.sys [2010-6-3 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PASW;Process Activation Service;c:\windows\system32\psactive.exe --> c:\windows\system32\psactive.exe [?]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-18 250400]
S3 atillk64;atillk64;w:\downloads\@oc\winflash2017\atillk64.sys [2006-7-19 14608]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-1-27 79360]
S3 ENTECH64;ENTECH64;c:\windows\system32\drivers\Entech64.sys [2009-11-18 12744]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-11-20 16776]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-10-29 137608]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-11-20 9096]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-29 30232]
S3 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-29 190488]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr7364.sys [2010-2-24 726816]
S3 PTV371.X64;Mini TV USB, Service X64;c:\windows\system32\drivers\PTV371.X64.SYS [2010-4-8 308352]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-6-26 93848]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-12-17 43664]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2009-11-10 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 203264]
S4 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\amd\raidxpert\bin\RAIDXpertService.exe [2009-10-29 122880]
S4 CNQSvc64;CNQSvc64;c:\users\will\runapps\cnqsvc64_0_08\cnqsvc64.exe [2010-2-4 90624]
S4 mcShoutCastECommerceService;mcShoutCastECommerceService;c:\program files\mcshoutcast\mcShoutCastECommerceService.exe [2009-12-15 8192]
S4 mcShoutCastLauraFM;mcShoutCastLauraFM;c:\program files\mcshoutcast\ShoutCastLauraFMService.exe [2009-12-15 7680]
S4 mcShoutCastProxy;mcShoutCastProxy;c:\program files\mcshoutcast\ShoutCastProxyService.exe [2009-12-15 58880]

============== File Associations ===============

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-07-27 12:02:38 0 d-----w- c:\program files (x86)\Lame for Audacity
2010-07-27 05:24:54 0 d-----w- c:\program files\IconViewer
2010-07-26 19:13:14 0 d-----w- c:\users\will\appdata\roaming\Blender Foundation
2010-07-25 07:15:46 0 d-----w- c:\users\will\appdata\roaming\Odian Games
2010-07-25 04:34:08 0 d-----w- c:\users\will\appdata\roaming\Total Eclipse
2010-07-20 13:01:56 107 ----a-w- c:\windows\VobEdit.INI
2010-07-20 10:16:06 0 d-----w- c:\programdata\Simajo The Travel Móstery Game
2010-07-18 22:05:26 0 d-----w- c:\programdata\Far Mills
2010-07-18 12:00:46 0 d-----w- c:\users\will\appdata\roaming\Vogat Interactive
2010-07-18 11:46:56 0 d-----w- c:\users\will\appdata\roaming\DigirononGames
2010-07-14 04:19:41 0 d-----w- c:\program files (x86)\VisiPics
2010-07-14 02:50:26 77 ----a-w- c:\windows\huffyuv.ini
2010-07-14 02:47:50 33280 ----a-w- c:\windows\syswow64\HUFFYUV.DLL
2010-07-14 02:47:50 0 d-----w- C:\huffyuv-2.1.1
2010-07-14 02:40:47 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-14 02:21:31 756736 ----a-w- c:\windows\syswow64\LameACM.acm
2010-07-14 02:21:31 401 ----a-w- c:\windows\syswow64\lame_acm.xml
2010-07-14 02:21:31 0 d-----w- C:\lame
2010-07-14 02:05:41 2759 ----a-w- c:\windows\syswow64\MPEG_Recorder_Settings.xml
2010-07-14 02:04:51 0 d-----w- c:\program files (x86)\MPEG Recorder
2010-07-14 01:59:32 0 d-----w- c:\program files (x86)\DScaler
2010-07-14 00:52:04 0 d-----w- c:\program files (x86)\VidToDisc Version 1.2
2010-07-13 06:44:17 0 d-----w- c:\program files (x86)\Folding@home
2010-07-13 04:41:34 0 d-----w- c:\programdata\NVIDIA Corporation
2010-07-13 04:33:59 0 d-----w- c:\program files (x86)\Secret Of Monkey Island SE
2010-07-13 03:23:35 0 d-----w- c:\users\will\appdata\roaming\UHS Reader
2010-07-12 23:50:04 0 d-----w- c:\program files (x86)\UHS
2010-07-12 08:56:39 0 d-----w- c:\program files\MediaInfo
2010-07-11 19:46:33 0 d-sh--w- c:\temp\Temporary Internet Files
2010-07-11 19:46:33 0 d-sh--w- c:\temp\History
2010-07-11 19:46:33 0 d-sh--w- c:\temp\Cookies
2010-07-11 17:38:55 2873820 ------w- c:\windows\syswow64\Sens_oal.dll
2010-07-11 10:48:46 0 d-----w- c:\users\will\appdata\roaming\nHancer
2010-07-11 10:48:31 0 d-----w- c:\programdata\Caphyon
2010-07-11 10:48:25 0 d-----w- c:\programdata\nHancer
2010-07-10 08:20:09 0 d-----w- c:\users\will\appdata\roaming\KranX Productions
2010-07-10 05:51:10 0 d-----w- c:\program files (x86)\The Adventure Company
2010-07-10 05:40:48 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-07-10 05:40:48 0 d-----w- c:\program files (x86)\PowerISO
2010-07-10 05:01:52 0 d-----w- c:\programdata\Sun
2010-07-10 05:01:40 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-10 04:56:23 0 d-----w- c:\programdata\McAfee
2010-07-10 02:16:48 0 d-----w- c:\program files (x86)\Telltale
2010-07-09 04:46:58 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-07-09 04:46:58 22360 ----a-w- c:\windows\syswow64\X3DAudio1_7.dll
2010-07-09 04:40:33 0 d-----w- c:\users\will\appdata\roaming\LucasArts
2010-07-09 04:32:20 0 d-----w- c:\program files (x86)\LucasArts
2010-07-08 13:16:05 0 d-----w- c:\users\will\appdata\roaming\Mariaglorum
2010-07-08 11:34:41 0 d-----w- c:\users\will\appdata\roaming\dcunningham.net
2010-07-08 11:33:56 0 d-----w- c:\program files (x86)\enchd_1.2.209.0
2010-07-08 01:20:34 0 d-----w- c:\users\will\appdata\roaming\Pi Eye Games
2010-07-07 14:48:48 65536 --sha-w- c:\users\will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TM.blf
2010-07-07 14:48:48 524288 --sha-w- c:\users\will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000002.regtrans-ms
2010-07-07 14:48:48 524288 --sha-w- c:\users\will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000001.regtrans-ms
2010-07-06 05:21:27 0 d-----w- c:\program files (x86)\Riot
2010-07-05 23:22:36 0 d-----w- c:\users\will\appdata\roaming\A Gypsy's Tale - The Tower of Secrets
2010-07-05 12:13:21 0 d-----w- c:\temp\_avast5_
2010-07-05 09:13:49 0 d-----w- c:\users\will\appdata\roaming\Finstere Liebschaft
2010-07-05 09:13:49 0 d-----w- c:\programdata\Finstere Liebschaft
2010-07-04 16:30:22 1908 ----a-w- c:\windows\diagwrn.xml
2010-07-04 16:30:22 1908 ----a-w- c:\windows\diagerr.xml
2010-07-03 15:50:59 0 d-----w- c:\program files (x86)\Avidemux 2.5
2010-07-03 15:21:09 0 d-----w- c:\users\will\appdata\roaming\Mutant Arcade
2010-06-30 11:19:31 0 d-----w- c:\program files\ATI
2010-06-30 11:18:32 0 d-----w- C:\ATI
2010-06-30 06:26:44 0 d-----w- c:\programdata\PICTUREKA! MUSEUM MAYHEM
2010-06-30 06:26:29 0 d-----w- c:\users\will\appdata\roaming\Pogo Games
2010-06-29 05:10:42 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 16:14:48 0 d-----w- c:\program files (x86)\BadgerIT
2010-06-28 03:20:00 0 d-----w- c:\program files (x86)\Compact Wireless-G USB Adapter Wireless Network Monitor
2010-06-28 03:19:59 1361 ----a-w- c:\windows\syswow64\WLAN.INI
2010-06-27 17:25:33 0 d-----w- c:\programdata\Zylom

