Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • This topic is locked This topic is locked
26 replies to this topic

#1 ndnjon

ndnjon

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 28 August 2010 - 06:29 PM

Hello everyone, my friend recommended this forum after I explained my problem to him. So I am following his instructions.

Yesterday, after a reboot I noticed that my browser Firefox would not load correctly. It would not open for several minutes, and when it did, only part of my iGoogle home page would appear. I also noticed my Yahoo Messenger would not log in either. After checking other ways to get internet access, IE 8, and Chrome, only Chrome was able to open correctly.

Some other things I noticed were that different processes were not operational. My Display Fusion task bar, Windows 7 gadgets, and my Logitech mouse zoom function were stopped also. I also have Trusteer Rapport installed, and that was stopped as well. After turning them back on, they would stop working after a couple of minutes. My system tray icons would only be visible for a second then most of them would disappear also.

At that point I did a System Restore, to a point where I had manually set up a restore point, 8-2-2010. After that was done I had the same problems.

I decided to disable my firewall (Comodo Free) and my antivirus (Avast). As soon as Comodo was gone, I was able to access Firefox with no problem. I uninstalled Comodo and reinstalled, and Firefox was no longer working. So I uninstalled it Comodo.

I ran Trend Micro Housecall which turned up nothing.

I downloaded Sophos AntiRootkit, which found 5 unknown files, but the program did no recommend removing them.

I also have Malwarebytes (with real time protection) and Super Antispyware Professional. I performed a Malwarebytes scan which turned up nothing.

After that, I tried to run SuperAntiSpware Professional, and it would start to open, then close with a message screen that I was unable to read. I tried this several times, with the same results.

If I have Firefox open when I try to run SuperAntiSpyware, it will crash Firefox every time.

I was able to run SuperAntispyware portable version, which turned up 60 something adware tracking cookies, mostly from Chrome.

So at this point Windows Firewall is my only firewall (wasn't ever disabled), and am at a loss as to what to do.

So I followed the instructions in the Forum guide to the letter, except for the GMER part, which I get the following message:
"C:\Windows\system32\config\system: The system cannot find the file specified"

Below is the text from the Dds.txt output, and attached is the Attached.zip

Any help would be appreciated. Thank you in advance.

John
ndnjon

________________________________________________________

DDS (Ver_10-03-17.01) - NTFSX64
Run by psychomagnet at 14:51:10.85 on Sat 08/28/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8191.5563 [GMT -7:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\psychomagnet\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Users\psychomagnet\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\psychomagnet\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~2\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~2\yahoo!\companion\installs\cpn0\yt.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\psychomagnet\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DisplayFusion] "c:\program files (x86)\displayfusion\DisplayFusion.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [iLike] c:\program files (x86)\ilike\1.2.18\ilikesidebar.exe /checkforupdate
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\psycho~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: {A3E7B95B-09D7-4D3D-86E4-E5E8D2F233CC} = 156.154.70.22,156.154.71.22
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon
AppInit_DLLs-X64:

================= FIREFOX ===================

FF - ProfilePath - c:\users\psycho~1\appdata\roaming\mozilla\firefox\profiles\gl2syzfe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\psychomagnet\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\psychomagnet\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\psychomagnet\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-14 121936]
R1 RapportKE64;RapportKE64;c:\program files (x86)\trusteer\rapport\bin\RapportKE64.sys [2010-7-1 63472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-14 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-14 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\cobian backup 10\cbVSCService.exe [2010-8-28 67584]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-2 40384]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-29 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-29 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-29 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-29 1622616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-14 24664]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-8-14 24064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-6-14 304464]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-6-14 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-6-14 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-29 230488]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-29 1445976]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-29 95320]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4422.tmp [2010-8-27 6144]
S3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\trusteer\rapport\bin\RapportLaunService64.exe [2010-7-1 524784]
S3 RapportPG64;RapportPG64;c:\program files (x86)\trusteer\rapport\bin\RapportPG64.sys [2010-7-1 56304]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-14 1255736]

=============== Created Last 30 ================

2010-08-28 21:48:16 0 ----a-w- c:\users\psychomagnet\defogger_reenable
2010-08-28 18:10:59 0 d-----w- c:\program files (x86)\Cobian Backup 10
2010-08-28 04:24:33 6144 ------w- c:\windows\system32\4422.tmp
2010-08-28 04:22:37 6144 ------w- c:\windows\system32\7E63.tmp
2010-08-28 04:22:32 0 d-----w- c:\program files (x86)\Sophos
2010-08-28 03:22:15 0 d--h--w- C:\VritualRoot
2010-08-28 01:46:41 65536 --sh--w- c:\users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TM.blf
2010-08-28 01:46:41 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
2010-08-28 01:46:41 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
2010-08-28 00:16:48 65536 --sh--w- c:\users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TM.blf
2010-08-28 00:16:48 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
2010-08-28 00:16:48 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
2010-08-26 04:04:29 0 d-----w- c:\program files\Paint.NET
2010-08-20 23:59:32 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-11 03:48:21 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-11 03:48:21 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-11 03:48:21 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-11 03:33:27 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-11 03:33:26 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 03:18:27 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
2010-08-11 03:18:27 524288 --sh--w- c:\users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
2010-08-11 03:18:26 65536 --sh--w- c:\users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TM.blf
2010-08-10 12:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-08-07 05:48:44 0 d-----w- c:\users\psycho~1\appdata\roaming\iLike
2010-08-07 05:48:37 0 d-----w- c:\program files (x86)\iLike
2010-07-30 04:28:30 0 d-----w- c:\programdata\Yahoo! Companion
2010-07-30 04:28:13 0 d-----w- c:\programdata\Yahoo!
2010-07-30 04:25:41 0 d-----w- c:\program files (x86)\Yahoo!

==================== Find3M ====================

2010-08-27 23:49:44 119296 ----a-w- c:\windows\syswow64\zlib.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-17 18:56:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-17 18:56:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-07-17 12:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57:12 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-06-28 01:40:56 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-28 01:40:56 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-06-28 01:40:56 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-28 01:40:56 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-15 06:25:09 99384 ------w- c:\users\psycho~1\appdata\roaming\inst.exe
2010-06-15 06:25:09 82816 ------w- c:\users\psycho~1\appdata\roaming\pcouffin.sys
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 00:21:00 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-08 00:21:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-08 00:20:58 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-08 00:20:58 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sh--w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sh--w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:52:14.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 04 September 2010 - 06:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 September 2010 - 11:57 AM

Hello,

Thanks for getting back to me. As I described in my first post, my problem is that I had to uninstall Comodo Firewall, in order to get internet access via Firefox. Also different programs and services would stop running. I also run into problems with SuperAntiSpyware. When I open it by clicking on my desktop icon, it will crash my Firefox, and also all my icons in my system tray disappear quickly. ( I just tried that again, and same thing happened) Since originally posting I have kept that computer offline, with no internet access. Only coming online to post this. The computer I am posting this for is normally connected via ethernet jack.

While having my desktop computer offline, I have been using my netbook (win 7) to get online. Every day now, on my netbook, Malwarebytes Anti-Malware will block malicious sites, even when my browser is not opened. My netbook is not displaying any odd behavior. I just think that there may be a correlation with these attempts, and my other computer already possibly infected. I can provide the logs for MBAM for my netbook if necessary.


