Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Browser Redirects, TDSS?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Validator

Validator

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 August 2010 - 10:19 PM

I've just moved to WIndows 7 and have installed some of my favourite software. All fairly ordinary stuff really mostly freeeware.

In short order I'm experincing random browser redirects. Some sites I can't visit at all, I'm just redicrected from (like hobart.gamessociety.info for example). This happens in thelatest Firefox, IE and Chrome all of which I've tried and use intermittently. Which is bothersomely indicative of a system level intervention not a browser hijack.

I've googled at length and all I can find is many different reports of similar symptoms. Often they suggest a TDSS infection. Googled that and found some removers, neither of found a TDSS infection (Kaspersky and Norman TDSS removers), I'm at wit's end and facing a complete system rebuild again, this is nuts.

I cna't imagine a vector for viral infection. I've not indulged in any riky behaviours Im aware of. It's Windows 7 64 bit.

Microsft Security Essentials finds nothing.

I ran HijackThis and it recommends posting here form some feedback on the log. I see nothing suspscious in it except the last pile of DLLs that are missing. Could be because it's not set up for Win 64 bit?

Here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:56 PM, on 21/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bernd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: S10 Password Vault.lnk = C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm
O8 - Extra context menu item: Autotype - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7803 bytes

Can anyone see anything indiciative of the problem I'm experiencing there? Are there any otehr ideas? TDSS has some nasty write ups, and the web is full of posts reporting teh same sort of symptoms not a whole lot of generic solutions (as there may be a lot of different causes in the end I guess).

I'm stuck.

Cheers.

Edited by boopme, 21 August 2010 - 01:39 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 27 August 2010 - 03:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Validator

Validator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 August 2010 - 08:08 AM

Gringo,

Thanks for your suggestions. Am happy to oblige. Here's the first log:

QUOTE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/08/2010 10:18:39 PM
mbam-log-2010-08-27 (22-18-39).txt

Scan type: Quick scan
Objects scanned: 115323
Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


When I run OTL the OTL.txt result is:

QUOTE
OTL logfile created on: 27/08/2010 10:20:56 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 64.45 Gb Free Space | 64.45% Space Free | Partition Type: NTFS
Drive D: | 136.89 Gb Total Space | 41.31 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 205.99 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive F: | 279.48 Gb Total Space | 23.03 Gb Free Space | 8.24% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 106.63 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 198.09 Gb Total Space | 198.00 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 49.42 Gb Total Space | 9.48 Gb Free Space | 19.19% Space Free | Partition Type: NTFS

Computer Name: BIGFOOT
Current User Name: Validator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 08:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010/08/12 20:00:38 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/08/03 23:35:36 | 012,746,928 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/07/23 12:09:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/20 19:01:10 | 000,365,920 | ---- | M] (S10 Software) -- C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe
PRC - [2010/06/29 19:21:00 | 002,944,512 | ---- | M] (SoftPerfect Research) -- C:\Program Files (x86)\NetWorx\networx.exe
PRC - [2010/06/24 09:54:58 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/06/17 21:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/01/27 14:19:04 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/27 14:19:02 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (SafeList) ==========

