Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown virus...g drive gone


  • This topic is locked This topic is locked
17 replies to this topic

#1 lenny.coffee

lenny.coffee

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 06 November 2010 - 06:38 AM

My G drive has vanished, therefore I cant access it or any of the stuff on it


DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by Lenny at 22:06:54.47 on Sat 06/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.4031.2538 [GMT 11:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Lenny\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\6d082xhb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: C:\Users\Lenny\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AvgRkx64;avgrkx64.sys;C:\Windows\System32\drivers\avgrkx64.sys [2010-10-16 56008]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-10-16 269320]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-10-16 35464]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\System32\drivers\avgtdia.sys [2010-10-16 317520]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-10-16 916760]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-10-16 308064]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2010-11-3 41280]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2009-10-21 767488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2010-11-3 43328]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-13 1255736]

=============== Created Last 30 ================

2010-11-03 14:47:43 -------- d-----w- C:\Windows\SysWow64\zh-CHT
2010-11-03 14:47:42 -------- d-----w- C:\Windows\SysWow64\drivers\zh-TW
2010-11-03 14:47:40 -------- d-----w- C:\Windows\SysWow64\wbem\zh-TW
2010-11-03 14:47:39 -------- d-----w- C:\Windows\SysWow64\wbem\zh-HK
2010-11-03 14:47:38 -------- d-----w- C:\Windows\zh-TW
2010-11-03 14:47:38 -------- d-----w- C:\Windows\System32\zh-CHT
2010-11-03 14:47:32 -------- d-----w- C:\Windows\System32\drivers\zh-TW
2010-11-03 14:47:32 -------- d-----w- C:\Windows\System32\drivers\zh-HK
2010-11-03 14:47:32 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-TW
2010-11-03 14:47:31 -------- d-----w- C:\Windows\System32\wbem\zh-TW
2010-11-03 14:47:30 -------- d-----w- C:\Windows\System32\wbem\zh-HK
2010-11-03 14:39:59 -------- d-----w- C:\Windows\SysWow64\drivers\ko-KR
2010-11-03 14:39:51 -------- d-----w- C:\Windows\SysWow64\wbem\ko-KR
2010-11-03 14:39:51 -------- d-----w- C:\Windows\SysWow64\ko
2010-11-03 14:39:51 -------- d-----w- C:\Windows\ko-KR
2010-11-03 14:39:50 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2010-11-03 14:39:50 -------- d-----w- C:\Windows\System32\drivers\ko-KR
2010-11-03 14:39:40 -------- d-----w- C:\Windows\System32\ko
2010-11-03 14:39:39 -------- d-----w- C:\Windows\System32\wbem\ko-KR
2010-11-03 14:32:22 -------- d-----w- C:\Windows\SysWow64\zh-CHS
2010-11-03 14:32:22 -------- d-----w- C:\Windows\SysWow64\drivers\zh-CN
2010-11-03 14:32:20 -------- d-----w- C:\Windows\SysWow64\wbem\zh-CN
2010-11-03 14:32:07 -------- d-----w- C:\Windows\System32\zh-CHS
2010-11-03 14:32:07 -------- d-----w- C:\Windows\System32\drivers\zh-CN
2010-11-03 14:32:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN
2010-11-03 14:32:05 -------- d-----w- C:\Windows\System32\wbem\zh-CN
2010-11-03 14:31:55 -------- d-----w- C:\Windows\zh-CN
2010-11-03 14:18:42 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2010-11-03 13:51:44 -------- d-----w- C:\Windows\ja-JP
2010-11-03 13:51:40 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2010-11-03 13:51:40 -------- d-----w- C:\Windows\SysWow64\ja
2010-11-03 13:51:40 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP
2010-11-03 13:51:40 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP
2010-11-03 13:51:40 -------- d-----w- C:\Windows\SysWow64\0411
2010-11-03 13:51:39 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP
2010-11-03 13:51:30 -------- d-----w- C:\Windows\System32\ja
2010-11-03 13:51:30 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP
2010-11-03 13:51:30 -------- d-----w- C:\Windows\System32\drivers\ja-JP
2010-11-03 13:51:30 -------- d-----w- C:\Windows\System32\0411
2010-11-03 13:51:27 -------- d-----w- C:\Windows\System32\wbem\ja-JP
2010-11-03 13:15:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-03 13:15:51 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-03 13:15:51 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-03 13:15:51 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-03 13:15:51 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-03 13:15:51 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-03 13:15:51 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-03 13:15:28 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-11-03 11:25:15 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2010-11-03 11:25:09 -------- d-----w- C:\Intel
2010-11-03 11:24:29 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2010-11-03 11:16:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-11-03 11:15:26 -------- d-----w- C:\Users\Lenny\AppData\Local\Microsoft Help
2010-11-03 10:57:54 -------- d-----w- C:\Program Files (x86)\Canon
2010-11-03 10:52:44 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2010-11-03 10:52:41 63488 ----a-w- C:\Windows\System32\CNCLSD23.DLL
2010-11-03 10:52:41 45056 ----a-w- C:\Windows\System32\CNCLST23.DLL
2010-11-03 10:52:41 38912 ----a-w- C:\Windows\System32\cncilsc.dll
2010-11-03 10:52:41 37376 ----a-w- C:\Windows\System32\CNCLSI23.DLL