==================== Find3M ====================

2010-07-15 03:11:11 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-10 05:01:35 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-10 05:01:35 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-10 05:01:35 145184 ----a-w- c:\windows\syswow64\java.exe
2010-06-28 20:57:12 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-06-28 20:33:00 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-23 06:49:59 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-06-23 06:49:59 29779 ----a-w- c:\windows\fonts\GlobalSerif.CompositeFont
2010-06-23 06:49:59 26489 ----a-w- c:\windows\fonts\GlobalSansSerif.CompositeFont
2010-06-23 06:49:59 26040 ----a-w- c:\windows\fonts\GlobalMonospace.CompositeFont
2010-06-08 00:21:00 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:21:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-08 00:20:58 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-08 00:20:58 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-04 00:09:53 59488 ----a-w- c:\windows\syswow64\GenSvcInst.exe
2010-06-04 00:09:53 145504 ----a-w- c:\windows\syswow64\bgsvcgen.exe
2010-06-03 01:48:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-02 11:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 11:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 11:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 11:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-31 18:46:50 333928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 18:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 18:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 18:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 18:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 18:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 18:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 18:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-25 07:56:13 393216 ------w- c:\windows\Setup1.exe
2010-05-25 07:56:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-05-25 03:33:00 108032 ----a-w- c:\windows\syswow64\ff_vfw.dll
2010-05-21 21:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-02-24 11:39:28 9025736 ----a-w- c:\program files (x86)\common files\lpuninstall.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-19 08:16:35 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-24 00:35:57 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-01-20 13:30:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\application data\microsoft\windows\history\low\history.ie5\index.dat
2010-01-20 13:30:23 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\application data\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\history\low\history.ie5\index.dat
2010-01-31 20:54:20 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010013120100201\index.dat
2010-01-17 09:08:24 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-01-17 09:08:24 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-01-20 13:30:23 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\temporary internet files\low\content.ie5\index.dat
2010-01-17 09:08:24 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\syswow64\config\systemprofile\application data\microsoft\windows\cookies\low\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\syswow64\config\systemprofile\cookies\low\index.dat
2010-01-20 13:30:23 16384 --sha-w- c:\windows\syswow64\config\systemprofile\local settings\microsoft\windows\history\low\history.ie5\index.dat
2010-01-20 13:30:23 32768 --sha-w- c:\windows\syswow64\config\systemprofile\local settings\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-03-26 11:26:20 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-03-26 11:26:20 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-03-26 11:26:20 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 6:46:19.80 ===============

Attached Files


Edited by WillyBob, 27 July 2010 - 09:03 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 05 August 2010 - 05:48 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 August 2010 - 12:24 AM

OK, thanks, here is the OTL log. It only created one file, OTL.Txt, not the "Extra" file, for some reason. Also, GER does not run on my system, as I have Windows 7 64 bit.
thanks,


OTL logfile created on: 8/5/2010 11:35:03 AM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Will\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 4100 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199.09 Gb Total Space | 90.68 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 47.32 Gb Free Space | 64.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 14.92 Gb Total Space | 7.27 Gb Free Space | 48.73% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 392.51 Gb Total Space | 172.54 Gb Free Space | 43.96% Space Free | Partition Type: NTFS
Drive W: | 298.08 Gb Total Space | 166.67 Gb Free Space | 55.92% Space Free | Partition Type: NTFS
Drive X: | 465.70 Gb Total Space | 103.30 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 413.02 Gb Free Space | 56.39% Space Free | Partition Type: NTFS
Drive Z: | 149.05 Gb Total Space | 52.66 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

Computer Name: SCHMOHAWK
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2010/07/22 15:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/16 14:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/12/16 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/09/25 11:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2009/08/22 11:25:00 | 002,781,184 | ---- | M] () -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/07 00:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/05/28 09:52:10 | 003,522,600 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Will\RunApps\SysinternalsSuite\procexp.exe
PRC - [2007/01/31 11:29:46 | 001,135,616 | ---- | M] () -- C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2010/02/14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010/02/14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009/07/20 04:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MOD - [2009/07/20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 18:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 18:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 14:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\psactive.exe -- (PASW)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/03 13:54:00 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe -- (PhenomMsrTweaker)
SRV:64bit: - [2010/04/17 03:56:30 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/12/15 22:58:56 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)
SRV:64bit: - [2009/12/15 22:58:44 | 000,007,680 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)
SRV:64bit: - [2009/12/15 22:58:14 | 000,058,880 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)
SRV:64bit: - [2009/10/29 12:46:52 | 000,190,488 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/29 03:07:46 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/24 08:21:20 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 03:18:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/17 09:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/16 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 12:47:26 | 000,122,880 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/07/12 20:55:46 | 000,090,624 | ---- | M] () [Disabled | Stopped] -- c:\Users\Will\RunApps\cnqsvc64_0_08\cnqsvc64.exe -- (CNQSvc64)
SRV - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/18 10:15:00 | 000,104,960 | ---- | M] (ArcSoft) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/01/31 11:29:46 | 001,135,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe -- (mpich2_smpd)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/08/01 13:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\psactive.exe -- (PASW)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\vcdrom.sys -- (vcdrom)
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTV371.SYS -- (PTV371)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/03 13:54:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/13 16:39:04 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2010/04/17 03:56:26 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/01/20 08:57:58 | 000,651,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/01/20 08:57:08 | 000,634,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/12/18 01:03:30 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2009/12/17 15:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/12/02 13:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/11/09 10:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/29 12:55:37 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/29 12:55:37 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/09/30 07:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/22 18:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/22 18:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/16 17:55:00 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2009/09/01 20:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/26 13:45:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/14 11:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 16:03:06 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/04 11:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/23 18:20:02 | 001,548,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/09/25 07:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/08/08 09:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/03/01 17:22:48 | 000,308,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTV371.X64.SYS -- (PTV371.X64)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/05/11 11:11:00 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/02/24 06:38:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/02/07 11:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/07/19 19:04:00 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- W:\Downloads\@OC\winflash2017\atillk64.sys -- (atillk64)
DRV - [2006/03/18 17:17:48 | 000,272,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PTV371.SYS -- (PTV371)
DRV - [2005/12/18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2003/09/06 06:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 05:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 05:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 05:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 5B 97 76 30 C3 CA 01 [binary data]
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.92.20100607
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.36
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: aging-tabs@design-noir.de:0.7.1
FF - prefs.js..extensions.enabledItems: {ca526f8b-9e0a-4756-9077-19d6f3e64ea8}:2010.06.20.02
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..keyword.URL: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/04 17:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/04 17:49:40 | 000,000,000 | ---D | M]