Below are the requested OTL logs. I really appreciate the help you are offering thumbup2.gif

OTL logfile created on: 9/4/2010 9:20:58 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\psychomagnet\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 140.42 Gb Free Space | 47.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 86.34 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 56.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 663.76 Gb Free Space | 71.26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive L: | 29.64 Mb Total Space | 22.05 Mb Free Space | 74.38% Space Free | Partition Type: FAT

Computer Name: TOWER
Current User Name: psychomagnet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/04 09:16:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\psychomagnet\Desktop\OTL.exe
PRC - [2010/07/22 19:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/19 12:36:46 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/11 16:21:16 | 000,083,440 | ---- | M] (Google) -- C:\Users\psychomagnet\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/07/15 05:37:58 | 000,024,064 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/07/15 05:32:32 | 001,232,896 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (SafeList) ==========

MOD - [2010/09/04 09:16:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\psychomagnet\Desktop\OTL.exe
MOD - [2010/06/08 00:00:52 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 14:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 14:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2007/01/30 02:08:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/20 06:00:27 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3745.dll -- (Akamai)
SRV - [2010/07/08 16:43:00 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/01 12:07:34 | 000,524,784 | ---- | M] (Trusteer Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/14 10:53:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/06/14 10:52:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/22 05:50:36 | 000,413,696 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/02/10 09:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/14 23:25:09 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4422.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 01:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 02:20:16 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009/07/29 02:20:16 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/07/29 02:20:08 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009/07/29 02:20:08 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/07/29 02:20:00 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/07/29 02:20:00 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/07/29 02:19:54 | 001,622,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2009/07/29 02:19:42 | 001,577,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/07/29 02:19:30 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/07/29 02:19:18 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/07/29 02:19:06 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/07/29 02:18:54 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/07/29 02:18:40 | 000,698,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/07/29 02:18:24 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/01/23 15:48:00 | 000,136,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2007/01/23 15:48:00 | 000,038,672 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,112,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/01/23 15:47:00 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/07/01 12:07:36 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2010/07/01 12:07:36 | 000,056,304 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 E4 28 A7 F0 0B CB 01 [binary data]
IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: makeFontSizeBigger@papafresh.com:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.2
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/27 19:04:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/27 19:04:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/08/22 22:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/07/02 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Extensions
[2010/07/02 13:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/31 07:00:50 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions
[2010/08/15 01:45:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/08/15 01:45:51 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/08/20 18:11:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/24 17:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/06/16 00:02:57 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\chromifox@altmusictv.com
[2010/07/04 00:19:24 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\gmailthis@lazyrussian.com
[2010/06/16 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\extensions\makeFontSizeBigger@papafresh.com
[2010/06/20 16:30:19 | 000,002,789 | ---- | M] () -- C:\Users\psychomagnet\AppData\Roaming\Mozilla\Firefox\Profiles\gl2syzfe.default\searchplugins\world-of-warcraft-armory.xml
[2010/08/31 07:00:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/05 13:05:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 20:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1012310401-441671931-1320911503-1001..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1012310401-441671931-1320911503-1001..\Run: [iLike] C:\Program Files (x86)\iLike\1.2.18\ilikesidebar.exe (iLike)
O4 - HKU\S-1-5-21-1012310401-441671931-1320911503-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1012310401-441671931-1320911503-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\psychomagnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/29 18:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/29 08:18:52 | 000,000,067 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/28 19:01:26 | 000,000,016 | -H-- | M] () - L:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/04 09:16:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\psychomagnet\Desktop\OTL.exe
[2010/08/29 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01c}
[2010/08/29 08:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/08/29 08:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2010/08/29 08:17:48 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Downloaded Installations
[2010/08/29 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\FreeAgentCN
[2010/08/28 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\Security Tools
[2010/08/28 22:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/08/28 22:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2010/08/28 22:58:21 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\John~Work TOWER
[2010/08/28 16:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2010/08/28 15:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/08/28 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Safe mirror
[2010/08/28 11:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2010/08/28 11:10:10 | 015,427,584 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\psychomagnet\Desktop\cbSetup.exe
[2010/08/27 21:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/08/27 20:22:15 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/08/25 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/08/25 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Paint.NET
[2010/08/10 20:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/10 20:00:23 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\clone.AD
[2010/08/06 22:48:44 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\iLike
[2010/08/06 22:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLike
[2010/08/05 08:58:00 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\VIZA
[2010/08/04 19:00:37 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\Cultivation
[2010/07/29 21:29:19 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Yahoo
[2010/07/29 21:28:43 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Yahoo!
[2010/07/29 21:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/29 21:28:28 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Yahoo!
[2010/07/29 21:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/07/29 21:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/07/28 23:30:26 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\WinRAR
[2010/07/28 23:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/27 20:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Maxtor
[2010/07/27 20:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxtor
[2010/07/27 20:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Maxtor
[2010/07/23 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/23 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/23 21:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/22 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Media Player Classic
[2010/07/21 21:25:03 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\dvdcss
[2010/07/21 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\Aiseesoft Studio
[2010/07/21 21:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aiseesoft Studio
[2010/07/21 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2010/07/21 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\Wondershare DVD Ripper Platinum
[2010/07/21 20:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2010/07/21 18:01:57 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\DVD2AVI Ripper
[2010/07/21 18:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/07/21 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\clone.AD
[2010/07/21 17:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010/07/21 17:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2010/07/21 17:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2010/07/21 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\My DVD Backups
[2010/07/21 17:15:27 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\VobSub
[2010/07/21 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010/07/18 02:06:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/15 21:07:35 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\Nvidia
[2010/07/15 21:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/07/15 21:00:45 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\SystemRequirementsLab
[2010/07/14 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\FullDisc
[2010/07/14 01:08:01 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\My Programs
[2010/07/13 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\Software Setup
[2010/07/12 16:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/07/12 16:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/08 22:52:58 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\!Documentz
[2010/07/08 20:29:33 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/08 20:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/07/08 16:33:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/07/08 00:55:27 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Vidalia
[2010/07/07 00:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/07/06 18:13:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/05 15:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/07/05 15:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/07/05 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/07/05 14:04:19 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\CustomStamp
[2010/07/05 14:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2010/07/05 13:58:54 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\CutePDF_Pro
[2010/07/05 13:58:54 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\CutePDF
[2010/07/05 13:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2010/07/05 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\OpenOffice.org
[2010/07/05 13:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010/07/05 13:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010/07/05 13:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/05 13:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/03 14:53:34 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Trusteer
[2010/07/03 14:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2010/07/03 14:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/07/03 11:44:38 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\Max Payne 2 Savegames
[2010/07/03 11:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2010/07/03 10:49:01 | 000,070,088 | ---- | C] (xx) -- C:\Windows\SysWow64\Project2-1.ocx
[2010/07/03 10:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eGames
[2010/07/02 23:10:11 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/02 13:52:36 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Thunderbird
[2010/07/02 13:52:36 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Thunderbird
[2010/07/02 13:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010/07/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/06/30 15:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/06/30 14:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/06/30 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/30 12:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/27 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\The Lord of the Rings Online
[2010/06/27 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\The Lord of the Rings Online
[2010/06/27 21:49:27 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Turbine
[2010/06/27 21:48:29 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Turbine
[2010/06/27 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\ApplicationHistory
[2010/06/27 21:45:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2010/06/27 21:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2010/06/27 15:48:18 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\LOTRO - HighRes
[2010/06/27 15:47:57 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\PMB Files
[2010/06/27 15:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/06/27 15:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2010/06/24 18:22:23 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\avi
[2010/06/23 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\DVDFab
[2010/06/23 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\NVIDIA
[2010/06/22 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/06/22 21:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/06/22 21:41:32 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/22 21:41:32 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/22 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/22 21:05:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/22 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/06/22 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/06/22 20:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/22 17:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/06/22 08:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/06/21 22:43:01 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/06/21 22:42:38 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\jagexlauncher