2010-11-03 10:52:41 32768 ----a-w- C:\Windows\System32\CNCLSC23.DLL
2010-11-03 10:52:41 32256 ----a-w- C:\Windows\System32\CNCI4100.DLL
2010-11-03 10:52:41 25600 ----a-w- C:\Windows\System32\CNCL4100.DLL
2010-11-03 10:52:41 21504 ----a-w- C:\Windows\System32\CNCLSU23.DLL
2010-11-03 10:52:41 188928 ----a-w- C:\Windows\System32\CNCC4100.DLL
2010-11-03 10:52:35 32768 ----a-w- C:\Windows\System32\CNAS0MMK.DLL
2010-11-03 10:52:34 -------- d-----w- C:\Program Files\Canon
2010-11-03 10:41:15 -------- d-----w- C:\Windows\SysWow64\RTCOM
2010-11-03 10:41:15 -------- d-----w- C:\Program Files\Realtek
2010-11-03 10:37:32 -------- d-----w- C:\Users\Lenny\Tracing
2010-11-03 10:35:17 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2010-11-03 10:34:57 -------- d-----w- C:\Windows\PCHEALTH
2010-11-03 10:33:34 -------- d-----w- C:\Users\Lenny\AppData\Local\ATI
2010-11-03 10:32:42 -------- d-----w- C:\Program Files (x86)\Microsoft
2010-11-03 10:28:58 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-11-03 10:28:41 -------- d-----w- C:\Program Files\ATI Technologies
2010-11-03 10:28:39 -------- d-----w- C:\Program Files\ATI
2010-11-03 10:28:01 -------- d-----w- C:\ATI
2010-11-03 10:23:04 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2010-11-03 10:20:40 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-11-03 10:19:59 -------- d-----w- C:\Users\Lenny\AppData\Local\ElevatedDiagnostics
2010-11-03 10:06:37 -------- d-----w- C:\Program Files\iPod
2010-11-03 10:06:36 -------- d-----w- C:\Program Files\iTunes
2010-11-03 10:06:36 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-03 10:05:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-11-03 10:04:38 -------- d-----w- C:\Program Files\Bonjour
2010-11-03 10:04:38 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-03 10:00:55 43328 ----a-w- C:\Windows\System32\drivers\PCAMp50a64.sys
2010-11-03 10:00:55 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2010-11-03 10:00:51 26624 ----a-w- C:\Windows\SysWow64\drivers\jswpslwfx.sys
2010-10-16 22:11:16 -------- d-----w- C:\Windows\Panther
2010-10-16 11:12:16 -------- d-----w- C:\Program Files (x86)\Atheros
2010-10-16 11:07:54 -------- d-----w- C:\Program Files (x86)\NETGEAR
2010-10-16 11:07:41 -------- d-----w- C:\PROGRA~3\NETGEAR
2010-10-16 11:07:17 -------- d-----w- C:\Windows\Downloaded Installations
2010-10-16 11:03:28 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2010-10-16 10:58:01 -------- d-----w- C:\Users\Lenny\AppData\Local\Apple Computer
2010-10-16 10:57:46 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-10-16 10:57:46 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-10-16 10:57:46 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-10-16 10:57:28 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-10-16 10:56:36 -------- d-----w- C:\Users\Lenny\AppData\Local\Apple
2010-10-16 10:55:54 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-10-16 10:55:41 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-10-16 10:55:31 -------- d-----w- C:\Users\Lenny\AppData\Roaming\uTorrent
2010-10-16 10:55:22 -------- d-----w- C:\Users\Lenny\AppData\Roaming\Malwarebytes
2010-10-16 10:55:18 38160 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-16 10:55:17 22040 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-16 10:55:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-16 10:55:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-16 10:54:23 -------- d-----w- C:\Program Files (x86)\CCleaner
2010-10-16 10:53:02 -------- d-----w- C:\Users\Lenny\AppData\Roaming\IDM
2010-10-16 10:53:01 -------- d-----w- C:\Users\Lenny\AppData\Roaming\DMCache
2010-10-16 10:52:56 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-10-16 10:52:56 12976 ----a-w- C:\Windows\System32\avgrssta.dll
2010-10-16 10:52:56 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2010-10-16 10:52:55 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-10-16 10:52:51 269320 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-10-16 10:52:50 35464 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-10-16 10:52:50 -------- d-----w- C:\Windows\System32\drivers\Avg
2010-10-16 10:52:42 -------- d-----w- C:\Program Files (x86)\AVG
2010-10-16 10:52:41 -------- d-----w- C:\PROGRA~3\avg9
2010-10-16 10:52:03 -------- d-----w- C:\Program Files (x86)\CoreCodec
2010-10-16 10:51:31 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-10-16 03:44:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-16 03:44:43 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-16 03:44:43 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-16 03:44:43 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-16 03:44:43 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-16 03:44:43 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-16 03:44:43 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-16 03:44:43 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-16 03:44:43 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-16 03:44:43 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-16 03:39:34 -------- d-sh--w- C:\Windows\Installer
2010-10-16 03:38:49 -------- d-sh--w- C:\Recovery
2010-10-16 03:15:24 0 ----a-w- C:\Windows\ativpsrm.bin