[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/05/26 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/08/04 04:14:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions
[2010/03/26 02:09:28 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/14 22:41:33 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/06/01 19:54:49 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/06/03 05:10:11 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010/05/25 22:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2009/11/09 04:42:13 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/05/02 11:38:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 05:52:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\add-to-searchbox@maltekraus.de
[2010/05/19 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\aging-tabs@design-noir.de
[2010/06/04 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox@red-cog.com
[2010/06/09 02:58:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox1@myibay.com
[2010/07/04 11:04:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\foxmarks@kei.com
[2010/06/20 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\ietab@ip.cn
[2010/04/06 01:16:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\isreaditlater@ideashower.com
[2010/03/23 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010/05/04 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\support@lastpass.com
[2009/11/03 03:25:42 | 000,000,722 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\-hisxpress---your-gay-video--dvd-store-.xml
[2010/06/01 02:35:13 | 000,001,546 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\falcon-studios-entertainment.xml
[2009/11/03 03:26:10 | 000,001,992 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-adult-dvd-gay-adult-vod-gay-sex-toys-gay-porn-gay-porn-d.xml
[2010/06/28 01:15:27 | 000,000,615 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-torrentsnet.xml
[2010/06/01 04:09:36 | 000,001,834 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gaytorrentru.xml
[2009/11/29 06:10:20 | 000,001,522 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\pirate-bay.xml
[2010/06/17 09:12:26 | 000,001,253 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\site-search-gay-erotic-video-index.xml
[2009/11/01 05:06:34 | 000,001,840 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\videohelpcom---forum-guides-tools-and-hardware-lists.xml
[2009/11/03 03:24:40 | 000,001,607 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\xxx-video-theater-has-hundreds-of-new-xxx-sex-movies-and-vid.xml
[2010/08/03 11:03:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/09 22:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/09 22:01:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/27 21:08:15 | 000,352,093 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.2.16 xtrreem
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [BackgroundSwitcher] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/20 04:03:20 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1258771289085 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.67.222.222 208.67.220.220 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 04:03:34 | 000,000,000 | ---D | M] - W:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 14:19:36 | 000,000,052 | RHS- | M] () - W:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell\AutoRun\command - "" = E:\Main\autorun\Autorun.exe -- File not found
O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ncd.exe -- File not found
O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell - "" = AutoRun
O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell\AutoRun\command - "" = F:\AutoRunLauncher.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 11:32:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/08/04 17:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/04 17:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/04 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\foobar2000
[2010/08/04 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010/08/02 07:07:26 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\ERS Game Studios
[2010/08/01 14:27:15 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Sun
[2010/07/30 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2010/07/30 03:57:52 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vast Studios
[2010/07/30 03:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010/07/30 02:50:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\HD Tune Pro
[2010/07/27 17:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2010/07/27 05:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010/07/26 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconViewer
[2010/07/26 12:13:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Blender Foundation
[2010/07/26 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TheLostKingdomProphecy
[2010/07/25 00:15:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Odian Games
[2010/07/24 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Total Eclipse
[2010/07/24 21:14:53 | 000,000,000 | ---D | C] -- Q:\Documents\Jade Rousseau S01E01
[2010/07/20 03:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simajo The Travel Móstery Game
[2010/07/18 15:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2010/07/18 05:00:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vogat Interactive
[2010/07/18 04:46:56 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\DigirononGames
[2010/07/13 21:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010/07/13 19:47:50 | 000,033,280 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\HUFFYUV.DLL
[2010/07/13 19:47:50 | 000,000,000 | ---D | C] -- C:\huffyuv-2.1.1
[2010/07/13 19:40:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/13 19:21:31 | 000,756,736 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\LameACM.acm
[2010/07/13 19:21:31 | 000,000,000 | ---D | C] -- C:\lame
[2010/07/13 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPEG Recorder
[2010/07/13 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DScaler
[2010/07/13 18:56:03 | 000,000,000 | ---D | C] -- Q:\Documents\VidToDisc version 1.2
[2010/07/13 18:55:40 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\VidToDiscNamespace
[2010/07/13 18:55:24 | 000,000,000 | ---D | C] -- Q:\Documents\Vid2Disc version 1.2
[2010/07/13 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VidToDisc Version 1.2
[2010/07/12 23:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@home
[2010/07/12 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/12 21:40:22 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/07/12 21:40:22 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/12 21:40:22 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/12 21:40:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/07/12 21:40:21 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/07/12 21:40:21 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/07/12 21:40:21 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010/07/12 21:40:21 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010/07/12 21:40:21 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/07/12 21:40:21 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/07/12 21:40:20 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/07/12 21:40:20 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/07/12 21:40:20 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/07/12 21:40:20 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/07/12 21:40:20 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/07/12 21:40:19 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/07/12 21:40:19 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/07/12 21:40:19 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/07/12 21:40:19 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/07/12 21:40:17 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/07/12 21:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secret Of Monkey Island SE
[2010/07/12 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\UHS Reader
[2010/07/12 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UHS
[2010/07/12 01:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2010/07/11 10:38:55 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/07/11 03:48:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\nHancer
[2010/07/11 03:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2010/07/11 03:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/07/10 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\KranX Productions
[2010/07/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
[2010/07/09 22:40:48 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/07/09 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/07/09 22:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/09 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/09 22:01:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/09 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/09 19:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale
[2010/07/08 21:47:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/08 21:47:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/08 21:47:07 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/08 21:47:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/08 21:47:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/08 21:47:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/08 21:47:05 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/08 21:47:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/08 21:47:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/08 21:47:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/08 21:47:04 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/08 21:47:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/08 21:47:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/08 21:47:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/08 21:46:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/08 21:46:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/08 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\LucasArts
[2010/07/08 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2010/07/08 06:16:05 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Mariaglorum
[2010/07/08 04:34:41 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\dcunningham.net
[2010/07/08 04:34:35 | 000,000,000 | ---D | C] -- Q:\Documents\EncodeHD Log Files
[2010/07/08 04:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\enchd_1.2.209.0
[2010/07/07 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Pi Eye Games
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/05 11:36:56 | 013,107,200 | -HS- | M] () -- C:\Users\Will\ntuser.dat
[2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/05 10:16:41 | 000,006,108 | ---- | M] () -- C:\Windows\mozy.blk
[2010/08/05 10:16:41 | 000,002,536 | ---- | M] () -- C:\Windows\mozy.flt
[2010/08/05 09:38:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/05 03:34:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/04 22:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/04 21:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/04 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/04 13:54:29 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 09:47:22 | 000,002,378 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/08/04 04:32:20 | 000,000,912 | ---- | M] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:31:09 | 140,467,400 | ---- | M] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:13:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/04 04:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/04 04:13:27 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 04:08:01 | 002,070,204 | -H-- | M] () -- C:\Users\Will\AppData\Local\IconCache.db
[2010/08/03 22:54:24 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/08/03 22:54:24 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/08/03 22:54:23 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/08/03 22:54:23 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/08/02 06:13:42 | 000,002,310 | ---- | M] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 15:48:32 | 000,000,581 | ---- | M] () -- C:\Users\Will\SciTE.session
[2010/07/30 03:09:48 | 000,002,266 | ---- | M] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | M] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/29 18:29:40 | 000,000,077 | ---- | M] () -- C:\Windows\huffyuv.ini
[2010/07/29 06:58:08 | 000,218,112 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 09:37:19 | 000,000,452 | ---- | M] () -- C:\Windows\asfbinapp.INI
[2010/07/28 04:25:13 | 000,007,656 | ---- | M] () -- C:\Users\Will\AppData\Local\resmon.resmoncfg
[2010/07/27 21:26:09 | 000,001,385 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\GPU-Z.lnk
[2010/07/27 17:10:03 | 000,000,448 | RHS- | M] () -- C:\Users\Will\ntuser.pol
[2010/07/27 06:48:08 | 000,004,231 | ---- | M] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:44:07 | 000,284,915 | ---- | M] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:21 | 000,525,824 | ---- | M] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 06:16:26 | 000,050,415 | ---- | M] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | M] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | M] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | M] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | M] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/13 19:05:41 | 000,002,759 | ---- | M] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 11:20:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/07/13 00:30:59 | 000,001,810 | ---- | M] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/11 12:53:18 | 000,000,064 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2010/07/11 10:36:47 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/07/09 22:56:05 | 000,002,261 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | M] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/07/09 22:01:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/09 22:01:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/09 22:01:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/09 22:01:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/08 10:26:26 | 000,001,268 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/08 06:15:59 | 000,002,184 | ---- | M] () -- C:\Users\Will\Desktop\Kate Arrow Deserted Wood.lnk
[2010/07/07 18:20:14 | 000,002,332 | ---- | M] () -- C:\Users\Will\Desktop\Memorabilia Mias Mysterious Memory Machine .lnk
[2010/07/07 10:45:32 | 000,524,288 | -HS- | M] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 10:45:32 | 000,524,288 | -HS- | M] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 10:45:32 | 000,065,536 | -HS- | M] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TM.blf
[2010/07/07 07:52:59 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/07/07 07:52:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/04 13:54:29 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 04:32:20 | 000,000,912 | ---- | C] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:24:15 | 140,467,400 | ---- | C] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/02 06:13:42 | 000,002,310 | ---- | C] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 03:09:48 | 000,002,266 | ---- | C] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | C] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/27 06:48:08 | 000,004,231 | ---- | C] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:43:56 | 000,284,915 | ---- | C] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:07 | 000,525,824 | ---- | C] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 02:38:13 | 000,050,415 | ---- | C] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | C] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | C] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | C] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/13 19:50:26 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/07/13 19:21:31 | 000,000,401 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/07/13 19:05:41 | 000,002,759 | ---- | C] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 00:30:27 | 000,001,810 | ---- | C] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/09 22:56:05 | 000,002,261 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | C] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/07/08 06:15:59 | 000,002,184 | ---- | C] () -- C:\Users\Will\Desktop\Kate Arrow Deserted Wood.lnk
[2010/07/07 18:20:14 | 000,002,332 | ---- | C] () -- C:\Users\Will\Desktop\Memorabilia Mias Mysterious Memory Machine .lnk
[2010/07/07 12:07:51 | 000,001,744 | ---- | C] () -- C:\ProgramData\__wdump.txt
[2010/07/07 07:48:48 | 000,524,288 | -HS- | C] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000002.regtrans-ms
[2010/07/07 07:48:48 | 000,524,288 | -HS- | C] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 07:48:48 | 000,065,536 | -HS- | C] () -- C:\Users\Will\ntuser.dat{a83db95e-89d6-11df-8018-00241d1f8839}.TM.blf
[2010/06/27 20:19:59 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/06/17 14:14:22 | 000,000,000 | ---- | C] () -- C:\Windows\exctrlst.INI
[2010/05/25 23:36:56 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010/05/22 16:16:22 | 000,002,378 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsext.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsent.ini
[2010/04/18 06:30:07 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/04/09 00:45:57 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll
[2010/04/09 00:45:57 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll
[2010/04/09 00:45:57 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll
[2010/04/09 00:45:57 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll
[2010/04/08 01:46:11 | 000,272,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\PTV371.SYS
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 06:08:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/03/29 06:08:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/02/12 00:26:16 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/02/12 00:26:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nvTextureToolsUtil.dll
[2010/02/12 00:26:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2010/01/15 05:16:19 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/01/13 17:11:22 | 000,001,339 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2010/01/13 17:11:22 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/12/29 10:12:09 | 000,516,324 | ---- | C] () -- C:\Windows\SysWow64\pschmdrf.dll
[2009/12/06 22:09:02 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2009/11/30 02:28:14 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/11/20 16:09:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2009/11/20 16:09:11 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2009/11/20 16:09:11 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2009/11/12 04:30:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/11/05 06:16:47 | 000,000,084 | ---- | C] () -- C:\Windows\Muxman.ini
[2009/11/02 19:26:37 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/11/02 19:07:17 | 000,000,207 | ---- | C] () -- C:\Windows\SysWow64\FldrWatch.ini
[2009/11/02 03:07:02 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2009/11/01 15:57:54 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/30 02:41:27 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/30 02:41:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 16:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/10/29 12:55:55 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/29 12:55:55 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/29 12:55:54 | 000,762,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/29 12:55:52 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\DCLibrary_nat.dll
[2009/10/29 12:54:57 | 000,000,452 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 20:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/13 15:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 14:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 14:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000080.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4239238F
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:7624E8B8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:87B05421
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:75DBEC56
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:560DC731
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B9195993
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3313A48D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9AF9C79E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F437A62A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261FEAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DA9A5EA8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9B9B0020
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81523426
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:64648EF8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:452C4003
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AA26F6A1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5D59B736
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D853F961
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9DFBC62D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 07 August 2010 - 05:45 AM