MOD - [2010/08/16 08:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/22 18:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV:64bit: - [2009/07/14 11:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 11:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV:64bit: - [2009/03/30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/24 09:54:58 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/20 12:43:24 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/25 15:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/06/24 09:54:59 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/06/24 09:54:57 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2010/06/24 09:54:56 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/06/24 09:54:50 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009/12/31 20:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/12/18 08:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/05 14:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/23 11:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 11:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 11:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/10 07:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 11:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 11:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 09:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 09:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/30 03:53:56 | 000,311,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0103.sys -- (RsFx0103)
DRV:64bit: - [2007/09/26 00:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 CE DB 8D DE 43 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Jookz"
FF - prefs.js..browser.search.defaultenginename: "Jookz"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Jookz"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {F9E87066-236C-4067-A3C2-BDA51D6B6B03}:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 18:30:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 11:15:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/08/11 18:30:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/08/18 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions
[2010/08/10 17:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/18 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/08/27 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions
[2010/08/21 11:10:14 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/08/19 18:38:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/15 11:53:29 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/12 22:49:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/13 23:22:27 | 000,001,449 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\100-search-engines.xml
[2010/08/13 23:21:34 | 000,001,820 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\bing.xml
[2010/08/13 23:22:00 | 000,000,931 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\dictionary.xml
[2010/08/21 08:20:07 | 000,003,080 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\ebaycomau.xml
[2010/08/13 23:21:55 | 000,002,152 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\qrobeit.xml
[2010/08/27 08:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/12 19:10:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/22 11:09:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/26 22:44:49 | 000,000,000 | ---D | M] (TabDiscover) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA51D6B6B03}
[2010/08/22 11:09:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010/07/23 10:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 10:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 10:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/27 08:12:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jookz.xml
[2010/08/27 08:12:09 | 000,002,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jookz.xml.bak
[2010/07/23 10:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [NetWorx] C:\Program Files (x86)\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - Startup: C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk = C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe (S10 Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm ()
O8:64bit: - Extra context menu item: Autotype - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm ()
O8 - Extra context menu item: Autotype - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\Validator\APPDATA\LOCAL\TEMP\PROCEXP64.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\Validator\APPDATA\LOCAL\TEMP\PROCEXP64.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/01 16:03:43 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 13:23:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\Pavark
[2010/08/27 13:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\MultiMon
[2010/08/27 11:45:47 | 000,000,000 | ---D | C] -- C:\Symbols
[2010/08/26 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\CD Art Display
[2010/08/26 23:13:00 | 000,094,208 | ---- | C] (MediaTexX) -- C:\Windows\SysWow64\wmpuice.dll
[2010/08/26 23:13:00 | 000,069,632 | ---- | C] (CD Art Display) -- C:\Windows\cadSSaver.scr
[2010/08/26 23:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Art Display
[2010/08/26 23:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/26 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Wireshark
[2010/08/26 22:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/08/26 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010/08/26 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TabDiscover
[2010/08/26 22:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabDiscover
[2010/08/26 22:40:11 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\PhotoScape
[2010/08/26 22:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2010/08/25 22:45:07 | 000,000,000 | ---D | C] -- C:\VueScan
[2010/08/25 22:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/08/25 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\TeraCopy
[2010/08/25 18:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/08/25 18:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folder Size
[2010/08/24 18:08:48 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Malwarebytes
[2010/08/24 18:05:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 18:05:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/24 18:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 18:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 17:31:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/24 08:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\factormystic.net
[2010/08/24 08:38:58 | 001,618,432 | ---- | C] (factormystic.net) -- C:\Program Files (x86)\Default Programs Editor.exe
[2010/08/24 08:32:14 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\factormystic.net
[2010/08/23 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\PDF Writer
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\PDF Writer
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2010/08/22 13:38:45 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\AMPSoft
[2010/08/22 13:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMP Font Viewer
[2010/08/22 13:34:17 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Free&Easy Font Viewer
[2010/08/22 11:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QCad for Windows
[2010/08/22 11:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/22 11:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/22 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/08/22 11:04:01 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\EDrawings
[2010/08/21 19:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MiniCADViewer
[2010/08/21 18:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A9Tech
[2010/08/21 18:45:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/21 12:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/21 12:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/20 23:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/20 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2010/08/20 12:43:24 | 000,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk42.sys
[2010/08/20 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2010/08/20 12:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetWorx
[2010/08/20 12:38:21 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2010/08/20 12:38:21 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2010/08/20 12:38:21 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2010/08/20 12:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2010/08/20 12:38:15 | 000,214,016 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2010/08/20 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2010/08/20 12:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sysinternals
[2010/08/20 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\avidemux
[2010/08/20 12:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2010/08/20 08:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/20 08:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/20 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/08/20 07:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/18 14:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder Audio Edition x64
[2010/08/18 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Broad Intelligence
[2010/08/18 14:38:03 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Broad Intelligence
[2010/08/18 14:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/08/18 13:51:25 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Media Player Classic
[2010/08/18 13:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema (x64)
[2010/08/18 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flexible Renamer
[2010/08/18 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/08/18 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Paint.NET
[2010/08/17 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\GRETECH
[2010/08/17 23:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/08/15 11:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\S10 Software
[2010/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\S10 Software
[2010/08/15 11:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S10 Password Vault
[2010/08/15 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\ProgSense
[2010/08/15 11:22:56 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\GrabPro
[2010/08/15 11:22:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/08/15 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\OpenCandy
[2010/08/15 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2010/08/15 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Orbit
[2010/08/15 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\IrfanView
[2010/08/15 11:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/08/13 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/13 22:36:31 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\AlbumArtDownloader
[2010/08/13 22:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExplorerXP
[2010/08/13 22:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/13 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/08/13 22:23:20 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/13 22:23:20 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/13 22:23:03 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/08/12 23:23:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\assembly
[2010/08/12 20:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/12 19:12:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\skypePM
[2010/08/12 19:10:51 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Skype
[2010/08/12 19:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/12 19:09:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/12 19:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/11 22:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/08/11 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\eMule
[2010/08/11 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010/08/11 22:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/11 22:39:26 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\uTorrent
[2010/08/11 22:34:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/08/11 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2010/08/11 20:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2010/08/11 20:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2010/08/11 20:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
[2010/08/11 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/08/11 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/11 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/11 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/11 18:27:45 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Apple
[2010/08/11 18:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/11 18:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/11 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Mp3tag
[2010/08/11 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Soulseek
[2010/08/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekNS
[2010/08/10 22:00:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Microsoft Corporation
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Jujusoft
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Jujusoft
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jujusoft
[2010/08/10 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Thunderbird
[2010/08/10 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Thunderbird
[2010/08/10 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/08/10 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\AlbumArtDownloader
[2010/08/10 17:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010/08/10 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Google
[2010/08/10 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Mozilla
[2010/08/10 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Mozilla
[2010/08/10 17:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/10 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Deployment
[2010/08/10 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Apps
[2010/08/10 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicIP
[2010/08/09 12:04:07 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\MusicIP
[2010/08/09 11:54:11 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/08/09 11:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/08/09 11:50:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\OpenOffice.org
[2010/08/09 11:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/08/09 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2010/07/31 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2010/07/31 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2010/07/31 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2010/07/31 17:30:47 | 000,000,000 | ---D | C] -- D:\My Documents\Visual Studio 2010
[2010/07/31 17:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/07/31 17:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2010/07/31 17:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2010/07/31 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/07/31 17:15:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2010/07/31 17:15:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2010/07/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/31 17:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/07/31 17:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/07/31 17:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/31 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/31 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/31 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/31 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/31 17:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visual Studio 2010Templates
[2010/07/31 17:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visual Studio 2010
[2010/07/31 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2010/07/31 17:06:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/07/31 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/31 16:58:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/31 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/07/31 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/07/31 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/07/31 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Winamp
[2010/07/31 16:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/06/30 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\Validator\.VirtualBox
[2010/06/30 22:46:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/30 22:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/06/30 21:41:40 | 000,000,000 | ---D | C] -- C:\Temp
[2010/06/30 21:41:40 | 000,000,000 | ---D | C] -- C:\CanoScan_N1220U_CSUv571a
[2010/06/30 21:31:45 | 000,000,000 | ---D | C] -- C:\canonscanner
[2010/06/30 21:18:55 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Macromedia
[2010/06/30 21:18:55 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Adobe
[2010/06/30 21:18:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/06/30 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\ElevatedDiagnostics
[2010/06/30 21:02:01 | 000,000,000 | R--D | C] -- C:\Users\Validator\Virtual Machines
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2010/06/30 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2010/06/27 21:58:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/27 21:58:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/27 21:08:30 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Diagnostics