2010-10-13 12:24:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-13 12:24:10 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-13 12:23:50 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 12:23:50 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-13 12:23:50 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-13 12:23:50 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-13 12:23:27 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-10-13 12:23:27 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-10-13 12:21:57 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-13 12:21:57 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-13 12:21:57 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-13 12:21:57 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-13 12:21:57 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-13 12:21:37 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-13 12:21:37 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-13 12:20:51 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-13 12:20:51 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-13 12:20:12 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-13 12:20:12 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-13 12:19:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-13 12:19:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-13 12:19:32 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-10-13 12:19:32 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-10-13 12:19:13 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-10-13 12:18:24 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-10-13 12:18:24 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-10-13 12:18:08 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-10-13 12:17:04 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-13 12:17:04 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-13 12:16:46 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-10-13 12:16:46 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-10-13 12:16:29 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-13 12:16:08 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-10-13 12:16:08 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-10-13 12:16:08 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-10-13 12:15:49 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-10-13 12:15:49 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-10-13 12:15:25 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-10-13 12:15:25 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-10-13 12:15:00 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-10-13 12:15:00 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-10-13 12:14:32 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-10-13 12:14:32 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-10-13 12:14:32 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-10-13 12:14:32 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-10-13 12:14:08 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-10-13 12:14:07 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-10-13 12:14:07 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-10-13 12:13:51 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-13 12:13:51 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-13 12:13:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-13 12:13:50 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-13 12:13:00 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-10-13 12:13:00 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-10-13 12:12:39 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 12:12:39 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-13 12:12:39 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-13 12:12:39 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-13 12:12:20 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-13 12:12:03 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-10-13 12:12:02 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-10-13 12:10:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2010-10-13 12:10:47 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2010-10-13 12:10:47 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2010-10-13 12:10:47 243200 ----a-w- C:\Windows\System32\wow64.dll
2010-10-13 12:10:47 2048 ----a-w- C:\Windows\SysWow64\user.exe
2010-10-13 12:10:47 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2010-10-13 12:10:29 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-10-13 12:10:29 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-10-13 12:10:12 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-10-13 12:10:12 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-10-13 12:10:12 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2010-10-13 12:10:12 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2010-10-13 12:09:53 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-10-13 12:09:53 2870272 ----a-w- C:\Windows\explorer.exe
2010-10-13 12:09:53 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-10-13 12:09:12 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-10-13 12:07:57 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-10-13 12:07:57 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-10-13 12:07:24 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-10-13 12:07:24 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-10-13 12:07:24 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2010-10-13 12:06:31 100864 ----a-w- C:\Windows\System32\fontsub.dll
2010-10-13 12:06:30 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-10-13 12:06:10 -------- d-----w- C:\Windows\SysWow64\Wat
2010-10-13 12:06:10 -------- d-----w- C:\Windows\System32\Wat