Hello, please let me know how things are after the following fix.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O32 - AutoRun File - [2008/11/05 14:19:36 | 000,000,052 | RHS- | M] () - W:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell - "" = AutoRun
    O33 - MountPoints2\{6131f5a5-c5f6-11de-852b-005056c00008}\Shell\AutoRun\command - "" = E:\Main\autorun\Autorun.exe -- File not found
    O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{7ff118c7-c4bc-11de-b8a0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ncd.exe -- File not found
    O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell - "" = AutoRun
    O33 - MountPoints2\{daba8d9d-ea2d-11de-9431-005056c00001}\Shell\AutoRun\command - "" = F:\AutoRunLauncher.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 August 2010 - 08:22 AM

I ran OTL with the code recommended, and after a long time (>5 minutes) Windows notified me that OTL had crashed, then it said it had applied compatibility settings and to try running the program again, then the OTL log opened, and this was the contents. I wasn't sure if I should run it again with the same code, or what I should do next.

Thank you,

Log from OTL:

Files\Folders moved on Reboot...
File\Folder C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WCR6DT3\mixplayM[1].png not found!

Registry entries deleted on Reboot...


--Thanks,



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 07 August 2010 - 08:29 AM

Could you please post a new OTL report? I need to verify the proxy settings are indeed altered, because the log doesn't show it fixed them.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 August 2010 - 08:44 AM

Sure, here is the log from running it just now:


OTL logfile created on: 8/7/2010 6:37:01 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Will\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): c:\pagefile.sys 4100 4100 [binary data]
f
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 199.09 Gb Total Space | 90.99 Gb Free Space | 45.70% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 47.28 Gb Free Space | 64.55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 14.92 Gb Total Space | 7.27 Gb Free Space | 48.73% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Q: | 392.51 Gb Total Space | 172.54 Gb Free Space | 43.96% Space Free | Partition Type: NTFS
Drive W: | 298.08 Gb Total Space | 166.17 Gb Free Space | 55.75% Space Free | Partition Type: NTFS
Drive X: | 465.70 Gb Total Space | 103.30 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive Y: | 732.42 Gb Total Space | 413.02 Gb Free Space | 56.39% Space Free | Partition Type: NTFS
Drive Z: | 149.05 Gb Total Space | 52.65 Gb Free Space | 35.32% Space Free | Partition Type: NTFS

Computer Name: SCHMOHAWK
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2010/07/22 15:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/16 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/08/28 23:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2007/01/31 11:29:46 | 001,135,616 | ---- | M] () -- C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\psactive.exe -- (PASW)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/03 13:54:00 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe -- (PhenomMsrTweaker)
SRV:64bit: - [2010/04/17 03:56:30 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/12/15 22:58:56 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)
SRV:64bit: - [2009/12/15 22:58:44 | 000,007,680 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)
SRV:64bit: - [2009/12/15 22:58:14 | 000,058,880 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)
SRV:64bit: - [2009/10/29 12:46:52 | 000,190,488 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/29 03:07:46 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/24 08:21:20 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 03:18:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/17 09:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/16 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 12:47:26 | 000,122,880 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/07/12 20:55:46 | 000,090,624 | ---- | M] () [Disabled | Stopped] -- c:\Users\Will\RunApps\cnqsvc64_0_08\cnqsvc64.exe -- (CNQSvc64)
SRV - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/18 10:15:00 | 000,104,960 | ---- | M] (ArcSoft) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/01/31 11:29:46 | 001,135,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe -- (mpich2_smpd)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/08/01 13:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\psactive.exe -- (PASW)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\vcdrom.sys -- (vcdrom)
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTV371.SYS -- (PTV371)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/03 13:54:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/13 16:39:04 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2010/04/17 03:56:26 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/01/20 08:57:58 | 000,651,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/01/20 08:57:08 | 000,634,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/12/18 01:03:30 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2009/12/17 15:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/12/02 13:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/11/09 10:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/29 12:55:37 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/29 12:55:37 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/09/30 07:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/22 18:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/22 18:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/16 17:55:00 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2009/09/01 20:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/26 13:45:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/14 11:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 16:03:06 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/04 11:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/23 18:20:02 | 001,548,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/09/25 07:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/08/08 09:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/03/01 17:22:48 | 000,308,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTV371.X64.SYS -- (PTV371.X64)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/05/11 11:11:00 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/02/24 06:38:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/02/07 11:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/07/19 19:04:00 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- W:\Downloads\@OC\winflash2017\atillk64.sys -- (atillk64)
DRV - [2006/03/18 17:17:48 | 000,272,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PTV371.SYS -- (PTV371)
DRV - [2005/12/18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2003/09/06 06:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 05:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 05:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 05:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 5B 97 76 30 C3 CA 01 [binary data]
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 33 37 6E E3 63 CA 01 [binary data]
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.92.20100607
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.36
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: aging-tabs@design-noir.de:0.7.1
FF - prefs.js..extensions.enabledItems: {ca526f8b-9e0a-4756-9077-19d6f3e64ea8}:2010.06.20.02
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..keyword.URL: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/04 17:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/04 17:49:40 | 000,000,000 | ---D | M]