[2010/06/26 03:07:40 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2010/06/26 03:07:36 | 000,106,000 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\Packet.dll
[2010/06/26 03:07:30 | 000,369,168 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2010/06/26 03:07:26 | 000,035,344 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2010/06/26 03:07:24 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2010/06/25 21:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/06/25 21:16:45 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/06/25 21:16:45 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/06/25 21:16:45 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/06/25 21:16:45 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/06/25 21:16:45 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/06/25 21:16:45 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/06/25 21:16:45 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/06/25 21:16:45 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/06/25 21:16:45 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/06/25 21:16:45 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/06/25 21:16:45 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/06/25 21:16:45 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/06/25 21:16:44 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/06/25 21:16:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/06/25 21:16:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/25 21:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/06/25 21:09:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/06/25 15:32:34 | 000,144,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/06/25 15:32:30 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/06/24 23:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/06/24 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows AIK
[2010/06/24 23:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/24 23:37:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/06/24 23:23:37 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Microsoft Games
[2010/06/24 10:26:36 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Acronis
[2010/06/24 10:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/06/24 09:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/06/24 09:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/06/24 09:53:57 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/24 09:00:15 | 000,000,000 | ---D | C] -- D:\My Documents\MyBackups
[2010/06/24 07:54:53 | 000,000,000 | R--D | C] -- C:\Users\Validator\Searches
[2010/06/24 07:54:53 | 000,000,000 | -H-D | C] -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/24 07:54:43 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Identities
[2010/06/24 07:54:42 | 000,000,000 | R--D | C] -- C:\Users\Validator\Contacts
[2010/06/24 07:54:38 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\VirtualStore
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\AppData\Local\Temporary Internet Files
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Templates
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Start Menu
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\SendTo
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Recent
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\PrintHood
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\NetHood
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Local Settings
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\AppData\Local\History
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Cookies
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\Application Data
[2010/06/24 07:54:30 | 000,000,000 | -HSD | C] -- C:\Users\Validator\AppData\Local\Application Data
[2010/06/24 07:54:29 | 000,000,000 | --SD | C] -- C:\Users\Validator\AppData\Roaming\Microsoft
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Videos
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Saved Games
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Music
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Links
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Favorites
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Downloads
[2010/06/24 07:54:29 | 000,000,000 | R--D | C] -- C:\Users\Validator\Desktop
[2010/06/24 07:54:29 | 000,000,000 | -HSD | C] -- C:\Users\Validator\My Documents
[2010/06/24 07:54:29 | 000,000,000 | -H-D | C] -- C:\Users\Validator\AppData
[2010/06/24 07:54:29 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Temp
[2010/06/24 07:54:29 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Microsoft
[2010/06/24 07:54:29 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Media Center Programs
[2010/06/24 07:54:21 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/06/19 14:52:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/18 21:40:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/18 21:02:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/18 21:00:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/18 20:34:17 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[5 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/27 22:28:49 | 009,175,040 | -HS- | M] () -- C:\Users\Validator\NTUSER.DAT
[2010/08/27 17:32:55 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 17:32:55 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 13:16:18 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/27 13:16:18 | 000,731,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/27 13:16:18 | 000,149,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 13:09:50 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001UA.job
[2010/08/27 13:09:50 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 13:09:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001Core.job
[2010/08/27 13:09:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 13:09:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 13:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 13:09:35 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 08:08:30 | 003,267,161 | -H-- | M] () -- C:\Users\Validator\AppData\Local\IconCache.db
[2010/08/26 22:38:36 | 000,000,911 | ---- | M] () -- C:\Users\Validator\Desktop\Men's Group Time Plan.lnk
[2010/08/26 22:38:15 | 000,013,062 | ---- | M] () -- C:\Users\Validator\Desktop\men's Group Timer.lnk
[2010/08/23 17:56:08 | 000,380,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/22 14:46:37 | 000,094,592 | ---- | M] () -- C:\Users\Validator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 12:05:05 | 000,000,778 | ---- | M] () -- C:\ProgramData\qcadrc
[2010/08/22 11:03:52 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/21 12:09:56 | 000,000,036 | ---- | M] () -- C:\Users\Validator\AppData\Local\housecall.guid.cache
[2010/08/20 13:43:26 | 000,005,528 | ---- | M] () -- D:\My Documents\Password Vault.s10p
[2010/08/20 13:07:21 | 000,005,184 | ---- | M] () -- D:\My Documents\Password Vault.s10p_backup
[2010/08/20 12:43:24 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk42.sys
[2010/08/18 00:35:16 | 000,003,584 | ---- | M] () -- C:\Users\Validator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 11:53:15 | 000,001,088 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk
[2010/08/12 19:12:03 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/08/11 22:26:24 | 000,042,842 | ---- | M] () -- C:\Users\Validator\Desktop\Tmp.odt
[2010/08/11 21:46:47 | 000,001,248 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2010/08/10 18:14:10 | 000,001,175 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\JujuEdit.lnk
[2010/08/10 18:07:52 | 000,000,132 | ---- | M] () -- C:\Users\Validator\Desktop\Update WinAmp MusicIP Database.bat
[2010/08/10 17:57:38 | 000,002,042 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/08/10 17:50:15 | 000,001,976 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 11:31:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/08 21:03:50 | 022,619,136 | ---- | M] () -- C:\Users\Validator\Desktop\ValidatorsMailBox.pst
[2010/07/31 17:05:41 | 000,764,822 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/23 07:43:22 | 000,159,536 | ---- | M] () -- D:\My Documents\Validator's Sydney Return Flight.pdf
[2010/07/23 07:42:58 | 000,159,903 | ---- | M] () -- D:\My Documents\Validator's Sydney Flight.pdf
[2010/07/10 08:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 08:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 08:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/09 08:44:52 | 000,032,824 | ---- | M] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/07/09 08:44:50 | 000,120,376 | ---- | M] () -- C:\Windows\SysWow64\rrsec.dll
[2010/07/09 08:44:48 | 000,097,888 | ---- | M] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/02 14:57:01 | 001,306,624 | -H-- | M] () -- C:\SZKGFS.dat
[2010/06/26 03:07:40 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2010/06/26 03:07:36 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\Packet.dll
[2010/06/26 03:07:30 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\wpcap.dll
[2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2010/06/26 03:07:24 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2010/06/26 03:03:12 | 000,053,299 | ---- | M] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/25 15:32:34 | 000,144,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010/06/25 15:32:30 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010/06/24 08:00:54 | 000,001,450 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/24 07:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 07:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 07:56:53 | 000,065,536 | -HS- | M] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/24 07:54:30 | 000,000,020 | -HS- | M] () -- C:\Users\Validator\ntuser.ini
[2010/06/19 09:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/18 21:19:09 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/18 21:19:09 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/16 17:36:19 | 000,000,372 | ---- | M] () -- D:\My Documents\spider.sav
[2010/05/30 18:36:28 | 000,135,168 | ---- | M] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[5 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 22:38:36 | 000,000,911 | ---- | C] () -- C:\Users\Validator\Desktop\Men's Group Time Plan.lnk
[2010/08/26 22:38:15 | 000,013,062 | ---- | C] () -- C:\Users\Validator\Desktop\men's Group Timer.lnk
[2010/08/22 11:24:31 | 000,000,778 | ---- | C] () -- C:\ProgramData\qcadrc
[2010/08/22 11:03:52 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/21 12:09:56 | 000,000,036 | ---- | C] () -- C:\Users\Validator\AppData\Local\housecall.guid.cache
[2010/08/18 00:35:15 | 000,003,584 | ---- | C] () -- C:\Users\Validator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 21:29:47 | 022,619,136 | ---- | C] () -- C:\Users\Validator\Desktop\ValidatorsMailBox.pst
[2010/08/15 11:53:15 | 000,001,088 | ---- | C] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk
[2010/08/13 22:23:20 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/08/12 20:00:53 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/12 20:00:52 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 19:12:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/11 21:50:20 | 000,042,842 | ---- | C] () -- C:\Users\Validator\Desktop\Tmp.odt
[2010/08/11 21:46:47 | 000,001,248 | ---- | C] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2010/08/10 18:14:10 | 000,001,175 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\JujuEdit.lnk
[2010/08/10 18:05:54 | 000,000,132 | ---- | C] () -- C:\Users\Validator\Desktop\Update WinAmp MusicIP Database.bat
[2010/08/10 18:05:54 | 000,000,065 | ---- | C] () -- C:\Users\Validator\Desktop\Firefox Sound On.bat
[2010/08/10 18:05:54 | 000,000,064 | ---- | C] () -- C:\Users\Validator\Desktop\Firefox Sound Off.bat
[2010/08/10 17:57:38 | 000,002,042 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/08/10 17:51:31 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001UA.job
[2010/08/10 17:51:28 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001Core.job
[2010/08/10 17:50:15 | 000,001,976 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 11:31:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/09 11:52:56 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/08/09 11:52:56 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/31 17:05:38 | 000,764,822 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/23 07:43:22 | 000,159,536 | ---- | C] () -- D:\My Documents\Validator's Sydney Return Flight.pdf
[2010/07/23 07:42:58 | 000,159,903 | ---- | C] () -- D:\My Documents\Validator's Sydney Flight.pdf
[2010/07/02 14:57:01 | 001,306,624 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/01 22:39:41 | 000,005,184 | ---- | C] () -- D:\My Documents\Password Vault.s10p_backup
[2010/06/29 21:20:43 | 000,005,528 | ---- | C] () -- D:\My Documents\Password Vault.s10p
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/24 08:00:54 | 000,001,450 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/24 07:54:30 | 000,000,020 | -HS- | C] () -- C:\Users\Validator\ntuser.ini
[2010/06/24 07:54:29 | 009,175,040 | -HS- | C] () -- C:\Users\Validator\NTUSER.DAT
[2010/06/24 07:54:29 | 000,524,288 | -HS- | C] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 07:54:29 | 000,524,288 | -HS- | C] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 07:54:29 | 000,262,144 | -HS- | C] () -- C:\Users\Validator\ntuser.dat.LOG1
[2010/06/24 07:54:29 | 000,065,536 | -HS- | C] () -- C:\Users\Validator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/24 07:54:29 | 000,000,290 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/24 07:54:29 | 000,000,272 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/24 07:54:29 | 000,000,000 | -HS- | C] () -- C:\Users\Validator\ntuser.dat.LOG2
[2010/06/19 09:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/18 20:59:49 | 1609,424,896 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/16 17:36:19 | 000,000,372 | ---- | C] () -- D:\My Documents\spider.sav
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/24 10:26:36 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Acronis
[2010/08/22 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\AMPSoft
[2010/08/20 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\avidemux
[2010/08/18 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Broad Intelligence
[2010/08/26 23:17:04 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\CD Art Display
[2010/08/22 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\EDrawings
[2010/08/22 13:34:23 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Free&Easy Font Viewer
[2010/08/15 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\GrabPro
[2010/08/15 11:12:40 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\IrfanView
[2010/08/10 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Jujusoft
[2010/08/19 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mp3tag
[2010/08/10 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\MusicIP
[2010/08/15 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\OpenCandy
[2010/08/09 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\OpenOffice.org
[2010/08/25 22:28:45 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Orbit
[2010/08/22 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\PDF Writer
[2010/08/26 22:43:05 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\PhotoScape
[2010/08/15 11:34:47 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\ProgSense
[2010/08/15 11:53:11 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\S10 Software
[2010/08/27 09:03:27 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\TeraCopy
[2010/08/10 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Thunderbird
[2010/08/27 08:08:45 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\uTorrent
[2010/08/26 23:01:53 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Wireshark
[2009/07/14 15:08:49 | 000,011,730 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/27 13:09:35 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 13:09:40 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2010/07/02 14:57:01 | 001,306,624 | -H-- | M] () -- C:\SZKGFS.dat
[2010/08/21 12:47:21 | 000,063,206 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_21.08.2010_12.46.34_log.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2009/09/05 20:28:40 | 000,069,632 | ---- | M] (CD Art Display) -- C:\Windows\cadSSaver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/14 15:01:50 | 001,618,432 | ---- | M] (factormystic.net) -- C:\Program Files (x86)\Default Programs Editor.exe
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:16:12 | 000,316,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\PhotoMetadataHandler.dll
[2009/07/14 11:16:12 | 001,234,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\pidgenx.dll
[2009/07/14 11:16:12 | 000,931,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\printui.dll
[2008/10/31 10:51:58 | 001,314,816 | R--- | M] (SONY Deutschland GmbH - Stuttgart Technology Center) Unable to obtain MD5 -- C:\Windows\SysWOW64\PVSonyDll.dll
[2009/07/14 11:10:36 | 008,338,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\spwizimg.dll
[2009/07/14 11:16:15 | 000,151,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\sqlceoledb30.dll
[2009/07/14 11:16:15 | 000,309,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\sqlcese30.dll
[2009/03/30 03:24:52 | 002,555,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\sqlncli10.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 11:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 11:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 11:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /r >
Invalid Switch: r