[2010/06/21 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Smart Recorder
[2010/06/21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/20 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/20 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/18 16:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2010/06/18 09:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2010/06/17 19:48:01 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Desktop\Legal Sounds
[2010/06/16 14:45:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/06/16 14:45:24 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/15 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Mozilla
[2010/06/15 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Mozilla
[2010/06/15 19:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/06/15 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LuaEdit
[2010/06/15 15:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/06/15 13:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/14 23:25:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/06/14 23:25:09 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.sys
[2010/06/14 23:25:09 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\PcSetup
[2010/06/14 23:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 7
[2010/06/14 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MMTaskbar
[2010/06/14 23:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
[2010/06/14 18:24:40 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\XPAD
[2010/06/14 15:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/06/14 15:09:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/14 15:09:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/14 14:16:37 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/14 14:16:37 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/14 14:16:37 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/14 14:16:37 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/14 14:16:32 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/14 14:16:00 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/14 14:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/14 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/14 14:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/06/14 14:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/06/14 14:10:29 | 000,027,136 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2010/06/14 14:10:29 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2010/06/14 14:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2010/06/14 14:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/14 14:04:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/14 14:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/14 14:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/14 14:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LegalSounds
[2010/06/14 13:14:35 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2010/06/14 13:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2010/06/14 13:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2010/06/14 12:55:57 | 000,081,584 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2010/06/14 12:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/06/14 12:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/14 12:50:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2010/06/14 12:50:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2010/06/14 12:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2010/06/14 12:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/06/14 12:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/14 12:45:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/06/14 12:45:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010/06/14 12:45:34 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/06/14 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010/06/14 12:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/06/14 12:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/06/14 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/06/14 12:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/14 12:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/06/14 12:01:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/06/14 12:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/06/14 12:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/06/14 12:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/06/14 12:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/06/14 12:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/06/14 11:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/06/14 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/14 11:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2010/06/14 11:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2010/06/14 11:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/06/14 10:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010/06/14 10:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010/06/14 10:57:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2010/06/14 10:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/06/14 10:57:07 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/06/14 10:57:07 | 000,133,632 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/06/14 10:57:06 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/06/14 10:57:06 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/06/14 10:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/06/14 10:56:52 | 000,782,336 | ---- | C] (Creative Labs Inc.) -- C:\Windows\SysWow64\oalinst.exe
[2010/06/14 10:56:52 | 000,077,824 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\eaxac3.dll
[2010/06/14 10:56:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2010/06/14 10:56:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data
[2010/06/14 10:56:08 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\SysWow64\INRES.DLL
[2010/06/14 10:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2010/06/14 10:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2010/06/14 10:50:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/06/14 10:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/06/14 10:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/06/14 10:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/14 10:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/14 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/14 10:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/14 10:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/14 10:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/06/14 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/14 10:44:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/14 05:33:50 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/14 05:24:47 | 000,000,000 | ---D | C] -- C:\Windows.old.000
[2010/06/14 05:05:40 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\WOW Guide
[2010/06/14 05:03:27 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Vso
[2010/06/14 05:03:26 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Ventrilo
[2010/06/14 05:03:24 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\PowerUp Software
[2010/06/14 05:03:09 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Malwarebytes
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Macromedia
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Logitech
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Logishrd
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\LegalSounds
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\DisplayFusion
[2010/06/14 05:03:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Creative
[2010/06/14 05:03:06 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Apple Computer
[2010/06/14 05:03:05 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Adobe
[2010/06/14 05:02:52 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Microsoft Help
[2010/06/14 05:02:52 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Microsoft Games
[2010/06/14 05:00:38 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\MediaMonkey
[2010/06/14 04:58:30 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\Wallpaper
[2010/06/14 04:58:28 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\Sample Client File - MediCal
[2010/06/14 04:58:27 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\My Google Gadgets
[2010/06/14 04:58:23 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\Documents\DVDFab
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Google
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\ElevatedDiagnostics
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Deployment
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Blizzard Entertainment
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Apps
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Apple Computer
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Apple
[2010/06/14 04:56:10 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Adobe
[2010/06/14 04:49:21 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Searches
[2010/06/14 04:49:21 | 000,000,000 | -H-D | C] -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/14 04:49:13 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Identities
[2010/06/14 04:49:10 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Contacts
[2010/06/14 04:49:07 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\VirtualStore
[2010/06/14 04:48:51 | 000,000,000 | --SD | C] -- C:\Users\psychomagnet\AppData\Roaming\Microsoft
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Videos
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Saved Games
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Pictures
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Music
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Links
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Favorites
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Downloads
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\My Documents
[2010/06/14 04:48:51 | 000,000,000 | R--D | C] -- C:\Users\psychomagnet\Desktop
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\AppData\Local\Temporary Internet Files
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Templates
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Start Menu
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\SendTo
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Recent
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\PrintHood
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\NetHood
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Documents\My Videos
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Documents\My Pictures
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Documents\My Music
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\My Documents
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Local Settings
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\AppData\Local\History
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Cookies
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\Application Data
[2010/06/14 04:48:51 | 000,000,000 | -HSD | C] -- C:\Users\psychomagnet\AppData\Local\Application Data
[2010/06/14 04:48:51 | 000,000,000 | -H-D | C] -- C:\Users\psychomagnet\AppData
[2010/06/14 04:48:51 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Temp
[2010/06/14 04:48:51 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Local\Microsoft
[2010/06/14 04:48:51 | 000,000,000 | ---D | C] -- C:\Users\psychomagnet\AppData\Roaming\Media Center Programs
[2010/06/14 04:38:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/14 04:35:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/07 03:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2009/07/15 05:40:40 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/04 09:22:40 | 004,718,592 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat
[2010/09/04 09:20:15 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 09:20:15 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 09:16:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\psychomagnet\Desktop\OTL.exe
[2010/09/04 09:12:59 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2010/09/04 09:12:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/04 09:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/04 09:12:41 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/04 09:11:08 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/04 09:11:08 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/04 09:11:08 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/09/04 09:10:44 | 007,580,117 | -H-- | M] () -- C:\Users\psychomagnet\AppData\Local\IconCache.db
[2010/09/04 08:48:15 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012310401-441671931-1320911503-1001UA.job
[2010/09/03 23:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012310401-441671931-1320911503-1001Core.job
[2010/08/31 23:43:53 | 000,008,472 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Boost.xlsx
[2010/08/29 20:00:14 | 000,743,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/29 20:00:14 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/29 20:00:14 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/29 09:17:03 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/08/29 08:13:46 | 075,469,476 | ---- | M] () -- C:\Users\psychomagnet\Desktop\FreeAgentCN.zip
[2010/08/28 16:44:47 | 000,001,142 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/28 16:44:47 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/28 16:44:07 | 001,870,163 | ---- | M] () -- C:\Users\psychomagnet\Desktop\dixmlsetup.exe
[2010/08/28 15:49:24 | 000,000,987 | ---- | M] () -- C:\Users\psychomagnet\Desktop\7-Zip File Manager.lnk
[2010/08/28 14:48:16 | 000,000,000 | ---- | M] () -- C:\Users\psychomagnet\defogger_reenable
[2010/08/28 11:09:09 | 015,427,584 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\psychomagnet\Desktop\cbSetup.exe
[2010/08/27 20:53:42 | 000,000,036 | ---- | M] () -- C:\Users\psychomagnet\AppData\Local\housecall.guid.cache
[2010/08/27 20:52:28 | 000,009,978 | ---- | M] () -- C:\Users\psychomagnet\Desktop\http.docx
[2010/08/27 19:04:19 | 000,001,974 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/27 19:04:19 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/27 18:55:21 | 000,002,441 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Google Chrome.lnk