[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/05/26 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/08/04 04:14:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions
[2010/03/26 02:09:28 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/14 22:41:33 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/06/01 19:54:49 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/06/03 05:10:11 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010/05/25 22:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2009/11/09 04:42:13 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/05/02 11:38:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 05:52:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\add-to-searchbox@maltekraus.de
[2010/05/19 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\aging-tabs@design-noir.de
[2010/06/04 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox@red-cog.com
[2010/06/09 02:58:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox1@myibay.com
[2010/07/04 11:04:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\foxmarks@kei.com
[2010/06/20 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\ietab@ip.cn
[2010/04/06 01:16:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\isreaditlater@ideashower.com
[2010/03/23 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010/05/04 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\support@lastpass.com
[2009/11/03 03:25:42 | 000,000,722 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\-hisxpress---your-gay-video--dvd-store-.xml
[2010/06/01 02:35:13 | 000,001,546 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\falcon-studios-entertainment.xml
[2009/11/03 03:26:10 | 000,001,992 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-adult-dvd-gay-adult-vod-gay-sex-toys-gay-porn-gay-porn-d.xml
[2010/06/28 01:15:27 | 000,000,615 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-torrentsnet.xml
[2010/06/01 04:09:36 | 000,001,834 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gaytorrentru.xml
[2009/11/29 06:10:20 | 000,001,522 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\pirate-bay.xml
[2010/06/17 09:12:26 | 000,001,253 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\site-search-gay-erotic-video-index.xml
[2009/11/01 05:06:34 | 000,001,840 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\videohelpcom---forum-guides-tools-and-hardware-lists.xml
[2009/11/03 03:24:40 | 000,001,607 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\xxx-video-theater-has-hundreds-of-new-xxx-sex-movies-and-vid.xml
[2010/08/06 22:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/09 22:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 22:36:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/27 21:08:15 | 000,352,093 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.2.16 xtrreem
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [BackgroundSwitcher] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [BackgroundSwitcher] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [DEMCiflex Filters] C:\Program Files (x86)\DEMCiflex\DEMCi.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [FahSpy] C:\Users\Will\RunApps\fahspy150\FahSpy.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [HFM.NET] C:\Program Files (x86)\HFM.NET\HFM.exe (harlam357)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/20 04:03:20 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1258771289085 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.67.222.222 208.67.220.220 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005 Winlogon: Shell - (C:\Windows\eHome\McrMgr.exe) - C:\Windows\ehome\McrMgr.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 04:03:34 | 000,000,000 | ---D | M] - W:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 06:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/06 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/06 22:36:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/06 22:36:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/06 22:36:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/06 21:44:58 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Enlightenus2_BFG
[2010/08/05 11:32:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/08/04 17:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/04 17:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/04 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\foobar2000
[2010/08/04 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010/08/02 07:07:26 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\ERS Game Studios
[2010/08/01 14:27:15 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Sun
[2010/07/30 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2010/07/30 03:57:52 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vast Studios
[2010/07/30 03:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010/07/30 02:50:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\HD Tune Pro
[2010/07/27 17:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2010/07/27 05:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010/07/26 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconViewer
[2010/07/26 12:13:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Blender Foundation
[2010/07/26 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TheLostKingdomProphecy
[2010/07/25 00:15:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Odian Games
[2010/07/24 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Total Eclipse
[2010/07/24 21:14:53 | 000,000,000 | ---D | C] -- Q:\Documents\Jade Rousseau S01E01
[2010/07/20 03:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simajo The Travel Móstery Game
[2010/07/18 15:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2010/07/18 05:00:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vogat Interactive
[2010/07/18 04:46:56 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\DigirononGames
[2010/07/13 21:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010/07/13 19:47:50 | 000,033,280 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\HUFFYUV.DLL
[2010/07/13 19:47:50 | 000,000,000 | ---D | C] -- C:\huffyuv-2.1.1
[2010/07/13 19:40:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/13 19:21:31 | 000,756,736 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\LameACM.acm
[2010/07/13 19:21:31 | 000,000,000 | ---D | C] -- C:\lame
[2010/07/13 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPEG Recorder
[2010/07/13 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DScaler
[2010/07/13 18:56:03 | 000,000,000 | ---D | C] -- Q:\Documents\VidToDisc version 1.2
[2010/07/13 18:55:40 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\VidToDiscNamespace
[2010/07/13 18:55:24 | 000,000,000 | ---D | C] -- Q:\Documents\Vid2Disc version 1.2
[2010/07/13 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VidToDisc Version 1.2
[2010/07/12 23:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@home
[2010/07/12 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/12 21:40:22 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/07/12 21:40:22 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/12 21:40:22 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/12 21:40:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/07/12 21:40:21 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/07/12 21:40:21 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/07/12 21:40:21 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010/07/12 21:40:21 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010/07/12 21:40:21 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/07/12 21:40:21 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/07/12 21:40:20 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/07/12 21:40:20 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/07/12 21:40:20 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/07/12 21:40:20 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/07/12 21:40:20 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/07/12 21:40:19 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/07/12 21:40:19 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/07/12 21:40:19 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/07/12 21:40:19 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/07/12 21:40:17 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/07/12 21:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secret Of Monkey Island SE
[2010/07/12 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\UHS Reader
[2010/07/12 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UHS
[2010/07/12 01:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2010/07/11 10:38:55 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/07/11 03:48:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\nHancer
[2010/07/11 03:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2010/07/11 03:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/07/10 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\KranX Productions
[2010/07/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
[2010/07/09 22:40:48 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/07/09 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/07/09 22:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/09 22:01:40 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/09 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/09 19:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale
[2010/07/08 21:47:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/08 21:47:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/08 21:47:07 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/08 21:47:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/08 21:47:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/08 21:47:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/08 21:47:05 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/08 21:47:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/08 21:47:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/08 21:47:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/08 21:47:04 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/08 21:47:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/08 21:47:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/08 21:47:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/08 21:46:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/08 21:46:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/08 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\LucasArts
[2010/07/08 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 06:40:27 | 013,107,200 | -HS- | M] () -- C:\Users\Will\ntuser.dat
[2010/08/07 03:34:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/07 01:22:01 | 000,006,108 | ---- | M] () -- C:\Windows\mozy.blk
[2010/08/07 01:22:01 | 000,002,536 | ---- | M] () -- C:\Windows\mozy.flt
[2010/08/06 21:44:22 | 000,002,539 | ---- | M] () -- C:\Users\Will\Desktop\Enlightenus 2 The Timeless Tower CE.lnk
[2010/08/06 21:43:35 | 000,002,517 | ---- | M] () -- C:\Users\Will\Desktop\Samantha Swift and the Fountains of Fate.lnk
[2010/08/06 21:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/06 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/06 09:38:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/04 22:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/04 13:54:29 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 09:47:22 | 000,002,378 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/08/04 04:32:20 | 000,000,912 | ---- | M] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:31:09 | 140,467,400 | ---- | M] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:13:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/04 04:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/04 04:13:27 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 04:08:01 | 002,070,204 | -H-- | M] () -- C:\Users\Will\AppData\Local\IconCache.db
[2010/08/03 22:54:24 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/08/03 22:54:24 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/08/03 22:54:23 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/08/03 22:54:23 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/08/02 06:13:42 | 000,002,310 | ---- | M] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 15:48:32 | 000,000,581 | ---- | M] () -- C:\Users\Will\SciTE.session
[2010/07/30 03:09:48 | 000,002,266 | ---- | M] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | M] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/29 18:29:40 | 000,000,077 | ---- | M] () -- C:\Windows\huffyuv.ini
[2010/07/29 06:58:08 | 000,218,112 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 09:37:19 | 000,000,452 | ---- | M] () -- C:\Windows\asfbinapp.INI
[2010/07/28 04:25:13 | 000,007,656 | ---- | M] () -- C:\Users\Will\AppData\Local\resmon.resmoncfg
[2010/07/27 21:26:09 | 000,001,385 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\GPU-Z.lnk
[2010/07/27 17:10:03 | 000,000,448 | RHS- | M] () -- C:\Users\Will\ntuser.pol
[2010/07/27 06:48:08 | 000,004,231 | ---- | M] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:44:07 | 000,284,915 | ---- | M] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:21 | 000,525,824 | ---- | M] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 06:16:26 | 000,050,415 | ---- | M] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | M] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | M] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | M] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | M] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/13 19:05:41 | 000,002,759 | ---- | M] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 11:20:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/07/13 00:30:59 | 000,001,810 | ---- | M] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/11 12:53:18 | 000,000,064 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2010/07/11 10:36:47 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/07/09 22:56:05 | 000,002,261 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | M] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/07/08 10:26:26 | 000,001,268 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 21:44:22 | 000,002,539 | ---- | C] () -- C:\Users\Will\Desktop\Enlightenus 2 The Timeless Tower CE.lnk
[2010/08/06 21:43:35 | 000,002,517 | ---- | C] () -- C:\Users\Will\Desktop\Samantha Swift and the Fountains of Fate.lnk
[2010/08/04 13:54:29 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 04:32:20 | 000,000,912 | ---- | C] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:24:15 | 140,467,400 | ---- | C] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/02 06:13:42 | 000,002,310 | ---- | C] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 03:09:48 | 000,002,266 | ---- | C] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | C] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/27 06:48:08 | 000,004,231 | ---- | C] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:43:56 | 000,284,915 | ---- | C] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:07 | 000,525,824 | ---- | C] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 02:38:13 | 000,050,415 | ---- | C] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | C] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | C] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | C] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/13 19:50:26 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/07/13 19:21:31 | 000,000,401 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/07/13 19:05:41 | 000,002,759 | ---- | C] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 00:30:27 | 000,001,810 | ---- | C] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/09 22:56:05 | 000,002,261 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | C] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/27 20:19:59 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/06/17 14:14:22 | 000,000,000 | ---- | C] () -- C:\Windows\exctrlst.INI
[2010/05/25 23:36:56 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010/05/22 16:16:22 | 000,002,378 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsext.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsent.ini
[2010/04/18 06:30:07 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/04/09 00:45:57 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll
[2010/04/09 00:45:57 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll
[2010/04/09 00:45:57 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll
[2010/04/09 00:45:57 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll
[2010/04/08 01:46:11 | 000,272,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\PTV371.SYS
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 06:08:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/03/29 06:08:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/02/12 00:26:16 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/02/12 00:26:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nvTextureToolsUtil.dll
[2010/02/12 00:26:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2010/01/15 05:16:19 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/01/13 17:11:22 | 000,001,339 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2010/01/13 17:11:22 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/12/29 10:12:09 | 000,516,324 | ---- | C] () -- C:\Windows\SysWow64\pschmdrf.dll
[2009/12/06 22:09:02 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2009/11/30 02:28:14 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/11/20 16:09:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2009/11/20 16:09:11 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2009/11/20 16:09:11 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2009/11/12 04:30:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/11/05 06:16:47 | 000,000,084 | ---- | C] () -- C:\Windows\Muxman.ini
[2009/11/02 19:26:37 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/11/02 19:07:17 | 000,000,207 | ---- | C] () -- C:\Windows\SysWow64\FldrWatch.ini
[2009/11/02 03:07:02 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2009/11/01 15:57:54 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/30 02:41:27 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/30 02:41:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 16:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/10/29 12:55:55 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/29 12:55:55 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/29 12:55:54 | 000,762,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/29 12:55:52 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\DCLibrary_nat.dll
[2009/10/29 12:54:57 | 000,000,452 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 20:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/13 15:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 14:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 14:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000080.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4239238F
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:7624E8B8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:87B05421
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:75DBEC56
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:560DC731
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B9195993
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3313A48D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9AF9C79E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F437A62A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261FEAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DA9A5EA8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9B9B0020
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A296A63F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81523426
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:64648EF8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:452C4003
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AA26F6A1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5D59B736
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D853F961
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9DFBC62D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD
< End of report >
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\psactive.exe -- (PASW)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/03 13:54:00 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe -- (PhenomMsrTweaker)
SRV:64bit: - [2010/04/17 03:56:30 | 000,094,440 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/12/15 22:58:56 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)
SRV:64bit: - [2009/12/15 22:58:44 | 000,007,680 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)
SRV:64bit: - [2009/12/15 22:58:14 | 000,058,880 | ---- | M] (Sörnt Poppe) [Disabled | Stopped] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)
SRV:64bit: - [2009/10/29 12:46:52 | 000,190,488 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/29 03:07:46 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/24 08:21:20 | 000,009,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe -- (TunerFreeMCEService)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 03:18:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/12/17 09:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/16 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 12:47:26 | 000,122,880 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/07/12 20:55:46 | 000,090,624 | ---- | M] () [Disabled | Stopped] -- c:\Users\Will\RunApps\cnqsvc64_0_08\cnqsvc64.exe -- (CNQSvc64)
SRV - [2009/01/07 00:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/18 10:15:00 | 000,104,960 | ---- | M] (ArcSoft) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/01/31 11:29:46 | 001,135,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\smpd.exe -- (mpich2_smpd)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/08/01 13:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\psactive.exe -- (PASW)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\vcdrom.sys -- (vcdrom)
DRV:64bit: - File not found [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTV371.SYS -- (PTV371)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/03 13:54:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\PhenomMsrTweaker\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/13 16:39:04 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2010/04/17 03:56:26 | 000,134,760 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/01/20 08:57:58 | 000,651,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/01/20 08:57:08 | 000,634,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/12/18 01:03:30 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2009/12/17 15:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/12/02 13:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/11/09 10:12:42 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/10/29 12:55:37 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/29 12:55:37 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/29 12:55:37 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/09/30 07:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/22 18:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 18:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 18:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 18:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/22 18:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/16 17:55:00 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2009/09/01 20:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/26 13:45:10 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009/07/14 11:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 16:03:06 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/04 11:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/23 18:20:02 | 001,548,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/09/25 07:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2007/08/31 14:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007/08/08 09:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/03/01 17:22:48 | 000,308,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTV371.X64.SYS -- (PTV371.X64)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/05/11 11:11:00 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/02/24 06:38:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/10/12 15:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/08/26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/02/07 11:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006/07/19 19:04:00 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- W:\Downloads\@OC\winflash2017\atillk64.sys -- (atillk64)
DRV - [2006/03/18 17:17:48 | 000,272,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PTV371.SYS -- (PTV371)
DRV - [2005/12/18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2003/09/06 06:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 05:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 05:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 05:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 5B 97 76 30 C3 CA 01 [binary data]
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 33 37 6E E3 63 CA 01 [binary data]
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.92.20100607
FF - prefs.js..extensions.enabledItems: {CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}:1.9.36
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.7.8
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: aging-tabs@design-noir.de:0.7.1
FF - prefs.js..extensions.enabledItems: {ca526f8b-9e0a-4756-9077-19d6f3e64ea8}:2010.06.20.02
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.6
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..keyword.URL: "http://www.google.com/search?source=ig&hl=en&rlz=&=&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/04 17:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/04 17:49:40 | 000,000,000 | ---D | M]