< End of report >


And the Extras.txt file contains:

QUOTE
OTL Extras logfile created on: 27/08/2010 10:20:56 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = D:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 64.45 Gb Free Space | 64.45% Space Free | Partition Type: NTFS
Drive D: | 136.89 Gb Total Space | 41.31 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 205.99 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive F: | 279.48 Gb Total Space | 23.03 Gb Free Space | 8.24% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 106.63 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 198.09 Gb Total Space | 198.00 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 49.42 Gb Total Space | 9.48 Gb Free Space | 19.19% Space Free | Partition Type: NTFS

Computer Name: BIGFOOT
Current User Name: Validator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- "%WinDir%\NOTEPAD.EXE" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- "%WinDir%\NOTEPAD.EXE" %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "%WinDir%\NOTEPAD.EXE" %1 File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [Winamp.WinampLibrary] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\ADDML" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- "%WinDir%\NOTEPAD.EXE" %1
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.EnqueueAndPlay] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\QUEUE" "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [Winamp.WinampLibrary] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "\\ADDML" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{AB048BF4-6AD7-450B-9538-0DF2C9229840}" = Oracle VM VirtualBox 3.2.6
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Agent Ransack (64-bit)_is1" = Agent Ransack 2010 (64-bit)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195
"Default Programs Editor" = Default Programs Editor
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"MultiMon_is1" = MultiMon 2.50
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Registrar_is1" = Registrar Registry Manager 6.52
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"TeraCopy_is1" = TeraCopy 2.12
"Unlocker" = Unlocker 1.9.0-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1" = Folder Size 1.4.0.0
"{364B5FE2-F492-459C-A716-998D9E61E0C0}" = S10 Password Vault 3.3
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{8524A9E0-3D86-4360-8FEB-262D8E5C27F0}" = OpenOffice.org 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C8E104FE-D57E-4082-9524-6C3A1C8DBDD7}" = A9CAD
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 x64 Signed Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.35
"AMP Font Viewer" = AMP Font Viewer
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner
"CD Art Display_is1" = CD Art Display 2.0.1
"eMule" = eMule
"ExplorerXP" = ExplorerXP (remove only)
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IrfanView" = IrfanView (remove only)
"jujuedit" = JujuEdit 1.44
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder Audio Edition x64" = MediaCoder Audio Edition x64 0.7.5.4700
"MediaCoder x64" = MediaCoder x64 0.7.5.4720
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"MiniCADViewer" = MiniCADViewer
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Mp3tag" = Mp3tag v2.46a
"MusicIP Mixer_is1" = MusicIP Mixer 1.8.1
"NetWorx_is1" = NetWorx 5.1.2
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"QCad for Windows" = QCad for Windows 2.0.5.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Soulseek2" = SoulSeek 157 NS 13e
"TabDiscover" = TabDiscover 1.0 build 147
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VueScan" = VueScan
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.2.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/08/2010 6:14:23 PM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 25/08/2010 6:14:24 PM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 25/08/2010 6:14:24 PM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/08/2010 8:50:32 AM | Computer Name = Bigfoot | Source = Application Error | ID = 1000
Description = Faulting application name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Faulting module name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Exception code: 0xc0000005 Fault offset: 0x000040cd Faulting
process id: 0x944 Faulting application start time: 0x01cb451d42e16d47 Faulting application
path: D:\! Software\! System Tools\! Sysinternals\RootkitRevealer\RootkitRevealer.exe
Faulting
module path: D:\! Software\! System Tools\! Sysinternals\RootkitRevealer\RootkitRevealer.exe
Report
Id: 82c31887-b110-11df-8764-001a4d4c5462

Error - 26/08/2010 8:59:27 AM | Computer Name = Bigfoot | Source = Application Error | ID = 1000
Description = Faulting application name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Faulting module name: RootkitRevealer.exe, version: 1.71.0.0,
time stamp: 0x44e255aa Exception code: 0xc0000005 Fault offset: 0x000040cd Faulting
process id: 0x15b4 Faulting application start time: 0x01cb451e81e2dd4e Faulting application
path: D:\! Software\! System Tools\! Sysinternals\RootkitRevealer\RootkitRevealer.exe
Faulting
module path: D:\! Software\! System Tools\! Sysinternals\RootkitRevealer\RootkitRevealer.exe
Report
Id: c1c9438f-b111-11df-8764-001a4d4c5462

Error - 26/08/2010 8:59:33 AM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/08/2010 9:00:01 AM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/08/2010 10:36:58 PM | Computer Name = Bigfoot | Source = Application Error | ID = 1000
Description = Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp:
0x48a543e2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000cfc22 Faulting process id: 0x1614 Faulting application
start time: 0x01cb4590b1365c29 Faulting application path: D:\! Software\! System
Tools\! Virus and Spyware Tools\fsbl.exe Faulting module path: unknown Report Id:
f63ec4d7-b183-11df-8488-001a4d4c5462

Error - 26/08/2010 10:43:53 PM | Computer Name = Bigfoot | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 26/08/2010 10:44:58 PM | Computer Name = Bigfoot | Source = Application Error | ID = 1000
Description = Faulting application name: fsbl.exe, version: 2.2.1092.0, time stamp:
0x48a543e2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000cfc22 Faulting process id: 0xe40 Faulting application
start time: 0x01cb4591a0eb4250 Faulting application path: D:\! Software\! System
Tools\! Virus and Spyware Tools\fsbl.exe Faulting module path: unknown Report Id:
14aad14a-b185-11df-8488-001a4d4c5462

[ System Events ]
Error - 26/08/2010 11:08:14 AM | Computer Name = Bigfoot | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\42FF.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 26/08/2010 11:08:14 AM | Computer Name = Bigfoot | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 26/08/2010 11:08:15 AM | Computer Name = Bigfoot | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\42FF.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 26/08/2010 11:08:15 AM | Computer Name = Bigfoot | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 26/08/2010 11:08:15 AM | Computer Name = Bigfoot | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\42FF.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 26/08/2010 11:08:15 AM | Computer Name = Bigfoot | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 26/08/2010 11:41:39 AM | Computer Name = Bigfoot | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\system32\42FF.tmp has been blocked from loading due
to incompatibility with this system. Please contact your software vendor for a
compatible version of the driver.

Error - 26/08/2010 11:41:39 AM | Computer Name = Bigfoot | Source = Service Control Manager | ID = 7000
Description = The MEMSWEEP2 service failed to start due to the following error:
%%1275

Error - 26/08/2010 6:09:56 PM | Computer Name = Bigfoot | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 26/08/2010 11:09:45 PM | Computer Name = Bigfoot | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:08:10 PM on ?27/?08/?2010 was unexpected.


< End of report >


Now the current state of the system is:

Yesterday I was hijacked by Jookz somehow. I have no idea how this is happening as all I've relaly downloaded is antiviral software and rootkit detectors and none asked me to install some silly sponsoring apckage. Jookz simply installed a toolbar on all my browsers (Firefox, IE and Chrome and became tehd efault search engione). I uninstalled it successfully, but tehre are stillt races in the logs above.