[2010/08/27 18:55:21 | 000,002,318 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/27 18:51:47 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 18:51:47 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 18:51:47 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TM.blf
[2010/08/27 17:16:48 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 17:16:48 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 17:16:48 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TM.blf
[2010/08/26 23:41:43 | 001,145,852 | ---- | M] () -- C:\Users\psychomagnet\Desktop\aztec_calendar.png
[2010/08/26 23:09:28 | 000,401,661 | ---- | M] () -- C:\Users\psychomagnet\Desktop\aztec_calendar.jpg
[2010/08/25 21:04:58 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/08/24 18:20:55 | 000,802,150 | ---- | M] () -- C:\Users\psychomagnet\Desktop\2009-05-Amusing-Ourselves-to-Death.png
[2010/08/22 22:06:05 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/22 12:12:14 | 000,000,966 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/08/22 12:12:14 | 000,000,942 | ---- | M] () -- C:\Users\psychomagnet\Desktop\DVDFab 7.lnk
[2010/08/17 08:52:14 | 000,006,078 | ---- | M] () -- C:\Users\psychomagnet\Desktop\41097_139870766047975_100000751580953_165675_5112883_n.jpg
[2010/08/11 19:02:51 | 000,900,096 | ---- | M] (Advanced PC Media LLC) -- C:\Users\psychomagnet\Desktop\TweaksLogon.exe
[2010/08/10 21:21:55 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/10 21:21:55 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/08/10 21:21:55 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/08/10 21:21:55 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2010/08/10 20:40:49 | 000,469,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:39:09 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/10 20:39:09 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/10 20:39:09 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TM.blf
[2010/08/10 20:28:56 | 000,001,172 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 20:28:56 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 20:22:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/08 00:01:10 | 000,012,400 | ---- | M] () -- C:\Users\psychomagnet\Desktop\evelina-5_018.jpg
[2010/08/03 21:20:00 | 000,010,368 | ---- | M] () -- C:\Users\psychomagnet\Documents\auto ins 2010 6 months.docx
[2010/07/24 17:18:48 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 17:18:48 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 17:18:48 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TM.blf
[2010/07/23 21:27:20 | 000,001,599 | ---- | M] () -- C:\Users\psychomagnet\Desktop\NETBOOK.lnk
[2010/07/23 21:21:27 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 21:19:27 | 000,002,027 | ---- | M] () -- C:\Users\psychomagnet\Desktop\avi.NET.lnk
[2010/07/22 22:49:20 | 000,007,607 | ---- | M] () -- C:\Users\psychomagnet\AppData\Local\Resmon.ResmonCfg
[2010/07/21 19:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 19:30:30 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 19:30:30 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TM.blf
[2010/07/21 18:26:25 | 733,777,922 | ---- | M] () -- C:\Title01.avi
[2010/07/18 09:00:18 | 000,002,040 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Network.lnk
[2010/07/18 08:44:29 | 000,000,146 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Sound - Shortcut.lnk
[2010/07/18 02:06:08 | 756,567,768 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/17 11:56:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/07/17 11:56:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/07/17 11:24:41 | 000,001,723 | ---- | M] () -- C:\Users\psychomagnet\Desktop\TRANSFER.xlsx - Shortcut.lnk
[2010/07/16 18:32:56 | 000,001,105 | ---- | M] () -- C:\Users\psychomagnet\Desktop\!Documentz - Shortcut.lnk
[2010/07/16 17:30:14 | 000,001,741 | ---- | M] () -- C:\Users\psychomagnet\Desktop\2010 Money.lnk
[2010/07/12 20:04:34 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/07/09 22:15:34 | 000,001,230 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Calculator.lnk
[2010/07/08 20:29:59 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/07/08 20:21:01 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/08 20:19:33 | 000,114,624 | ---- | M] () -- C:\Users\psychomagnet\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/08 12:40:42 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 12:40:42 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 12:40:42 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TM.blf
[2010/07/08 12:40:25 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2010/07/08 12:39:48 | 000,002,655 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Microsoft Office Excel.lnk
[2010/07/08 12:39:45 | 000,002,693 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Microsoft Office Word.lnk
[2010/07/05 22:38:34 | 000,432,898 | ---- | M] () -- C:\Users\psychomagnet\Documents\DMCA_DHS6207_Medi-Cal_Disclosure_Statement.pdf
[2010/07/05 13:07:59 | 000,001,246 | ---- | M] () -- C:\Users\psychomagnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/05 13:07:00 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/07/03 15:34:35 | 000,000,398 | ---- | M] () -- C:\Windows\win.ini
[2010/07/03 11:12:11 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2010/07/02 13:52:32 | 000,002,040 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/02 13:52:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/06/30 15:14:57 | 000,001,014 | ---- | M] () -- C:\Users\psychomagnet\Desktop\SpywareBlaster.lnk
[2010/06/30 12:52:33 | 010,867,624 | ---- | M] () -- C:\Users\psychomagnet\Desktop\SAS_788615C3.COM
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 11:03:52 | 000,001,018 | ---- | M] () -- C:\Users\psychomagnet\Desktop\CCleaner.lnk
[2010/06/27 21:48:32 | 000,000,100 | ---- | M] () -- C:\Users\psychomagnet\AppData\Local\fusioncache.dat
[2010/06/27 21:47:13 | 000,759,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/27 18:40:56 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/06/27 18:40:56 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/06/27 18:40:56 | 000,133,632 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/06/27 18:40:56 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/06/27 18:40:55 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/06/25 16:04:02 | 000,076,800 | ---- | M] () -- C:\Users\psychomagnet\Documents\MASTER CIN VERIFY 6-25-10.xls
[2010/06/24 13:29:22 | 000,000,536 | ---- | M] () -- C:\Users\psychomagnet\Desktop\(E) Movie Storage(dvd).lnk
[2010/06/24 13:29:19 | 000,000,532 | ---- | M] () -- C:\Users\psychomagnet\Desktop\(D) South Park-WoW 2.lnk
[2010/06/24 13:29:11 | 000,000,531 | ---- | M] () -- C:\Users\psychomagnet\Desktop\(H) Free Agent Drive.lnk
[2010/06/21 22:42:38 | 000,002,180 | ---- | M] () -- C:\Users\psychomagnet\Desktop\RuneScape.lnk
[2010/06/18 09:00:27 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010/06/15 19:26:08 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/06/15 19:16:25 | 000,001,448 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/15 16:34:37 | 000,000,940 | ---- | M] () -- C:\Users\psychomagnet\Desktop\LuaEdit.lnk
[2010/06/15 15:41:59 | 000,001,302 | ---- | M] () -- C:\Users\psychomagnet\Desktop\ChromePasswordList - Shortcut.lnk
[2010/06/15 15:41:14 | 000,000,312 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Curse Client.appref-ms
[2010/06/15 13:28:01 | 000,004,514 | ---- | M] () -- C:\Users\psychomagnet\Documents\cc_20100615_132752.reg
[2010/06/15 13:27:39 | 000,027,254 | ---- | M] () -- C:\Users\psychomagnet\Documents\cc_20100615_132730.reg
[2010/06/14 23:25:09 | 000,099,384 | ---- | M] () -- C:\Users\psychomagnet\AppData\Roaming\inst.exe
[2010/06/14 23:25:09 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2010/06/14 23:25:09 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.sys
[2010/06/14 23:25:09 | 000,007,859 | ---- | M] () -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.cat
[2010/06/14 23:25:09 | 000,001,167 | ---- | M] () -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.inf
[2010/06/14 18:46:33 | 000,000,869 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Xpadder - Shortcut.lnk
[2010/06/14 14:41:10 | 000,001,478 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Launcher - Shortcut.lnk
[2010/06/14 14:20:28 | 000,002,374 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Creative Console Launcher.lnk
[2010/06/14 14:15:04 | 000,000,924 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Ventrilo.lnk
[2010/06/14 14:15:04 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/14 14:10:30 | 000,001,083 | ---- | M] () -- C:\Users\psychomagnet\Desktop\PC Wizard 2010.lnk
[2010/06/14 14:04:51 | 000,001,044 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:04:51 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:00:05 | 000,001,013 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\LegalSounds Music Downloader.lnk
[2010/06/14 14:00:05 | 000,000,989 | ---- | M] () -- C:\Users\psychomagnet\Desktop\LegalSounds Music Downloader.lnk
[2010/06/14 13:14:43 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2010/06/14 13:00:28 | 000,007,412 | ---- | M] () -- C:\Windows\SysNative\drivers\PCTAppEvent.cat
[2010/06/14 12:41:01 | 000,001,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/06/14 11:56:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/06/14 11:36:12 | 000,000,926 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Download.lnk
[2010/06/14 11:05:46 | 000,001,018 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Program Files (x86).lnk
[2010/06/14 11:05:37 | 000,000,964 | ---- | M] () -- C:\Users\psychomagnet\Desktop\Program Files.lnk
[2010/06/14 10:58:24 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 10:58:24 | 000,524,288 | -HS- | M] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 10:58:24 | 000,065,536 | -HS- | M] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/14 05:33:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/06/14 05:33:36 | 000,000,296 | RHS- | M] () -- C:\Boot.ini.saved
[2010/06/14 05:33:36 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/06/14 04:48:51 | 000,000,020 | -HS- | M] () -- C:\Users\psychomagnet\ntuser.ini
[2010/06/14 04:39:21 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/06/14 04:39:21 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/14 04:37:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/13 18:41:20 | 000,286,720 | ---- | M] () -- C:\Users\psychomagnet\Documents\Database1.accdb
[2010/06/10 21:56:24 | 000,020,616 | ---- | M] () -- C:\Users\psychomagnet\Documents\World of Warcraft Retail.pin
[2010/06/08 19:42:25 | 000,001,111 | ---- | M] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2010/06/07 16:58:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/07 16:58:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/07 16:58:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/07 11:58:24 | 000,000,000 | -H-- | M] () -- C:\Users\psychomagnet\Documents\Default.rdp
[2010/06/07 00:40:42 | 000,000,296 | -H-- | M] () -- C:\Boot.BAK
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 23:43:52 | 000,008,472 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Boost.xlsx
[2010/08/29 09:17:03 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/08/29 08:14:44 | 075,469,476 | ---- | C] () -- C:\Users\psychomagnet\Desktop\FreeAgentCN.zip
[2010/08/28 16:44:47 | 000,001,142 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/28 16:44:47 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/08/28 16:44:01 | 001,870,163 | ---- | C] () -- C:\Users\psychomagnet\Desktop\dixmlsetup.exe
[2010/08/28 15:49:24 | 000,000,987 | ---- | C] () -- C:\Users\psychomagnet\Desktop\7-Zip File Manager.lnk
[2010/08/28 14:48:16 | 000,000,000 | ---- | C] () -- C:\Users\psychomagnet\defogger_reenable
[2010/08/27 20:53:42 | 000,000,036 | ---- | C] () -- C:\Users\psychomagnet\AppData\Local\housecall.guid.cache
[2010/08/27 20:52:13 | 000,009,978 | ---- | C] () -- C:\Users\psychomagnet\Desktop\http.docx
[2010/08/27 18:46:41 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 18:46:41 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 18:46:41 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0980e0ba-b246-11df-b232-001e8c25a10f}.TM.blf
[2010/08/27 17:16:48 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/27 17:16:48 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/27 17:16:48 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{72589254-b238-11df-8cab-001e8c25a10f}.TM.blf
[2010/08/26 23:22:59 | 001,145,852 | ---- | C] () -- C:\Users\psychomagnet\Desktop\aztec_calendar.png
[2010/08/26 23:09:27 | 000,401,661 | ---- | C] () -- C:\Users\psychomagnet\Desktop\aztec_calendar.jpg
[2010/08/25 21:04:58 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/08/24 18:19:45 | 000,802,150 | ---- | C] () -- C:\Users\psychomagnet\Desktop\2009-05-Amusing-Ourselves-to-Death.png
[2010/08/22 22:06:05 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/17 08:52:12 | 000,006,078 | ---- | C] () -- C:\Users\psychomagnet\Desktop\41097_139870766047975_100000751580953_165675_5112883_n.jpg
[2010/08/10 20:28:56 | 000,001,172 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 20:28:56 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/08/10 20:18:27 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/10 20:18:27 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/10 20:18:26 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{d28e2db5-a4f5-11df-afa2-001e8c25a10f}.TM.blf
[2010/08/08 00:01:10 | 000,012,400 | ---- | C] () -- C:\Users\psychomagnet\Desktop\evelina-5_018.jpg
[2010/08/03 20:23:28 | 000,010,368 | ---- | C] () -- C:\Users\psychomagnet\Documents\auto ins 2010 6 months.docx
[2010/07/23 21:27:20 | 000,001,599 | ---- | C] () -- C:\Users\psychomagnet\Desktop\NETBOOK.lnk
[2010/07/23 21:21:27 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/23 21:21:24 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/07/23 21:21:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/07/23 21:21:24 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/07/23 21:19:49 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2010/07/23 21:19:49 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2010/07/23 21:19:27 | 000,002,027 | ---- | C] () -- C:\Users\psychomagnet\Desktop\avi.NET.lnk
[2010/07/23 21:03:16 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/23 21:03:16 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 21:03:16 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{0a643b34-96d7-11df-b0bb-001e8c25a10f}.TM.blf
[2010/07/22 22:49:20 | 000,007,607 | ---- | C] () -- C:\Users\psychomagnet\AppData\Local\Resmon.ResmonCfg
[2010/07/21 18:06:04 | 733,777,922 | ---- | C] () -- C:\Title01.avi
[2010/07/18 09:28:21 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/18 09:28:21 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/18 09:28:21 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{f603f9d7-9287-11df-91f6-001e8c25a10f}.TM.blf