==================== Find3M ====================

2010-10-16 03:43:53 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-10-16 03:43:44 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-13 12:22:52 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-10-13 12:22:52 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-10-13 12:22:52 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-13 12:22:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-10-13 12:22:51 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-10-13 12:22:51 482816 ----a-w- C:\Windows\System32\html.iec
2010-10-13 12:22:51 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-10-13 12:22:51 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-10-13 12:22:15 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-10-13 12:10:47 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 00:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 00:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 22:07:38.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 14 November 2010 - 07:00 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 14 November 2010 - 07:17 AM

I installed Rku and tried to run it, but I got this error:

Posted Image

OTL

OTL logfile created on: 14/11/2010 11:04:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Lenny\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 30.10 Gb Total Space | 5.58 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive D: | 173.39 Gb Total Space | 91.43 Gb Free Space | 52.73% Space Free | Partition Type: NTFS

Computer Name: LENNY-PC | User Name: Lenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 23:04:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL_2.exe
PRC - [2010/11/03 21:09:07 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/10/27 17:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 17:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 22:05:16 | 002,815,408 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2010/10/16 21:52:45 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/10/16 21:52:45 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/10/16 21:52:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/16 21:52:44 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/10/16 21:52:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 11:31:00 | 001,557,880 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\MF Toolbox Ver4.9\MFTBOX.exe
PRC - [2009/12/24 08:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/10/10 10:07:04 | 001,728,512 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008/02/19 00:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2005/07/16 08:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 23:04:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL_2.exe
MOD - [2010/10/13 23:21:37 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/03/27 02:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\idmmkb.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/11 16:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 21:52:45 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/10/16 21:52:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 08:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DNISp50a64.sys -- (DNISp50a64)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DNIMp50a64.sys -- (DNIMp50a64)
DRV:64bit: - [2010/10/16 21:52:56 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/10/16 21:52:55 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/10/16 21:52:51 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/10/16 21:52:50 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/10/16 21:51:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 16:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/02/11 18:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/21 12:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 8C 00 E0 3C 7B CB 01 [binary data]
IE - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/03 21:14:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/03 22:18:18 | 000,000,000 | ---D | M]