Aside from that I find that FIrefox is at random intervals popping up a new window with the URL "http://wordslife.com/ads.php" in it. For that reason I have scanned my entire C:\ drive with AgentRansack for files containing the string "wordslife.com". I have results of that disk search to share. Agentransack has a nice export feature, and I think I'll find some great clues in this list as to either where the malware resides or at least what it's infected:

QUOTE
C:\Users\Validator\AppData\Local\Broad Intelligence\MediaCoder\Profiles\8rfamoym.default\Cache\_CACHE_001_ 128.00 KB 18/08/2010 2:49:25 PM
C:\Users\Validator\AppData\Local\Google\Chrome\User Data\Local State 6.00 KB 27/08/2010 10:06:38 PM
C:\Users\Validator\AppData\Local\Google\Chrome\User Data\Default\Cookies 74.00 KB 27/08/2010 9:47:28 PM
C:\Users\Validator\AppData\Local\Google\Chrome\User Data\Default\History 596.00 KB 27/08/2010 1:13:59 PM
C:\Users\Validator\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-08 850.00 KB 27/08/2010 1:14:00 PM
C:\Users\Validator\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 3,080.00 KB 27/08/2010 8:42:46 AM
C:\Users\Validator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010082520100826\index.dat 32.00 KB 25/08/2010 10:59:57 PM
C:\Users\Validator\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat 48.00 KB 26/08/2010 11:46:43 PM
C:\Users\Validator\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012010082520100826\index.dat 32.00 KB 25/08/2010 8:49:25 AM
C:\Users\Validator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat 5,121.00 KB 24/08/2010 6:10:37 PM
C:\Users\Validator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat 288.00 KB 26/08/2010 11:46:43 PM
C:\Users\Validator\AppData\Local\Mozilla\Firefox\Profiles\3vdnfeop.default\Cache\_CACHE_001_ 807.00 KB 27/08/2010 1:12:33 PM
C:\Users\Validator\AppData\Roaming\Broad Intelligence\MediaCoder\Profiles\8rfamoym.default\cookies.sqlite 4.00 KB 18/08/2010 2:49:25 PM
C:\Users\Validator\AppData\Roaming\Broad Intelligence\MediaCoder\Profiles\8rfamoym.default\places.sqlite 132.00 KB 18/08/2010 2:46:14 PM
C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Cookies\Low\Validator@clicksor[1].txt 1.00 KB 25/08/2010 8:49:32 AM
C:\Users\Validator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat 672.00 KB 26/08/2010 11:46:43 PM
C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms 6.00 KB 27/08/2010 8:01:06 AM
C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\places.sqlite 2,580.00 KB 27/08/2010 10:06:33 PM
C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\sessionstore.js 92.00 KB 27/08/2010 10:06:49 PM


Aleady I am very suspiscious that Broad Intelligence have something to do with it and that my install of their free MediaCoder (a great package BTW) brought with it OpenCandy about which I havn't found much info yet.

Aside from that I just tried to go to:

http://calendar.hobart.gamessociety.info

and instead in Chrome I am sent silently in quick succession to:

http://18119.2648.filter.genieknowsinc.com...0Safari%2F533.4
http://results.overture.com/
http://www.pharmastores.com/sleep.htm
http://clicks.bestquickfind.com/xtr_new?q=...QeRJ4lGoWahj4k=
http://freesearchquick.com/search.php?q=bb...912434&mk=1

So I tried Firefox and it sends me to:

http://clicks.coolsearchnow.com/xtr_new?q=...QeRJ4lmiSaxj4k=
http://ck.ads.affinity.com/ck1?ca=5dee9592...dba8c29bf99efa9
http://72.233.76.66/p/index.php?PHPSESSID=...f3c81cb18a983e7
http://www.pharmastores.com/sleep.htm
http://clicks.coolsearchnow.com/xtr3_new?s...f8779c&mk=1

So I'll launch disk scans for "ck.ads.affinity.com", "www.pharmastores.com", "clicks.coolsearchnow.com", "72.233.76.66", "freesearchquick.com", "results.overture.com", "genieknowsinc.com" and "clicks.bestquickfind.com" and see what overlap I get with my search on "wordslife.com". I may be getting some clues here slowly.

Finally, I happened to ntice two very suspscious files on my C: drive I have yet to diagnose:

"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0"
"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0"

I smell a fish here too. They bear todays timestamp and neither file can I open in a hex editor or a text editor always a system error:

---------------------------
Error
---------------------------
Cannot open file "C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0" for read access. The system cannot find the file specified.
---------------------------
Retry Cancel
---------------------------

Very very susipiscious!

I'll analyze the OTL logs myself tomorow but have to get to bed now. Your input is wildly appreciated! Thanks Gringo!

Edited by Validator, 27 August 2010 - 08:20 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 27 August 2010 - 04:12 PM

Hello

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    FF - prefs.js..extensions.enabledItems: {F9E87066-236C-4067-A3C2-BDA51D6B6B03}:1.0
    [2010/08/26 22:44:49 | 000,000,000 | ---D | M] (TabDiscover) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F9E87066-236C-4067-A3C2-BDA51D6B6B03}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C350B19-6CA1-4569-B14C-296D8D6535B2} - No CLSID value found.
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of thes otlistit.txt only

and let me know how things are now

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Validator

Validator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 August 2010 - 09:06 PM

Gringo,

Happy as ever to oblige try things that may prove fruitful. Running suspiscion is that rootkit is involved, perhaps TDSS or TDL3. Alas 64 bit O/S support of debugging and removal tools is poor. I can't even use WinDbg in Kernel mode to examine the interrupt table to see if it's been patched. I may have to do a manual MBR comparison (read and record while on WIndows 7, boot off a CD and read and record the MBR and compare copies, differences suggest a rootkit has hooked into the disk read interrupts and is cloaking itself by returning pristine MBR data when infected O/S level software reads the MBR.

But anyhow, here is what I did. I ran OTL with the run script you suggested.

I examined, but have not resent my modem. I need to schedule a resent but it will take a little longer, I need to do it duringt he week when I have telephone support from my ISP in case I fail to connect wtih a hard reset, or can't remember my password (it's one of those set once and forget things alas in most cases).

What I did do was examine the settings and lo and behold teh DNS address had been doctored. I didn't even know malware could do that (i.e. that the modem config interface was standard enough to exploit and that it's pasword protection was so lame). I checked where the IP address were and they were Russian name servers. Hmmm ... yes suspsicous indeed. So I fixed it to point back to my ISP's nameservers.

Then I ran an OTL scan again as suggested. I didn't get an OTListIt.txt file instead I got an OTL.txt file and an Extras.txt file both open neither minimized. In any case, I'm not sure of why the difference and open to advice. But the contents of OTL.txt are:

QUOTE
OTL logfile created on: 28/08/2010 6:16:36 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = D:\! Software\! System Tools\! Virus and Spyware Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 6.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 63.96 Gb Free Space | 63.96% Space Free | Partition Type: NTFS
Drive D: | 136.89 Gb Total Space | 45.96 Gb Free Space | 33.57% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 205.99 Gb Free Space | 22.11% Space Free | Partition Type: NTFS
Drive F: | 279.48 Gb Total Space | 30.46 Gb Free Space | 10.90% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 106.70 Gb Free Space | 11.45% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 198.09 Gb Total Space | 198.00 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 49.42 Gb Total Space | 9.48 Gb Free Space | 19.19% Space Free | Partition Type: NTFS