[2010/07/18 08:52:20 | 000,002,040 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Network.lnk
[2010/07/18 08:44:29 | 000,000,146 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Sound - Shortcut.lnk
[2010/07/18 02:06:08 | 756,567,768 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/17 11:56:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/07/17 11:56:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010/07/17 11:24:41 | 000,001,723 | ---- | C] () -- C:\Users\psychomagnet\Desktop\TRANSFER.xlsx - Shortcut.lnk
[2010/07/16 18:32:56 | 000,001,105 | ---- | C] () -- C:\Users\psychomagnet\Desktop\!Documentz - Shortcut.lnk
[2010/07/12 16:13:33 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/07/09 22:15:34 | 000,001,230 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Calculator.lnk
[2010/07/08 20:21:31 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/07/08 20:21:01 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/07/08 16:42:31 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/07/08 12:39:48 | 000,002,655 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Microsoft Office Excel.lnk
[2010/07/08 12:39:45 | 000,002,693 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Microsoft Office Word.lnk
[2010/07/08 12:38:28 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TMContainer00000000000000000002.regtrans-ms
[2010/07/08 12:38:28 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TMContainer00000000000000000001.regtrans-ms
[2010/07/08 12:38:28 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat{417800e5-8ac8-11df-a5d4-001e8c25a10f}.TM.blf
[2010/07/05 22:38:34 | 000,432,898 | ---- | C] () -- C:\Users\psychomagnet\Documents\DMCA_DHS6207_Medi-Cal_Disclosure_Statement.pdf
[2010/07/05 13:07:59 | 000,001,246 | ---- | C] () -- C:\Users\psychomagnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/05 13:07:00 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/07/03 11:12:11 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 2.lnk
[2010/07/03 10:49:01 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\objsafe.tlb
[2010/07/03 10:49:01 | 000,001,453 | ---- | C] () -- C:\Windows\SysWow64\Project2.INF
[2010/07/02 13:52:32 | 000,002,040 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/02 13:52:32 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/06/30 15:14:57 | 000,001,014 | ---- | C] () -- C:\Users\psychomagnet\Desktop\SpywareBlaster.lnk
[2010/06/30 12:52:07 | 010,867,624 | ---- | C] () -- C:\Users\psychomagnet\Desktop\SAS_788615C3.COM
[2010/06/27 21:48:32 | 000,000,100 | ---- | C] () -- C:\Users\psychomagnet\AppData\Local\fusioncache.dat
[2010/06/26 20:41:45 | 000,759,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/25 16:04:02 | 000,076,800 | ---- | C] () -- C:\Users\psychomagnet\Documents\MASTER CIN VERIFY 6-25-10.xls
[2010/06/24 13:29:22 | 000,000,536 | ---- | C] () -- C:\Users\psychomagnet\Desktop\(E) Movie Storage(dvd).lnk
[2010/06/24 13:29:19 | 000,000,532 | ---- | C] () -- C:\Users\psychomagnet\Desktop\(D) South Park-WoW 2.lnk
[2010/06/24 13:29:11 | 000,000,531 | ---- | C] () -- C:\Users\psychomagnet\Desktop\(H) Free Agent Drive.lnk
[2010/06/22 21:43:50 | 000,065,196 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/06/22 21:43:50 | 000,001,376 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/06/21 22:42:38 | 000,002,180 | ---- | C] () -- C:\Users\psychomagnet\Desktop\RuneScape.lnk
[2010/06/18 09:00:27 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2010/06/15 19:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/15 19:25:55 | 000,001,974 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/15 19:25:55 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/15 19:16:25 | 000,001,448 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/15 16:34:37 | 000,000,940 | ---- | C] () -- C:\Users\psychomagnet\Desktop\LuaEdit.lnk
[2010/06/15 15:41:59 | 000,001,302 | ---- | C] () -- C:\Users\psychomagnet\Desktop\ChromePasswordList - Shortcut.lnk
[2010/06/15 15:41:14 | 000,000,312 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Curse Client.appref-ms
[2010/06/15 13:27:59 | 000,004,514 | ---- | C] () -- C:\Users\psychomagnet\Documents\cc_20100615_132752.reg
[2010/06/15 13:27:37 | 000,027,254 | ---- | C] () -- C:\Users\psychomagnet\Documents\cc_20100615_132730.reg
[2010/06/15 13:26:40 | 000,001,018 | ---- | C] () -- C:\Users\psychomagnet\Desktop\CCleaner.lnk
[2010/06/15 08:36:38 | 000,001,741 | ---- | C] () -- C:\Users\psychomagnet\Desktop\2010 Money.lnk
[2010/06/14 23:25:28 | 000,000,034 | ---- | C] () -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.log
[2010/06/14 23:25:09 | 000,099,384 | ---- | C] () -- C:\Users\psychomagnet\AppData\Roaming\inst.exe
[2010/06/14 23:25:09 | 000,007,859 | ---- | C] () -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.cat
[2010/06/14 23:25:09 | 000,001,167 | ---- | C] () -- C:\Users\psychomagnet\AppData\Roaming\pcouffin.inf
[2010/06/14 23:25:07 | 000,000,966 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/06/14 23:25:07 | 000,000,942 | ---- | C] () -- C:\Users\psychomagnet\Desktop\DVDFab 7.lnk
[2010/06/14 23:08:25 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2010/06/14 18:46:33 | 000,000,869 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Xpadder - Shortcut.lnk
[2010/06/14 14:41:10 | 000,001,478 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Launcher - Shortcut.lnk
[2010/06/14 14:20:28 | 000,002,374 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Creative Console Launcher.lnk
[2010/06/14 14:16:38 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/14 14:16:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/06/14 14:15:04 | 000,000,924 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Ventrilo.lnk
[2010/06/14 14:15:01 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/06/14 14:10:30 | 000,001,083 | ---- | C] () -- C:\Users\psychomagnet\Desktop\PC Wizard 2010.lnk
[2010/06/14 14:04:51 | 000,001,044 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:04:51 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/14 14:00:05 | 000,001,013 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\LegalSounds Music Downloader.lnk
[2010/06/14 14:00:05 | 000,000,989 | ---- | C] () -- C:\Users\psychomagnet\Desktop\LegalSounds Music Downloader.lnk
[2010/06/14 13:14:43 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2010/06/14 13:14:35 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2010/06/14 13:14:35 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2010/06/14 13:14:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2010/06/14 13:00:28 | 000,007,412 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTAppEvent.cat
[2010/06/14 12:46:33 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Canon My Printer.lnk
[2010/06/14 12:45:53 | 000,012,544 | ---- | C] () -- C:\Windows\SysWow64\CNC173CD.TBL
[2010/06/14 12:45:53 | 000,012,544 | ---- | C] () -- C:\Windows\SysNative\CNC173CD.TBL
[2010/06/14 12:42:16 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/06/14 12:41:01 | 000,001,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/06/14 11:56:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/06/14 11:38:33 | 000,002,441 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Google Chrome.lnk
[2010/06/14 11:38:33 | 000,002,318 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/14 11:38:01 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012310401-441671931-1320911503-1001UA.job
[2010/06/14 11:38:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1012310401-441671931-1320911503-1001Core.job
[2010/06/14 11:36:12 | 000,000,926 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Download.lnk
[2010/06/14 11:05:46 | 000,001,018 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Program Files (x86).lnk
[2010/06/14 11:05:37 | 000,000,964 | ---- | C] () -- C:\Users\psychomagnet\Desktop\Program Files.lnk
[2010/06/14 10:58:32 | 000,065,196 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010/06/14 10:57:06 | 000,214,528 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010/06/14 10:57:06 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/14 10:57:06 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010/06/14 10:57:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/06/14 10:57:06 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/06/14 10:56:52 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\CT1MGM.ROM
[2010/06/14 10:56:52 | 001,048,576 | ---- | C] () -- C:\Windows\SysNative\CT1MGM.ROM
[2010/06/14 10:56:52 | 000,008,386 | ---- | C] () -- C:\Windows\SysWow64\CTAPO64.UDA
[2010/06/14 10:56:52 | 000,005,530 | ---- | C] () -- C:\Windows\SysWow64\CTMLFX64.UDA
[2010/06/14 10:56:52 | 000,005,430 | ---- | C] () -- C:\Windows\SysNative\SBXFi.ico
[2010/06/14 10:56:52 | 000,001,688 | ---- | C] () -- C:\Windows\SysNative\XFi.bmp
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default8.sfm
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default8.sfm
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default4.sfm
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default4.sfm
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default.sfm
[2010/06/14 10:56:52 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default.sfm
[2010/06/14 10:56:52 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/06/14 10:54:02 | 007,572,224 | ---- | C] () -- C:\Windows\SysNative\CT8MGM.SF2
[2010/06/14 10:54:02 | 004,174,814 | ---- | C] () -- C:\Windows\SysNative\CT4MGM.SF2
[2010/06/14 10:54:02 | 002,167,684 | ---- | C] () -- C:\Windows\SysNative\CT2MGM.SF2
[2010/06/14 10:53:56 | 007,572,224 | ---- | C] () -- C:\Windows\SysWow64\CT8MGM.SF2
[2010/06/14 10:53:53 | 004,174,814 | ---- | C] () -- C:\Windows\SysWow64\CT4MGM.SF2
[2010/06/14 10:53:51 | 002,167,684 | ---- | C] () -- C:\Windows\SysWow64\CT2MGM.SF2
[2010/06/14 10:53:45 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2010/06/14 10:53:12 | 000,006,130 | ---- | C] () -- C:\Windows\SysNative\CTOPT352.cat
[2010/06/14 10:53:12 | 000,006,010 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat
[2010/06/14 10:35:36 | 000,001,111 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2010/06/14 05:06:03 | 000,020,616 | ---- | C] () -- C:\Users\psychomagnet\Documents\World of Warcraft Retail.pin
[2010/06/14 05:06:03 | 000,000,000 | -H-- | C] () -- C:\Users\psychomagnet\Documents\Default.rdp
[2010/06/14 05:06:02 | 000,286,720 | ---- | C] () -- C:\Users\psychomagnet\Documents\Database1.accdb
[2010/06/14 04:48:51 | 004,718,592 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat
[2010/06/14 04:48:51 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/06/14 04:48:51 | 000,524,288 | -HS- | C] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/06/14 04:48:51 | 000,262,144 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat.LOG1
[2010/06/14 04:48:51 | 000,065,536 | -HS- | C] () -- C:\Users\psychomagnet\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/06/14 04:48:51 | 000,000,290 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/14 04:48:51 | 000,000,272 | ---- | C] () -- C:\Users\psychomagnet\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/14 04:48:51 | 000,000,020 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.ini
[2010/06/14 04:48:51 | 000,000,000 | -HS- | C] () -- C:\Users\psychomagnet\ntuser.dat.LOG2
[2010/06/14 04:37:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/07/15 06:26:54 | 000,029,644 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009/07/15 05:38:02 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/08 08:39:36 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008/09/19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2010/07/08 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/07/08 13:59:38 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/07/08 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/08 12:40:19 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\DisplayFusion
[2010/07/21 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\DVD2AVI Ripper
[2010/06/23 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\DVDFab
[2010/08/06 22:48:44 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\iLike
[2010/06/14 05:03:07 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\LegalSounds
[2010/07/05 13:07:37 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\OpenOffice.org
[2010/06/14 05:03:24 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\PowerUp Software
[2010/06/21 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Smart Recorder
[2010/07/15 21:00:48 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\SystemRequirementsLab
[2010/07/02 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Thunderbird
[2010/07/03 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Trusteer
[2010/06/27 21:49:27 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Turbine
[2010/07/23 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\VobSub
[2010/08/22 12:12:19 | 000,000,000 | ---D | M] -- C:\Users\psychomagnet\AppData\Roaming\Vso
[2009/07/13 22:08:49 | 000,018,140 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 18:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 18:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2007/08/30 22:58:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/06/04 23:47:52 | 000,025,502 | ---- | M] () -- C:\aaw7boot.log
[2007/10/03 23:07:23 | 000,000,000 | ---- | M] () -- C:\amt1
[2007/10/06 22:40:30 | 000,028,672 | ---- | M] () -- C:\ASLog.txt
[2007/08/29 18:24:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/07 00:40:42 | 000,000,296 | -H-- | M] () -- C:\Boot.BAK
[2010/06/14 05:33:36 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/06/14 05:33:36 | 000,000,296 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/14 05:33:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2004/08/04 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2007/08/29 18:24:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/02 16:59:20 | 000,000,277 | ---- | M] () -- C:\debugInstaller.txt
[2010/09/04 09:12:41 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/29 18:24:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/09/30 15:57:48 | 000,061,588 | ---- | M] () -- C:\MALog.txt
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2007/08/29 18:24:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/01 14:22:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/04 09:12:45 | 4294,238,207 | -HS- | M] () -- C:\pagefile.sys
[2008/08/08 17:26:54 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/07/21 18:26:25 | 733,777,922 | ---- | M] () -- C:\Title01.avi
[2009/01/20 15:42:10 | 000,001,771 | ---- | M] () -- C:\tracert.txt
[2008/01/07 18:47:33 | 608,108,544 | ---- | M] () -- C:\WinLite.iso
[2007/08/30 17:03:08 | 000,000,140 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\XPISO\I386\sp2.cab:AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\XPISO\I386\sp2.cab:atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