[2010/11/03 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions
[2010/11/03 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\6d082xhb.default\extensions
[2010/11/03 21:14:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3635381637-1645959762-1203659913-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 23:04:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL_2.exe
[2010/11/04 01:47:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHT
[2010/11/04 01:47:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-TW
[2010/11/04 01:47:38 | 000,000,000 | ---D | C] -- C:\Windows\zh-TW
[2010/11/04 01:47:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHT
[2010/11/04 01:47:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2010/11/04 01:47:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-HK
[2010/11/04 01:42:43 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-TW\pscr.sys.mui
[2010/11/04 01:42:22 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerIb.sys.mui
[2010/11/04 01:42:21 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerId.sys.mui
[2010/11/04 01:42:21 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrParwdm.sys.mui
[2010/11/04 01:39:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ko-KR
[2010/11/04 01:39:51 | 000,000,000 | ---D | C] -- C:\Windows\ko-KR
[2010/11/04 01:39:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ko
[2010/11/04 01:39:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2010/11/04 01:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko
[2010/11/04 01:34:35 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ko-KR\pscr.sys.mui
[2010/11/04 01:34:19 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ko-KR\BrSerIb.sys.mui
[2010/11/04 01:34:18 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ko-KR\BrSerId.sys.mui
[2010/11/04 01:34:18 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ko-KR\BrParwdm.sys.mui
[2010/11/04 01:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-CN
[2010/11/04 01:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHS
[2010/11/04 01:32:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2010/11/04 01:32:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHS
[2010/11/04 01:31:55 | 000,000,000 | ---D | C] -- C:\Windows\zh-CN
[2010/11/04 01:25:42 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-CN\pscr.sys.mui
[2010/11/04 01:25:26 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerId.sys.mui
[2010/11/04 01:25:26 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerIb.sys.mui
[2010/11/04 01:25:26 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrParwdm.sys.mui
[2010/11/04 01:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/11/04 00:51:44 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP
[2010/11/04 00:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010/11/04 00:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP
[2010/11/04 00:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja
[2010/11/04 00:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411
[2010/11/04 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2010/11/04 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja
[2010/11/04 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2010/11/04 00:46:40 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui
[2010/11/04 00:46:07 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui
[2010/11/04 00:46:06 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui
[2010/11/04 00:46:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui
[2010/11/03 22:25:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/11/03 22:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/11/03 22:25:09 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/03 22:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2010/11/03 22:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/11/03 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/11/03 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/11/03 22:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/03 22:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/11/03 22:15:26 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Microsoft Help
[2010/11/03 22:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/11/03 22:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/11/03 22:15:00 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/03 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010/11/03 21:52:44 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonMF Uninstaller Information
[2010/11/03 21:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/11/03 21:41:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/11/03 21:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/11/03 21:40:40 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010/11/03 21:40:40 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/11/03 21:40:40 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/11/03 21:40:40 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/11/03 21:40:40 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/11/03 21:40:37 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/11/03 21:40:36 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/11/03 21:40:36 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/11/03 21:40:36 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/11/03 21:40:36 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/11/03 21:40:36 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/11/03 21:40:34 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010/11/03 21:40:34 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/11/03 21:40:33 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010/11/03 21:40:33 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010/11/03 21:40:33 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010/11/03 21:40:33 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010/11/03 21:40:33 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010/11/03 21:40:33 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010/11/03 21:40:33 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/11/03 21:40:33 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010/11/03 21:40:33 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010/11/03 21:40:33 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010/11/03 21:40:33 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010/11/03 21:40:33 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010/11/03 21:40:33 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010/11/03 21:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/11/03 21:40:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/11/03 21:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/11/03 21:37:32 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Tracing
[2010/11/03 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/11/03 21:34:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/03 21:33:34 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\ATI
[2010/11/03 21:33:34 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\ATI