Computer Name: BIGFOOT
Current User Name: Validator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Validator\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - D:\! Software\! System Tools\! Virus and Spyware Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe (S10 Software)
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NetWorx\networx.exe (SoftPerfect Research)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - D:\! Software\! System Tools\! Virus and Spyware Tools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (MSSQL$SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV:64bit: - (SQLAgent$SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PSSDK42) -- C:\Windows\SysNative\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RsFx0103) -- C:\Windows\SysNative\drivers\RsFx0103.sys (Microsoft Corporation)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 CE DB 8D DE 43 CB 01 [binary data]
IE - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Jookz"
FF - prefs.js..browser.search.defaultenginename: "Jookz"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Jookz"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {c1970c0d-dbe6-4d91-804f-c9c0de643a57}:1.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 18:30:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/22 11:15:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/08/11 18:30:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/08/18 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions
[2010/08/10 17:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/18 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/08/28 08:38:28 | 000,000,000 | ---D | M] -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions
[2010/08/21 11:10:14 | 000,000,000 | ---D | M] (NoRedirect) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
[2010/08/19 18:38:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 08:38:18 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/12 22:49:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/13 23:22:27 | 000,001,449 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\100-search-engines.xml
[2010/08/13 23:21:34 | 000,001,820 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\bing.xml
[2010/08/13 23:22:00 | 000,000,931 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\dictionary.xml
[2010/08/28 14:11:48 | 000,002,746 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\ebaycomau.xml
[2010/08/13 23:21:55 | 000,002,152 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Mozilla\Firefox\Profiles\3vdnfeop.default\searchplugins\qrobeit.xml
[2010/08/27 08:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/12 19:10:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/22 11:09:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/22 11:09:23 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010/07/23 10:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 10:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 10:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/27 08:12:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jookz.xml
[2010/08/27 08:12:09 | 000,002,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jookz.xml.bak
[2010/07/23 10:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/28 17:58:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2349357901-3966508888-2020233972-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [NetWorx] C:\Program Files (x86)\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk = C:\Program Files (x86)\S10 Password Vault\S10PasswordVault.exe (S10 Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm ()
O8:64bit: - Extra context menu item: Autotype - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Autologin - C:\Program Files (x86)\S10 Password Vault\AutologinIE.htm ()
O8 - Extra context menu item: Autotype - C:\Program Files (x86)\S10 Password Vault\AutotypeIE.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\Validator\APPDATA\LOCAL\TEMP\PROCEXP64.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\Validator\APPDATA\LOCAL\TEMP\PROCEXP64.EXE" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/01 16:03:43 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 08:44:06 | 000,000,000 | ---D | C] -- C:\Users\Validator\Tracing
[2010/08/27 23:47:42 | 000,061,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/08/27 23:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/08/27 23:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/08/27 23:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/08/27 23:39:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/27 23:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/27 23:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/08/27 23:21:28 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Mael
[2010/08/27 23:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2010/08/27 23:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/08/27 13:23:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\Pavark
[2010/08/27 13:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\MultiMon
[2010/08/27 11:45:47 | 000,000,000 | ---D | C] -- C:\Symbols
[2010/08/26 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\CD Art Display
[2010/08/26 23:13:00 | 000,094,208 | ---- | C] (MediaTexX) -- C:\Windows\SysWow64\wmpuice.dll
[2010/08/26 23:13:00 | 000,069,632 | ---- | C] (CD Art Display) -- C:\Windows\cadSSaver.scr
[2010/08/26 23:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Art Display
[2010/08/26 23:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/26 23:01:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Wireshark
[2010/08/26 22:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/08/26 22:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010/08/26 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TabDiscover
[2010/08/26 22:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabDiscover
[2010/08/26 22:40:11 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\PhotoScape
[2010/08/26 22:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2010/08/25 22:45:07 | 000,000,000 | ---D | C] -- C:\VueScan
[2010/08/25 22:24:20 | 004,514,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2010/08/25 22:24:20 | 002,264,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2010/08/25 22:24:20 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2010/08/25 22:24:20 | 000,360,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2010/08/25 22:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/08/25 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\TeraCopy
[2010/08/25 18:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2010/08/25 18:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folder Size
[2010/08/25 05:31:02 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:08:48 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Malwarebytes
[2010/08/24 18:05:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/24 18:05:53 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/24 18:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/24 18:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/24 17:31:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/24 08:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\factormystic.net
[2010/08/24 08:38:58 | 001,618,432 | ---- | C] (factormystic.net) -- C:\Program Files (x86)\Default Programs Editor.exe
[2010/08/24 08:32:14 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\factormystic.net
[2010/08/23 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\PDF Writer
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\PDF Writer
[2010/08/22 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2010/08/22 13:38:45 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\AMPSoft
[2010/08/22 13:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMP Font Viewer
[2010/08/22 13:34:17 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Free&Easy Font Viewer
[2010/08/22 11:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QCad for Windows
[2010/08/22 11:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/22 11:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/22 11:09:37 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/22 11:09:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/22 11:09:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/22 11:09:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/22 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/08/22 11:04:01 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\EDrawings
[2010/08/21 19:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\MiniCADViewer
[2010/08/21 18:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A9Tech
[2010/08/21 18:45:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/21 12:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/08/21 12:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/20 23:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/20 14:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2010/08/20 12:43:24 | 000,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk42.sys
[2010/08/20 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2010/08/20 12:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetWorx
[2010/08/20 12:38:21 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2010/08/20 12:38:21 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2010/08/20 12:38:21 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2010/08/20 12:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2010/08/20 12:38:15 | 000,214,016 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2010/08/20 12:38:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.OCX
[2010/08/20 12:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2010/08/20 12:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sysinternals
[2010/08/20 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\avidemux
[2010/08/20 12:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2010/08/20 08:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/08/20 08:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/20 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/08/20 07:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/18 14:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder Audio Edition x64
[2010/08/18 14:42:04 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Broad Intelligence
[2010/08/18 14:38:03 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Broad Intelligence
[2010/08/18 14:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/08/18 13:51:25 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Media Player Classic
[2010/08/18 13:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema (x64)
[2010/08/18 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flexible Renamer
[2010/08/18 10:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/08/18 10:44:50 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Paint.NET
[2010/08/17 23:03:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\GRETECH
[2010/08/17 23:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/08/15 11:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\S10 Software
[2010/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\S10 Software
[2010/08/15 11:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S10 Password Vault
[2010/08/15 11:34:47 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\ProgSense
[2010/08/15 11:22:56 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\GrabPro
[2010/08/15 11:22:56 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/08/15 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\OpenCandy
[2010/08/15 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2010/08/15 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Orbit
[2010/08/15 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\IrfanView
[2010/08/15 11:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2010/08/13 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/13 22:36:31 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\AlbumArtDownloader
[2010/08/13 22:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExplorerXP
[2010/08/13 22:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/13 22:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/08/13 22:23:20 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2010/08/13 22:23:20 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/13 22:23:20 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/13 22:23:12 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/08/13 22:23:12 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/08/13 22:23:12 | 001,322,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/08/13 22:23:12 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010/08/13 22:23:03 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/08/12 23:23:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\assembly
[2010/08/12 20:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/12 19:12:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\skypePM
[2010/08/12 19:10:51 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Skype
[2010/08/12 19:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/08/12 19:09:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/08/12 19:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/08/12 06:07:21 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 06:07:20 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/12 06:07:19 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/12 06:07:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/12 06:07:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/12 06:07:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/12 06:07:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/12 06:07:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/12 06:07:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/12 06:07:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 06:07:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 06:07:02 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 23:02:45 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/08/11 23:02:45 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/08/11 23:02:45 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/08/11 23:02:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/08/11 23:02:44 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/08/11 23:02:44 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/08/11 23:02:42 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/08/11 23:02:42 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/08/11 23:02:41 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/08/11 23:02:41 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/08/11 23:02:41 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/08/11 23:02:41 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/08/11 23:02:41 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/08/11 23:02:41 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/08/11 23:02:40 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/08/11 23:02:40 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/08/11 23:02:39 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/08/11 23:02:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/08/11 23:02:39 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/08/11 23:02:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/08/11 23:02:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/08/11 23:02:38 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/08/11 23:02:38 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/08/11 23:02:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/08/11 23:02:37 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/08/11 23:02:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/08/11 23:02:37 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/08/11 23:02:37 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/08/11 23:02:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/08/11 23:02:37 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/08/11 23:02:35 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/08/11 23:02:35 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/08/11 23:02:35 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/08/11 23:02:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/08/11 23:02:35 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/08/11 23:02:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/08/11 23:02:34 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/08/11 23:02:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/08/11 23:02:34 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/08/11 23:02:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/08/11 23:02:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/08/11 23:02:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/08/11 23:02:33 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/08/11 23:02:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/08/11 23:02:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/08/11 23:02:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/08/11 23:02:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/08/11 23:02:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/08/11 23:02:31 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/08/11 23:02:31 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/08/11 23:02:31 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/08/11 23:02:31 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/08/11 23:02:31 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/08/11 23:02:31 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/08/11 23:02:31 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/08/11 23:02:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/08/11 23:02:29 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/08/11 23:02:29 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/08/11 23:02:28 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/08/11 23:02:28 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/08/11 23:02:28 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/08/11 23:02:28 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/08/11 23:02:28 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/08/11 23:02:28 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/08/11 23:02:27 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/08/11 23:02:27 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/08/11 23:02:27 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/08/11 23:02:27 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/08/11 23:02:26 