< MD5 for: WS2_32.DLL >
[2009/07/13 18:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:B44A9ABF
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\system32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >


OTL Extras logfile created on: 9/4/2010 9:20:58 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\psychomagnet\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 140.42 Gb Free Space | 47.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 86.34 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 56.89 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 663.76 Gb Free Space | 71.26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive L: | 29.64 Mb Total Space | 22.05 Mb Free Space | 74.38% Space Free | Partition Type: FAT

Computer Name: TOWER
Current User Name: psychomagnet
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E4F5551F-BF8D-43B0-B895-D758E72D83D9}" = iLike Sidebar
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F01F95F8-7596-469D-A44B-C104106BA5F9}" = RuneScape Launcher 1.0.1
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802
"3DMIDI" = Creative 3DMIDI Player
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"avi.NET 3.1.5.0" = avi.NET 3.1.5.0
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.10
"Canon MP490 series User Registration" = Canon MP490 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.6 (Evaluation)
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4
"LuaEdit_is1" = LuaEdit 3.0.3 RC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_AAC_Plugin_is1" = MediaMonkey AAC Plug-in 1.0
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"Rapport_msi" = Rapport
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"VobSub" = VobSub v2.23 (Remove Only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1012310401-441671931-1320911503-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2010 4:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 5:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 6:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 7:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 8:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 9:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 10:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 11:48:05 AM | Computer Name = tower | Source = Google Update | ID = 20
Description =