[2010/11/03 21:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/11/03 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/11/03 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/03 21:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/11/03 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/11/03 21:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/11/03 21:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/11/03 21:28:01 | 000,000,000 | ---D | C] -- C:\ATI
[2010/11/03 21:24:30 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\DriverGenius
[2010/11/03 21:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2010/11/03 21:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/11/03 21:19:59 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\ElevatedDiagnostics
[2010/11/03 21:19:35 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Macromedia
[2010/11/03 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Mozilla
[2010/11/03 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Mozilla
[2010/11/03 21:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/11/03 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/03 21:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/03 21:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/03 21:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/03 21:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/03 21:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/03 21:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Adobe
[2010/11/03 21:00:55 | 000,043,328 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys
[2010/11/03 21:00:55 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2010/11/03 21:00:51 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\drivers\jswpslwfx.sys
[2010/10/17 09:11:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/16 22:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2010/10/16 22:07:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\installshield installation information
[2010/10/16 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2010/10/16 22:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
[2010/10/16 22:07:17 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/10/16 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010/10/16 21:58:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Apple Computer
[2010/10/16 21:58:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Apple Computer
[2010/10/16 21:57:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/10/16 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/10/16 21:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/10/16 21:56:36 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\vlc
[2010/10/16 21:56:36 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Apple
[2010/10/16 21:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/10/16 21:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/16 21:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/10/16 21:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/10/16 21:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/10/16 21:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/10/16 21:55:31 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\uTorrent
[2010/10/16 21:55:22 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Malwarebytes
[2010/10/16 21:55:18 | 000,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/16 21:55:17 | 000,022,040 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/16 21:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/16 21:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/16 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/10/16 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/10/16 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\IDM
[2010/10/16 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Downloads
[2010/10/16 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\DMCache
[2010/10/16 21:52:56 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/10/16 21:52:56 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/10/16 21:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/10/16 21:52:55 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/10/16 21:52:51 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/10/16 21:52:50 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/10/16 21:52:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/10/16 21:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/10/16 21:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/10/16 21:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreCodec
[2010/10/16 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\WinRAR
[2010/10/16 21:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/10/16 14:49:41 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Searches
[2010/10/16 14:49:41 | 000,000,000 | -H-D | C] -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/10/16 14:49:33 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Identities
[2010/10/16 14:49:30 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Contacts
[2010/10/16 14:49:28 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\VirtualStore
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\AppData\Local\Temporary Internet Files
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Templates
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Start Menu
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\SendTo
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Recent
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\PrintHood
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\NetHood
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Documents\My Videos
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Documents\My Pictures
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Documents\My Music
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\My Documents
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Local Settings
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\AppData\Local\History
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Cookies
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\Application Data
[2010/10/16 14:49:25 | 000,000,000 | -HSD | C] -- C:\Users\Lenny\AppData\Local\Application Data
[2010/10/16 14:49:24 | 000,000,000 | --SD | C] -- C:\Users\Lenny\AppData\Roaming\Microsoft
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Videos
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Saved Games
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Pictures
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Music
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Links
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Favorites
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Downloads
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\My Documents
[2010/10/16 14:49:24 | 000,000,000 | R--D | C] -- C:\Users\Lenny\Desktop
[2010/10/16 14:49:24 | 000,000,000 | -H-D | C] -- C:\Users\Lenny\AppData
[2010/10/16 14:49:24 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Temp
[2010/10/16 14:49:24 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\Microsoft