[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/05/26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/05/26 15:23:31 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2010/08/04 04:14:06 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions
[2010/03/26 02:09:28 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/14 22:41:33 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/06/01 19:54:49 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/06/03 05:10:11 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010/05/25 22:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/26 16:44:39 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2009/11/09 04:42:13 | 000,000,000 | ---D | M] (dragdropupload) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{CB56AAF9-68C8-41bd-8E5C-7B53232CF7B9}
[2010/05/02 11:38:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 05:52:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 19:12:09 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\add-to-searchbox@maltekraus.de
[2010/05/19 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\aging-tabs@design-noir.de
[2010/06/04 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox@red-cog.com
[2010/06/09 02:58:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\firefox1@myibay.com
[2010/07/04 11:04:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\foxmarks@kei.com
[2010/06/20 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\ietab@ip.cn
[2010/04/06 01:16:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\isreaditlater@ideashower.com
[2010/03/23 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010/05/04 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\extensions\support@lastpass.com
[2009/11/03 03:25:42 | 000,000,722 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\-hisxpress---your-gay-video--dvd-store-.xml
[2010/06/01 02:35:13 | 000,001,546 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\falcon-studios-entertainment.xml
[2009/11/03 03:26:10 | 000,001,992 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-adult-dvd-gay-adult-vod-gay-sex-toys-gay-porn-gay-porn-d.xml
[2010/06/28 01:15:27 | 000,000,615 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gay-torrentsnet.xml
[2010/06/01 04:09:36 | 000,001,834 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\gaytorrentru.xml
[2009/11/29 06:10:20 | 000,001,522 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\pirate-bay.xml
[2010/06/17 09:12:26 | 000,001,253 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\site-search-gay-erotic-video-index.xml
[2009/11/01 05:06:34 | 000,001,840 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\videohelpcom---forum-guides-tools-and-hardware-lists.xml
[2009/11/03 03:24:40 | 000,001,607 | ---- | M] () -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\1v9papwg.default\searchplugins\xxx-video-theater-has-hundreds-of-new-xxx-sex-movies-and-vid.xml
[2010/08/06 22:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/09 22:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 22:36:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/27 21:08:15 | 000,352,093 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.2.16 xtrreem
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12066 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [BackgroundSwitcher] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [BackgroundSwitcher] C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [DEMCiflex Filters] C:\Program Files (x86)\DEMCiflex\DEMCi.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [FahSpy] C:\Users\Will\RunApps\fahspy150\FahSpy.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [HFM.NET] C:\Program Files (x86)\HFM.NET\HFM.exe (harlam357)
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Mcx1-SCHMOHAWK.SCHMOHAWK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/02/20 04:03:20 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2713908214-556201846-4063999915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1258771289085 (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.67.222.222 208.67.220.220 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-2713908214-556201846-4063999915-1005 Winlogon: Shell - (C:\Windows\eHome\McrMgr.exe) - C:\Windows\ehome\McrMgr.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\WILL\RUNAPPS\SYSINTERNALSSUITE\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 04:03:34 | 000,000,000 | ---D | M] - W:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 06:15:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/06 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/06 22:36:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/06 22:36:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/06 22:36:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/06 21:44:58 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Enlightenus2_BFG
[2010/08/05 11:32:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/04 23:10:46 | 000,000,000 | ---D | C] -- C:\Users\Will\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/08/04 17:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/04 17:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/04 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\foobar2000
[2010/08/04 13:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2010/08/02 07:07:26 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\ERS Game Studios
[2010/08/01 14:27:15 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Sun
[2010/07/30 06:35:21 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2010/07/30 03:57:52 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vast Studios
[2010/07/30 03:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010/07/30 02:50:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\HD Tune Pro
[2010/07/27 17:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bulk Rename Utility
[2010/07/27 05:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame for Audacity
[2010/07/26 22:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconViewer
[2010/07/26 12:13:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Blender Foundation
[2010/07/26 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TheLostKingdomProphecy
[2010/07/25 00:15:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Odian Games
[2010/07/24 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Total Eclipse
[2010/07/24 21:14:53 | 000,000,000 | ---D | C] -- Q:\Documents\Jade Rousseau S01E01
[2010/07/20 03:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simajo The Travel Móstery Game
[2010/07/18 15:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2010/07/18 05:00:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Vogat Interactive
[2010/07/18 04:46:56 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\DigirononGames
[2010/07/13 21:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisiPics
[2010/07/13 19:47:50 | 000,033,280 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\HUFFYUV.DLL
[2010/07/13 19:47:50 | 000,000,000 | ---D | C] -- C:\huffyuv-2.1.1
[2010/07/13 19:40:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/13 19:21:31 | 000,756,736 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\LameACM.acm
[2010/07/13 19:21:31 | 000,000,000 | ---D | C] -- C:\lame
[2010/07/13 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPEG Recorder
[2010/07/13 18:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DScaler
[2010/07/13 18:56:03 | 000,000,000 | ---D | C] -- Q:\Documents\VidToDisc version 1.2
[2010/07/13 18:55:40 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\VidToDiscNamespace
[2010/07/13 18:55:24 | 000,000,000 | ---D | C] -- Q:\Documents\Vid2Disc version 1.2
[2010/07/13 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VidToDisc Version 1.2
[2010/07/12 23:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@home
[2010/07/12 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/12 21:40:22 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/07/12 21:40:22 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/12 21:40:22 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/12 21:40:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/07/12 21:40:21 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/07/12 21:40:21 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/07/12 21:40:21 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010/07/12 21:40:21 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010/07/12 21:40:21 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/07/12 21:40:21 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/07/12 21:40:20 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/07/12 21:40:20 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/07/12 21:40:20 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/07/12 21:40:20 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/07/12 21:40:20 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/07/12 21:40:19 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/07/12 21:40:19 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/07/12 21:40:19 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/07/12 21:40:19 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/07/12 21:40:17 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010/07/12 21:40:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/07/12 21:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secret Of Monkey Island SE
[2010/07/12 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\UHS Reader
[2010/07/12 16:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UHS
[2010/07/12 01:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2010/07/11 10:38:55 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2010/07/11 03:48:46 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\nHancer
[2010/07/11 03:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2010/07/11 03:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/07/10 01:20:09 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\KranX Productions
[2010/07/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Adventure Company
[2010/07/09 22:40:48 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010/07/09 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010/07/09 22:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/09 22:01:40 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/09 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/09 19:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale
[2010/07/08 21:47:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/07/08 21:47:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/07/08 21:47:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/07/08 21:47:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/07/08 21:47:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/07/08 21:47:07 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/07/08 21:47:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/07/08 21:47:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/07/08 21:47:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/07/08 21:47:05 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/07/08 21:47:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/07/08 21:47:05 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/07/08 21:47:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/07/08 21:47:04 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/07/08 21:47:04 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/07/08 21:47:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/07/08 21:47:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/07/08 21:47:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/07/08 21:46:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/07/08 21:46:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/07/08 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\LucasArts