Error - 9/4/2010 12:13:21 PM | Computer Name = tower | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/4/2010 12:20:36 PM | Computer Name = tower | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.11.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: bd4 Start Time:
01cb4c4ca535345e Termination Time: 2 Application Path: C:\Users\psychomagnet\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service
terminated unexpectedly. It has done this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Rapport Launching Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Seagate Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/4/2010 12:13:52 PM | Computer Name = tower | Source = Service Control Manager | ID = 7034
Description = The Rapport Management Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >







#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 04 September 2010 - 02:55 PM

Hello, ndnjon.

Comodo may have been conflicting with the Windows firewall. You should only have one firewall running at a time or they can conflict and create access issues.

I'm not seeing much in the logs but lets look a bit deeper.



I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 September 2010 - 08:59 PM

is it normal for ESET to not have a list of threats button to push? It took several hours for the scan, and when I checked on my computer it said no threats were found, but I couldn't locate a button or tab to do what you asked.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 05 September 2010 - 06:17 AM

That's normal if nothing is found. This matches what I see in the logs. Let's try another one to be sure, but it doesn't appear to be malware related. You may want to run this overnight as it will take a few hours as well.


Please go to the Kaspersky websiteand perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares

Edited by etavares, 05 September 2010 - 06:18 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 05 September 2010 - 10:45 AM

ok, so I ran the scan, and it found nothing. My computer for the most part is running ok. The only problems that seems to remain, is that my SuperAntiSpyware will crash firefox when i try to open it. The other problems I still have is that my banking software Trusteer Rapport has to be started manually, which will also at times still close itself with out warning. Other system items that will close are my Malwarebytes AntiMalware (which I have to re-enable the the protection module everytime i re open) Display Fusion taskbar, Windows 7 gadgets, Yahoo Messenger, my Logitech mouse features, like zoom, when i restart them they work for a while, but will notice later that they have been stopped. There may be more but I haven't noticed them yet.

I may try uninstalling SuperAntiSpyware, and then reinstalling Comodo to see if its SuperAntiSpyware that's the problem. I'm open to any suggestions. My other question is what would you recommend as 64 bit alternatives to Comodo Firewall, and SuperAntispyware, in case I can't get them working correctly. I currently use Avast AntiVirus, Malware Anti-Malware and Spyware Blaster, in addition to Comodo and SAS.

It's somewhat relieving to have all these scans not find anything, but at the same time frustrating, as most of my protection software is being disabled and without warning. wacko.gif

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 5, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 05, 2010 10:20:20
Records in database: 4192755
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan statistics:
Objects scanned: 177335
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:10:45

No threats found. Scanned area is clean.

Selected area has been scanned.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 06 September 2010 - 08:42 AM

Hello, ndnjon.

OK, this is a reach, but we'll run another scan looking for an MBR infection. With WIndows 7, I use Avast 5, MBAM and the Windows Firewall. There's really no need for a third-party firewall. If you do like locking down the outbound side (programs on your computer accessing the internet), starting with Windows Vista, that's included in the Windows firewall, you just need to enable it.





Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 06 September 2010 - 08:42 AM

Hello, ndnjon.

OK, this is a reach, but we'll run another scan looking for an MBR infection. With WIndows 7, I use Avast 5, MBAM and the Windows Firewall. There's really no need for a third-party firewall. If you do like locking down the outbound side (programs on your computer accessing the internet), starting with Windows Vista, that's included in the Windows firewall, you just need to enable it.





Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 06 September 2010 - 09:59 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x00001f7d