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/08/11 23:02:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/08/11 23:02:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/08/11 23:02:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/08/11 23:02:25 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010/08/11 23:02:25 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/08/11 23:02:25 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010/08/11 23:02:25 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/08/11 23:02:25 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010/08/11 23:02:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/08/11 23:02:23 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/08/11 23:02:23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/08/11 23:02:23 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/08/11 23:02:23 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/08/11 23:02:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/08/11 23:02:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/08/11 23:02:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/08/11 23:02:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/08/11 23:02:23 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/08/11 23:02:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/08/11 23:02:23 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/08/11 23:02:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/08/11 23:02:22 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/08/11 23:02:22 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/08/11 23:02:21 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/08/11 23:02:21 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/08/11 23:02:20 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/08/11 23:02:20 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/08/11 23:02:20 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/08/11 23:02:20 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/08/11 23:02:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/08/11 23:02:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/08/11 23:02:20 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/08/11 23:02:20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/08/11 23:02:19 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/08/11 23:02:19 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/08/11 23:02:17 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/08/11 23:02:17 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/08/11 23:02:17 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/08/11 23:02:17 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/08/11 23:02:17 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/08/11 23:02:17 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/08/11 23:02:17 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/08/11 23:02:17 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/08/11 23:02:16 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/08/11 23:02:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/08/11 23:02:16 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/08/11 23:02:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/08/11 23:02:16 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/08/11 23:02:16 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/08/11 23:02:15 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/08/11 23:02:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/08/11 23:02:15 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/08/11 23:02:15 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/08/11 23:02:15 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/08/11 23:02:15 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/08/11 23:02:15 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/08/11 23:02:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/08/11 23:02:15 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/08/11 23:02:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/08/11 23:02:14 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/08/11 23:02:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/08/11 23:02:14 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/08/11 23:02:14 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/08/11 23:02:13 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/08/11 23:02:13 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/08/11 23:02:13 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/08/11 23:02:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/08/11 23:02:13 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/08/11 23:02:13 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/08/11 23:02:12 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/08/11 23:02:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/08/11 23:02:11 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/08/11 23:02:11 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/08/11 23:02:09 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/08/11 23:02:09 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/08/11 23:02:09 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/08/11 23:02:09 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/08/11 23:02:09 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/08/11 23:02:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/08/11 23:02:08 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/08/11 23:02:08 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/08/11 23:02:08 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/08/11 23:02:08 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/08/11 23:02:07 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/08/11 23:02:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/08/11 23:02:06 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/08/11 23:02:06 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/08/11 23:02:06 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/08/11 23:02:06 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/08/11 23:02:03 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/08/11 23:02:03 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/08/11 23:02:03 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/08/11 23:02:03 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/08/11 23:02:02 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/08/11 23:02:02 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/08/11 23:02:01 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/08/11 23:02:01 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/08/11 23:01:59 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/08/11 23:01:59 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/08/11 23:01:59 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/08/11 23:01:59 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/08/11 23:01:59 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/08/11 23:01:59 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/08/11 23:01:58 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/08/11 23:01:58 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/08/11 23:01:58 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/08/11 23:01:58 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/08/11 23:01:58 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/08/11 23:01:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/08/11 23:01:57 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/08/11 23:01:57 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/08/11 23:01:56 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/08/11 23:01:56 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/08/11 22:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/08/11 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\eMule
[2010/08/11 22:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010/08/11 22:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/11 22:39:26 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\uTorrent
[2010/08/11 22:34:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/08/11 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2010/08/11 20:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2010/08/11 20:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2010/08/11 20:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
[2010/08/11 19:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/08/11 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/11 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/11 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/08/11 18:27:45 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Apple
[2010/08/11 18:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/11 18:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/08/11 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Mp3tag
[2010/08/11 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Soulseek
[2010/08/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekNS
[2010/08/10 22:00:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Microsoft Corporation
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Jujusoft
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Jujusoft
[2010/08/10 18:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jujusoft
[2010/08/10 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Thunderbird
[2010/08/10 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Thunderbird
[2010/08/10 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/08/10 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\AlbumArtDownloader
[2010/08/10 17:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010/08/10 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Google
[2010/08/10 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Mozilla
[2010/08/10 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Mozilla
[2010/08/10 17:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/10 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Deployment
[2010/08/10 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Local\Apps
[2010/08/10 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicIP
[2010/08/09 12:04:07 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\MusicIP
[2010/08/09 11:54:11 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/08/09 11:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/08/09 11:50:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\OpenOffice.org
[2010/08/09 11:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/08/09 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2010/07/31 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2010/07/31 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2010/07/31 17:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2010/07/31 17:30:47 | 000,000,000 | ---D | C] -- D:\My Documents\Visual Studio 2010
[2010/07/31 17:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/07/31 17:18:47 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2010/07/31 17:18:47 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2010/07/31 17:18:21 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2010/07/31 17:18:21 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2010/07/31 17:17:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2010/07/31 17:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2010/07/31 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/07/31 17:15:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2010/07/31 17:15:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2010/07/31 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/31 17:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/07/31 17:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/07/31 17:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/31 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/31 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/31 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/31 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/31 17:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visual Studio 2010Templates
[2010/07/31 17:08:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visual Studio 2010
[2010/07/31 17:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2010/07/31 17:06:37 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2010/07/31 17:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/07/31 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/31 16:58:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/31 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010/07/31 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/07/31 16:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/07/31 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\Validator\AppData\Roaming\Winamp
[2010/07/31 16:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[5 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 18:20:16 | 009,175,040 | -HS- | M] () -- C:\Users\Validator\NTUSER.DAT
[2010/08/28 18:11:46 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 18:11:46 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/28 18:01:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/28 18:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/28 18:01:37 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/28 17:59:29 | 003,285,809 | -H-- | M] () -- C:\Users\Validator\AppData\Local\IconCache.db
[2010/08/28 17:58:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/28 08:43:56 | 000,005,868 | ---- | M] () -- D:\My Documents\Password Vault.s10p
[2010/08/27 13:16:18 | 000,869,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/27 13:16:18 | 000,731,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/27 13:16:18 | 000,149,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/27 13:09:50 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001UA.job
[2010/08/27 13:09:50 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 13:09:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001Core.job
[2010/08/27 13:09:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 22:38:36 | 000,000,911 | ---- | M] () -- C:\Users\Validator\Desktop\Men's Group Time Plan.lnk
[2010/08/26 22:38:15 | 000,013,062 | ---- | M] () -- C:\Users\Validator\Desktop\men's Group Timer.lnk
[2010/08/23 17:56:08 | 000,380,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/22 14:46:37 | 000,094,592 | ---- | M] () -- C:\Users\Validator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 12:05:05 | 000,000,778 | ---- | M] () -- C:\ProgramData\qcadrc
[2010/08/22 11:09:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/08/22 11:09:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/22 11:09:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/22 11:09:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/22 11:03:52 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/21 12:09:56 | 000,000,036 | ---- | M] () -- C:\Users\Validator\AppData\Local\housecall.guid.cache
[2010/08/20 13:43:26 | 000,005,528 | ---- | M] () -- D:\My Documents\Password Vault.s10p_backup
[2010/08/20 12:43:24 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\SysNative\drivers\pssdk42.sys
[2010/08/18 00:35:16 | 000,003,584 | ---- | M] () -- C:\Users\Validator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 11:53:15 | 000,001,088 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk
[2010/08/12 19:12:03 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/08/11 22:26:24 | 000,042,842 | ---- | M] () -- C:\Users\Validator\Desktop\Tmp.odt
[2010/08/11 21:46:47 | 000,001,248 | ---- | M] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2010/08/10 18:14:10 | 000,001,175 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\JujuEdit.lnk
[2010/08/10 18:07:52 | 000,000,132 | ---- | M] () -- C:\Users\Validator\Desktop\Update WinAmp MusicIP Database.bat
[2010/08/10 17:57:38 | 000,002,042 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/08/10 17:50:15 | 000,001,976 | ---- | M] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 11:31:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/08 21:03:50 | 022,619,136 | ---- | M] () -- C:\Users\Validator\Desktop\ValidatorsMailBox.pst
[2010/07/31 17:05:41 | 000,764,822 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[5 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 22:38:36 | 000,000,911 | ---- | C] () -- C:\Users\Validator\Desktop\Men's Group Time Plan.lnk
[2010/08/26 22:38:15 | 000,013,062 | ---- | C] () -- C:\Users\Validator\Desktop\men's Group Timer.lnk
[2010/08/22 11:24:31 | 000,000,778 | ---- | C] () -- C:\ProgramData\qcadrc
[2010/08/22 11:03:52 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/08/21 12:09:56 | 000,000,036 | ---- | C] () -- C:\Users\Validator\AppData\Local\housecall.guid.cache
[2010/08/18 00:35:15 | 000,003,584 | ---- | C] () -- C:\Users\Validator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 21:29:47 | 022,619,136 | ---- | C] () -- C:\Users\Validator\Desktop\ValidatorsMailBox.pst
[2010/08/15 11:53:15 | 000,001,088 | ---- | C] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk
[2010/08/13 22:23:20 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/08/12 20:00:53 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/12 20:00:52 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 19:12:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/11 21:50:20 | 000,042,842 | ---- | C] () -- C:\Users\Validator\Desktop\Tmp.odt
[2010/08/11 21:46:47 | 000,001,248 | ---- | C] () -- C:\Users\Validator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2010/08/10 18:14:10 | 000,001,175 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\JujuEdit.lnk
[2010/08/10 18:05:54 | 000,000,132 | ---- | C] () -- C:\Users\Validator\Desktop\Update WinAmp MusicIP Database.bat
[2010/08/10 18:05:54 | 000,000,065 | ---- | C] () -- C:\Users\Validator\Desktop\Firefox Sound On.bat
[2010/08/10 18:05:54 | 000,000,064 | ---- | C] () -- C:\Users\Validator\Desktop\Firefox Sound Off.bat
[2010/08/10 17:57:38 | 000,002,042 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/08/10 17:51:31 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001UA.job
[2010/08/10 17:51:28 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2349357901-3966508888-2020233972-1001Core.job
[2010/08/10 17:50:15 | 000,001,976 | ---- | C] () -- C:\Users\Validator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 11:31:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/09 11:52:56 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/08/09 11:52:56 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/07/31 17:05:38 | 000,764,822 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 28 August 2010 - 10:48 PM