[2010/07/08 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 06:42:06 | 013,107,200 | -HS- | M] () -- C:\Users\Will\ntuser.dat
[2010/08/07 03:34:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/08/07 01:22:01 | 000,006,108 | ---- | M] () -- C:\Windows\mozy.blk
[2010/08/07 01:22:01 | 000,002,536 | ---- | M] () -- C:\Windows\mozy.flt
[2010/08/06 21:44:22 | 000,002,539 | ---- | M] () -- C:\Users\Will\Desktop\Enlightenus 2 The Timeless Tower CE.lnk
[2010/08/06 21:43:35 | 000,002,517 | ---- | M] () -- C:\Users\Will\Desktop\Samantha Swift and the Fountains of Fate.lnk
[2010/08/06 21:02:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/06 15:22:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/06 09:38:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/05 11:32:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/08/04 22:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/04 13:54:29 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 09:47:22 | 000,002,378 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/08/04 04:32:20 | 000,000,912 | ---- | M] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:31:09 | 140,467,400 | ---- | M] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:22:51 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 04:13:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/04 04:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/04 04:13:27 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/04 04:08:01 | 002,070,204 | -H-- | M] () -- C:\Users\Will\AppData\Local\IconCache.db
[2010/08/03 22:54:24 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/08/03 22:54:24 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/08/03 22:54:23 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/08/03 22:54:23 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/08/02 06:13:42 | 000,002,310 | ---- | M] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 15:48:32 | 000,000,581 | ---- | M] () -- C:\Users\Will\SciTE.session
[2010/07/30 03:09:48 | 000,002,266 | ---- | M] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | M] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/29 18:29:40 | 000,000,077 | ---- | M] () -- C:\Windows\huffyuv.ini
[2010/07/29 06:58:08 | 000,218,112 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 09:37:19 | 000,000,452 | ---- | M] () -- C:\Windows\asfbinapp.INI
[2010/07/28 04:25:13 | 000,007,656 | ---- | M] () -- C:\Users\Will\AppData\Local\resmon.resmoncfg
[2010/07/27 21:26:09 | 000,001,385 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\GPU-Z.lnk
[2010/07/27 17:10:03 | 000,000,448 | RHS- | M] () -- C:\Users\Will\ntuser.pol
[2010/07/27 06:48:08 | 000,004,231 | ---- | M] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:44:07 | 000,284,915 | ---- | M] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:21 | 000,525,824 | ---- | M] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 06:16:26 | 000,050,415 | ---- | M] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | M] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | M] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | M] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | M] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/13 19:05:41 | 000,002,759 | ---- | M] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 11:20:32 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/07/13 00:30:59 | 000,001,810 | ---- | M] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/11 12:53:18 | 000,000,064 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2010/07/11 10:36:47 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/07/09 22:56:05 | 000,002,261 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | M] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/07/08 10:26:26 | 000,001,268 | ---- | M] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 21:44:22 | 000,002,539 | ---- | C] () -- C:\Users\Will\Desktop\Enlightenus 2 The Timeless Tower CE.lnk
[2010/08/06 21:43:35 | 000,002,517 | ---- | C] () -- C:\Users\Will\Desktop\Samantha Swift and the Fountains of Fate.lnk
[2010/08/04 13:54:29 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/08/04 04:32:20 | 000,000,912 | ---- | C] () -- C:\Users\Will\Desktop\ICUII.lnk
[2010/08/04 04:24:15 | 140,467,400 | ---- | C] () -- C:\Users\Will\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/08/02 06:13:42 | 000,002,310 | ---- | C] () -- C:\Users\Will\Desktop\Al Emmos Postcards from Anozira .lnk
[2010/07/30 03:09:48 | 000,002,266 | ---- | C] () -- C:\Users\Will\Desktop\Snark Busters Welcome to the Club.lnk
[2010/07/30 03:09:30 | 000,002,400 | ---- | C] () -- C:\Users\Will\Desktop\The Mysterious Case of Dr. Jekyll and Mr. Hyde.lnk
[2010/07/27 06:48:08 | 000,004,231 | ---- | C] () -- C:\Users\Will\Desktop\Attach.zip
[2010/07/27 06:43:56 | 000,284,915 | ---- | C] () -- C:\Users\Will\Desktop\gmer.zip
[2010/07/27 06:42:07 | 000,525,824 | ---- | C] () -- C:\Users\Will\Desktop\dds.scr
[2010/07/27 02:38:13 | 000,050,415 | ---- | C] () -- Q:\Documents\Gloryhole Compilation.wlmp
[2010/07/24 21:34:03 | 000,002,487 | ---- | C] () -- C:\Users\Will\Desktop\The Clockwork Man 2 The Hidden World.lnk
[2010/07/24 00:28:41 | 000,002,702 | ---- | C] () -- C:\Users\Will\Desktop\Echoes of the Past The Castle of Shadows CE.lnk
[2010/07/20 06:01:56 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2010/07/18 04:46:08 | 000,002,245 | ---- | C] () -- C:\Users\Will\Desktop\L Frank Baums The Wonderful Wizard of Oz.lnk
[2010/07/13 19:50:26 | 000,000,077 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/07/13 19:21:31 | 000,000,401 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010/07/13 19:05:41 | 000,002,759 | ---- | C] () -- C:\Windows\SysWow64\MPEG_Recorder_Settings.xml
[2010/07/13 00:30:27 | 000,001,810 | ---- | C] () -- C:\Users\Will\Desktop\Secret of Monkey Island.lnk
[2010/07/09 22:56:05 | 000,002,261 | ---- | C] () -- C:\Users\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:53:54 | 000,001,278 | ---- | C] () -- C:\Users\Will\Desktop\The Black Mirror.lnk
[2010/07/09 22:40:49 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010/06/27 20:19:59 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/06/17 14:14:22 | 000,000,000 | ---- | C] () -- C:\Windows\exctrlst.INI
[2010/05/25 23:36:56 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010/05/22 16:16:22 | 000,002,378 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsext.ini
[2010/05/13 23:49:54 | 000,000,037 | -H-- | C] () -- C:\Windows\vbmgsent.ini
[2010/04/18 06:30:07 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/04/09 00:45:57 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll
[2010/04/09 00:45:57 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll
[2010/04/09 00:45:57 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll
[2010/04/09 00:45:57 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll
[2010/04/08 01:46:11 | 000,272,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\PTV371.SYS
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/29 06:08:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/03/29 06:08:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/02/12 00:26:16 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010/02/12 00:26:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nvTextureToolsUtil.dll
[2010/02/12 00:26:00 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2010/01/15 05:16:19 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/01/13 17:11:22 | 000,001,339 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2010/01/13 17:11:22 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009/12/29 10:12:09 | 000,516,324 | ---- | C] () -- C:\Windows\SysWow64\pschmdrf.dll
[2009/12/06 22:09:02 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2009/11/30 02:28:14 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/11/20 16:09:11 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2009/11/20 16:09:11 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2009/11/20 16:09:11 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2009/11/12 04:30:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/11/05 06:16:47 | 000,000,084 | ---- | C] () -- C:\Windows\Muxman.ini
[2009/11/02 19:26:37 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/11/02 19:07:17 | 000,000,207 | ---- | C] () -- C:\Windows\SysWow64\FldrWatch.ini
[2009/11/02 03:07:02 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2009/11/01 15:57:54 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/30 02:41:27 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/30 02:41:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 16:36:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/10/29 12:55:55 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/29 12:55:55 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/29 12:55:54 | 000,762,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/29 12:55:52 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\DCLibrary_nat.dll
[2009/10/29 12:54:57 | 000,000,452 | ---- | C] () -- C:\Windows\asfbinapp.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/05 20:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/13 15:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 14:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 14:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000080.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4239238F
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:7624E8B8
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5A99DEB7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:87B05421
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:75DBEC56
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B2CB0E61
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C3A1351B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A752D3DB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:560DC731
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1170D6E4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B9085E9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B430BE3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B9195993
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3313A48D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A4F63AED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9AF9C79E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F437A62A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:261FEAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DA9A5EA8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9B9B0020
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A296A63F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81523426
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:64648EF8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:452C4003
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AA26F6A1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5D59B736
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D853F961
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9DFBC62D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A7DA2BCD

< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 07 August 2010 - 08:49 AM

Hello, seems that it did disable the proxy, but not remove it entirely.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 07 August 2010 - 10:40 AM

This time OTL only ran a second and then showed a message saying fix was complete. Here is the log:


========== OTL ==========
HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2713908214-556201846-4063999915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

OTL by OldTimer - Version 3.2.9.1 log created on 08072010_084036


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 07 August 2010 - 10:45 AM

Thats more like it. smile.gif

How are things running now?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 16 August 2010 - 06:33 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 16 August 2010 - 05:01 PM

Hello, yes, I'm still here, sorry for the delayed response. The computer seems to be running fine, though I do get the occasional lockup, I do not believe that they are related to the original problem, so thank you!



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 17 August 2010 - 01:48 AM

Can you please post me the MBAM log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 WillyBob

WillyBob
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 17 August 2010 - 07:00 PM

Yeah, here you go. I ran a full scan of all hard drives and it took almost 6 hours to run, but here are the results. Also, it does seem like the explorer shell keeps going into non-responsive mode, and I'm not sure if it's related to using Chrome, or not, but I am leaning towards thinking not. One more thing I did is deleted all the contents of my user\Appdata\Local\Temp folder, which had over 450,000 items, and had never been cleaned since I installed this OS back about a year ago, I think.

***

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4440

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/17/2010 4:50:49 PM
mbam-log-2010-08-17 (16-50-49).txt

Scan type: Full scan (C:\|D:\|G:\|Q:\|V:\|W:\|Y:\|Z:\|)
Objects scanned: 548253
Time elapsed: 5 hour(s), 53 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Sandbox\Will\DefaultBox\user\current\AppData\Local\Temp\trz2013.tmp (Trojan.Renos) -> Quarantined and deleted successfully.
C:\Sandbox\Will\DefaultBox\user\current\AppData\Local\Temp\trz658C.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Sandbox\Will\DefaultBox\user\current\AppData\Local\Temp\trzC64F.tmp (Trojan.Renos) -> Quarantined and deleted successfully.
C:\Sandbox\Will\DefaultBox\user\current\AppData\Local\Temp\Xlw.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Sandbox\Will\DefaultBox\user\current\AppData\Local\Temp\Xlx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
W:\Downloads\@OC\Passmark complete suite\PassMark SoundCheck v3.0.1001\eclsnd30.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Edited by WillyBob, 17 August 2010 - 07:00 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:53 AM

Posted 18 August 2010 - 03:39 AM

Does explorer lock up often or only on occasion?

Lets do one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users