Kernel Drivers (total 214):
0x02E04000 \SystemRoot\system32\ntoskrnl.exe
0x033E0000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00C90000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C9D000 \SystemRoot\system32\PSHED.dll
0x00CB1000 \SystemRoot\system32\CLFS.SYS
0x00D0F000 \SystemRoot\system32\CI.dll
0x00ECE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F72000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F81000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FEB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DCF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C35000 \SystemRoot\system32\drivers\fltmgr.sys
0x010A7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01221000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010BB000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01119000 \SystemRoot\System32\Drivers\cng.sys
0x013DE000 \SystemRoot\System32\drivers\pcw.sys
0x013EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014B1000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x015A3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015ED000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0118C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0148B000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x01493000 \SystemRoot\System32\Drivers\mup.sys
0x014A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0103A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x01074000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02B01000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B2B000 \SystemRoot\System32\Drivers\Null.SYS
0x02B34000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B3B000 \SystemRoot\System32\drivers\vga.sys
0x02B49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B6E000 \SystemRoot\System32\drivers\watchdog.sys
0x02B7E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B87000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B90000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02B99000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02BA4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02BB5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BD3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02BE0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x02A8A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02A94000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02AD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03CAA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03CD0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03CDF000 \SystemRoot\system32\DRIVERS\serial.sys
0x03CFC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D17000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D2B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D35000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D90000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x03DA3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DAF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03DBA000 \SystemRoot\System32\drivers\discache.sys
0x03C00000 \SystemRoot\system32\drivers\csc.sys
0x03C83000 \SystemRoot\System32\Drivers\dfsc.sys
0x03DC9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DDA000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03EB3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03ED9000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0FC4C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x108BA000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x108BC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x109B0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03EEE000 \SystemRoot\system32\drivers\ctaud2k.sys
0x0FC00000 \SystemRoot\system32\drivers\portcls.sys
0x03F97000 \SystemRoot\system32\drivers\drmk.sys
0x03FB9000 \SystemRoot\system32\drivers\ks.sys
0x03E00000 \SystemRoot\system32\drivers\ctoss2k.sys
0x0FC3D000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x0FC45000 \SystemRoot\system32\drivers\ksthunk.sys
0x03E31000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03E3C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E92000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03EA3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0405B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0407F000 \SystemRoot\system32\DRIVERS\fdc.sys
0x0408C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x040AA000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x040B7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x040C6000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
0x040E5000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0x0410C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0411B000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04123000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0412F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0416D000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x041D2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041E2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046EE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04709000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0472A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04744000 \SystemRoot\System32\Drivers\pcouffin.sys
0x04759000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04764000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04766000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04778000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04C08000 \SystemRoot\system32\drivers\ha20x22k.sys
0x04D98000 \SystemRoot\system32\drivers\emupia2k.sys
0x04600000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x04DE2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04638000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x04654000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x05648000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x057AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05835000 \SystemRoot\system32\drivers\HdAudio.sys
0x05891000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0589F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x058AB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x058B4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x058C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x058D3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\ATMFD.DLL
0x00960000 \SystemRoot\System32\cdd.dll
0x058E1000 \SystemRoot\system32\drivers\luafv.sys
0x05904000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0591E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05927000 \SystemRoot\system32\drivers\WudfPf.sys
0x05948000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0595D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06C7F000 \SystemRoot\system32\drivers\HTTP.sys
0x06D47000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06D65000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06D7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06DAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x076A7000 \SystemRoot\system32\drivers\peauth.sys
0x0774D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07758000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07785000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07797000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07600000 \SystemRoot\System32\DRIVERS\srv.sys
0x06C23000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x07696000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06C36000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06C4F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x076A4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06C58000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05975000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05986000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05992000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x059AD000 \SystemRoot\system32\drivers\usbaudio.sys
0x059C8000 \SystemRoot\system32\drivers\skfiltv.sys
0x059D5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x057C1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06C75000 \??\C:\Windows\system32\drivers\mbam.sys
0x0B6C0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0B6CB000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77360000 \Windows\System32\ntdll.dll
0x48480000 \Windows\System32\smss.exe
0xFF680000 \Windows\System32\apisetschema.dll
0xFF990000 \Windows\System32\autochk.exe
0xFF460000 \Windows\System32\ole32.dll
0xFF450000 \Windows\System32\lpk.dll
0xFF430000 \Windows\System32\imagehlp.dll
0xFF350000 \Windows\System32\oleaut32.dll
0xFF220000 \Windows\System32\wininet.dll
0xFF1B0000 \Windows\System32\gdi32.dll
0x77530000 \Windows\System32\psapi.dll
0xFF110000 \Windows\System32\clbcatq.dll
0xFF0F0000 \Windows\System32\sechost.dll
0xFF070000 \Windows\System32\difxapi.dll
0xFE2E0000 \Windows\System32\shell32.dll
0xFE200000 \Windows\System32\advapi32.dll
0xFE0D0000 \Windows\System32\rpcrt4.dll
0xFE080000 \Windows\System32\ws2_32.dll
0xFE030000 \Windows\System32\Wldap32.dll
0xFE020000 \Windows\System32\nsi.dll
0xFDFA0000 \Windows\System32\shlwapi.dll
0xFDE90000 \Windows\System32\msctf.dll
0x77260000 \Windows\System32\user32.dll
0x77520000 \Windows\System32\normaliz.dll
0xFDDF0000 \Windows\System32\comdlg32.dll
0xFDC70000 \Windows\System32\urlmon.dll
0xFDA10000 \Windows\System32\iertutil.dll
0xFD830000 \Windows\System32\setupapi.dll
0xFD800000 \Windows\System32\imm32.dll
0xFD730000 \Windows\System32\usp10.dll
0xFD690000 \Windows\System32\msvcrt.dll
0x77140000 \Windows\System32\kernel32.dll
0xFD650000 \Windows\System32\wintrust.dll
0xFD610000 \Windows\System32\cfgmgr32.dll
0xFD5A0000 \Windows\System32\KernelBase.dll
0xFD500000 \Windows\System32\comctl32.dll
0xFD4E0000 \Windows\System32\devobj.dll
0xFD370000 \Windows\System32\crypt32.dll
0xFD360000 \Windows\System32\msasn1.dll

Processes (total 61):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
380 csrss.exe
452 C:\Windows\System32\wininit.exe
488 csrss.exe
516 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1280 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1528 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1680 C:\Windows\SysWOW64\svchost.exe
1776 C:\Windows\System32\svchost.exe
2052 C:\Windows\System32\svchost.exe
2972 C:\Windows\System32\svchost.exe
2356 WUDFHost.exe
3688 C:\Windows\System32\taskhost.exe
3788 C:\Windows\System32\dwm.exe
3816 C:\Windows\explorer.exe
3628 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3612 C:\Windows\SysWOW64\Ctxfihlp.exe
920 C:\Windows\SysWOW64\CTxfispi.exe
624 C:\Windows\System32\SearchIndexer.exe
4512 C:\Windows\System32\svchost.exe
2776 C:\Windows\System32\svchost.exe
4024 C:\Program Files\Windows Media Player\wmpnetwk.exe
3120 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
940 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1804 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3644 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3192 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3008 C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
2504 C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
3880 C:\Program Files\Windows Sidebar\sidebar.exe
1768 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
1124 WmiPrvSE.exe
4592 C:\Program Files\iPod\bin\iPodService.exe
1612 C:\Windows\System32\taskmgr.exe
4328 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
5020 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2724 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
4980 C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
4396 C:\Users\psychomagnet\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
1004 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
664 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1172 C:\Users\psychomagnet\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
3456 C:\Windows\System32\taskeng.exe
2148 C:\Windows\System32\SearchProtocolHost.exe
3848 C:\Windows\System32\SearchFilterHost.exe
2024 C:\Users\psychomagnet\Desktop\MBRCheck.exe
1936 C:\Windows\System32\conhost.exe
5076 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3320620AS
PhysicalDrive1 Model Number: Maxtor6L250S0, Rev: BANC1G10
PhysicalDrive2 Model Number: ST3250823AS, Rev: 3.02

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: 5C5B536CA74DD93C2B44631E7CB75D1609A20076


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 06 September 2010 - 10:37 AM

Deleted double post.

Edited by etavares, 08 September 2010 - 05:41 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 08 September 2010 - 05:41 PM

Hello, ndnjon.

OK, have a few ideas. Let's rule out a virus that can infect 64 bit machines but behaves erratically.

If not, I have a few non malware related ideas.





Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\windows\explorer.exe
C;\windows\system32\wininit.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 September 2010 - 07:00 PM

ok, I tried the scans, and nothing was found for both files. My SuperAntiSpyware will still crash my Firefox, Display Fusion task bar program, Win 7 desktop gadgets, and there are many services stopped, about 114 services total. I haven't tried uninstalling anything.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 09 September 2010 - 06:03 PM

Hello, ndnjon.

OK, first, let's disable the windows update service. There are many cases where that fails and takes out lots of other services.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2


Click start and copy/paste the bold text and press enter.
sc config wuauserv start= disabled




Step 3

Please go to Start --> Run and copy and paste the text in the box below (exluding the word code)

CODE
reg query HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost /s > c:\reglog.txt


and click OK.

Please attach c:\reglog.txt to your reply.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 ndnjon

ndnjon
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 09 September 2010 - 10:49 PM

ok, i get to step 3 and have a problem. I am assuming in step 2 that I copy and paste the bold text into the field in the bottom of the tab labeled 'search programs and files' with a magnifying glass to the right. Then to step 3, when i press the start button, there is no 'run' like there is in windows xp. so i copy and pasted the text below code into the same field I used for step two. A command window opens and then closes really fast, and I can't find the c:\reglog.txt file when I look to C drive.

On another note, yesterday I was checking to see if my SuperAntiSpyware would still crash my firefox, which it did. But I was prompted to check for a SuperAntiSpyware update which I selected, and it was updated.(I may have had several instances of SAS open at the time, and the update went through. Later I noticed that it seemed to fix some of the symptoms.

When I got home and read your message, I rebooted my computer to get ready to follow your instructions, and noticed that none of the programs were affected by Superantispyware starting, and my other programs loaded just fine, and when I hover over my system tray all the icons stay where they are supposed to. (before they would all disappear when I hovered over them.)

Can explain how to complete step 3, so I can send you the reglog file. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users