Hello

I examined, but have not resent my modem.
Your modem or router? the settings can be changed because to log into the router most people don't change the default password.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
don't look like it took as it still has come back, we don't need to hard reset the router but need to change these DNS settings

You seem to know your way around a computer pretty good so I am not going to go into long instructions but if you do need something explained in more details do ask.

I don't think it is a rootkit involved here but what we call router poisoning.

1. check your DNS setting on the computer under Start menu | My Computer | My Network Places | View Network Connections.)

Locate the network connection that is associated with your Internet connection right click and select properties
In the list that appears under the General tab, double click on Internet Protocol (TCP/IP).

2. recheck the DNS on the router

3. run this OTL script and send me this report

Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.149 213.109.74.115
    :Files
    ipconfig /flushdns /c
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



4. update and rerun MBAM and send me the report



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Validator

Validator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 30 August 2010 - 09:00 AM

That registry entry is odd. And reflects the DNS changes I observed. Well spotted. Indeed I do know my way around PC's, started writing machine code patches myself in the '80s on the IBM PC. Alas modern malware is no longer my strength.

I ran the OTL script, and it reported results but I rebooted a la it's suggestions and can't find the results anywhere, apparently they weren't stored on disk (at least as far as a list of all files modified in the last half hour indicates). I did read it though and it reported success basically and nothing untoward.

I then checked the registry key concerned and it is good.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DhcpNameServer = 210.15.254.240 210.15.254.241

And these are my ISP nameservers so all is good.

I kicked myself in one of those Doh! moments a la the Simpsons, when I checke dthe broadband modem and found yes, it still had it's default password (which is "password"). I fxed that. But that explains how malware could easily have altered it in a sense, on the premise that the HTTP interface to the modem is sufficiently standard too (which still surprises me) or there is some standard protocol that substitutes for the HTTP interface it presents me with.

So I ran MBAM and did an update (which it downloaded) and I'm glad to report it found the traces of Jookz, which I had manually removed but clearly had lingering components.

here's what it reported:

QUOTE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4505

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/08/2010 11:26:57 PM
mbam-log-2010-08-30 (23-26-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 307477
Time elapsed: 1 hour(s), 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4c350b19-6ca1-4569-b14c-296d8d6535b2} (Adware.Jookz) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4c350b19-6ca1-4569-b14c-296d8d6535b2} (Adware.Jookz) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\TabDiscover\tabdiscover.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchPlugins\jookz.xml (Adware.Jookz) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchPlugins\jookz.xml.bak (Adware.Jookz) -> Quarantined and deleted successfully.


I notice the Jookz toolbar last weke and removed it with the windows uninstall option. I knew it had some lingering bits form earlier logs, but I suspect this update included teh Jookz signatures that it now used to identify tehse traces and quarantine them. A postiuve step but I suspect Jookz came after this redirect problem.

I will now see how the PC performs. My subjective impression in recent days is that pop-ups and redirects have reduced in frequency but not abated. But I will approach it more objectively from today and notwe if I see anything. It is not out of the question that Jookz was in fact a causative agent and not unrelated. I am doubtful at present, but it is credible.

I shall keep you posted and thank you deeply for teh time you donate Gringo to helping with your depth of OTL experience!

I am of course still deeply interested in rootkit diagnosis technologies for 64 bit WINdows 7, in short a (free) kernel debugger if such exists, and anything that can read disk sectors at the raw level either via or bypassing the Windows API ... such tools most especially if they are not commonly known (alas, because rootkits are known to silently disable their own interventions when probed by processes of known name like RootKitRevealer.exe for example, for which reason GMER downloads with a random name) would enable comparison of disk sectors like the MBR read raw and via API, and also inspection of the interrupt tables for suspiscious code addresses. it would be enormously confidence boosting for me to be able to diagnose at this level.

Cheers.

#8 Validator

Validator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 31 August 2010 - 02:19 AM

It's been a day and I've notice no redirects or popups. I'm feeling confident slowly that I may have rid myself of the cause and it may well have been Jookz related and DNS hijack on my modem! I shall keep observing.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 01 September 2010 - 12:38 AM

Hello

that is great that it has stoped

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 04 September 2010 - 12:50 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:44 AM

Posted 07 September 2010 - 01:40 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users