[2010/10/16 14:49:24 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Media Center Programs
[2010/10/16 14:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/16 14:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/16 14:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/10/16 14:43:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/10/16 14:43:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/10/16 14:43:20 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/10/16 14:43:19 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python31.dll
[2010/10/16 14:43:19 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2010/10/16 14:43:19 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2010/10/16 14:43:19 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2010/10/16 14:43:19 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2010/10/16 14:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/16 14:39:34 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/16 14:38:49 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/10/16 14:15:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/16 14:12:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/16 14:12:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010/11/14 23:05:25 | 000,629,057 | ---- | M] () -- C:\Users\Lenny\Desktop\RkU3.8.388.590.rar
[2010/11/14 23:04:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Desktop\OTL_2.exe
[2010/11/14 22:46:56 | 067,613,425 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/14 14:01:35 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:01:35 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 13:52:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 13:52:44 | 3170,050,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 22:10:17 | 000,287,041 | ---- | M] () -- C:\Users\Lenny\Desktop\gmer.zip
[2010/11/06 22:06:39 | 000,629,248 | ---- | M] () -- C:\Users\Lenny\Desktop\dds.scr
[2010/11/06 20:30:59 | 002,839,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/06 20:30:59 | 000,663,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/06 20:30:59 | 000,430,692 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2010/11/06 20:30:59 | 000,419,098 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2010/11/06 20:30:59 | 000,403,524 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2010/11/06 20:30:59 | 000,386,422 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2010/11/06 20:30:59 | 000,124,400 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2010/11/06 20:30:59 | 000,124,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/06 20:30:59 | 000,122,688 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2010/11/06 20:30:59 | 000,122,260 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2010/11/06 20:30:59 | 000,117,346 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2010/11/04 11:16:58 | 000,295,424 | ---- | M] () -- C:\Users\Lenny\Desktop\gmer.exe
[2010/11/04 03:18:10 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/04 01:47:16 | 000,117,840 | ---- | M] () -- C:\Windows\SysNative\prfi0404.dat
[2010/11/04 01:47:16 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0404.dat
[2010/11/04 01:41:09 | 000,000,406 | ---- | M] () -- C:\Users\Public\Desktop\Messenger Center.lnk
[2010/11/04 01:41:09 | 000,000,406 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Center.lnk
[2010/11/04 01:39:32 | 000,157,694 | ---- | M] () -- C:\Windows\SysNative\perfi012.dat
[2010/11/04 01:39:32 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd012.dat
[2010/11/04 01:31:42 | 000,111,310 | ---- | M] () -- C:\Windows\SysNative\prfi0804.dat
[2010/11/04 01:31:42 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0804.dat
[2010/11/04 01:18:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/11/04 01:18:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/11/04 00:54:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/11/04 00:51:19 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat
[2010/11/04 00:51:19 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat
[2010/11/04 00:16:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf
[2010/11/03 22:24:30 | 000,001,973 | ---- | M] () -- C:\Users\Lenny\Desktop\Update Checker.lnk
[2010/11/03 22:19:04 | 000,000,020 | ---- | M] () -- C:\Users\Lenny\Documents\gpfax.adr
[2010/11/03 22:19:04 | 000,000,008 | ---- | M] () -- C:\Users\Lenny\Documents\gpfax.idx
[2010/11/03 21:57:55 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010/11/03 21:57:01 | 000,000,000 | -H-- | M] () -- C:\Users\Lenny\Documents\Default.rdp
[2010/11/03 21:41:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/11/03 21:23:09 | 000,001,115 | ---- | M] () -- C:\Users\Lenny\Desktop\Driver Genius Professional Edition.lnk
[2010/11/03 21:14:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/03 21:14:49 | 000,001,967 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/03 21:14:49 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/03 21:09:04 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2010/11/03 21:06:54 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/03 21:05:42 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/03 21:00:41 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
[2010/11/03 21:00:41 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WN111v2 Smart Wizard.lnk
[2010/10/17 10:44:22 | 000,159,363 | ---- | M] () -- C:\Users\Lenny\Documents\dhaergaerg.xps
[2010/10/17 10:37:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/16 22:03:42 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/10/16 21:55:58 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/16 21:55:20 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 21:53:28 | 000,001,441 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/16 21:52:57 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/10/16 21:52:56 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/10/16 21:52:56 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/10/16 21:52:55 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/10/16 21:52:51 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/10/16 21:52:50 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/10/16 21:52:50 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/10/16 21:51:31 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/10/16 14:49:09 | 000,763,706 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/16 14:16:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/10/16 14:16:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/10/16 14:15:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2010/11/14 23:05:25 | 000,629,057 | ---- | C] () -- C:\Users\Lenny\Desktop\RkU3.8.388.590.rar
[2010/11/14 13:55:28 | 000,000,728 | ---- | C] () -- C:\Users\Lenny\Sti_Trace.log
[2010/11/06 22:10:31 | 000,295,424 | ---- | C] () -- C:\Users\Lenny\Desktop\gmer.exe
[2010/11/06 22:10:15 | 000,287,041 | ---- | C] () -- C:\Users\Lenny\Desktop\gmer.zip
[2010/11/06 22:06:33 | 000,629,248 | ---- | C] () -- C:\Users\Lenny\Desktop\dds.scr
[2010/11/04 01:48:34 | 000,117,840 | ---- | C] () -- C:\Windows\SysNative\prfi0404.dat
[2010/11/04 01:48:33 | 000,403,524 | ---- | C] () -- C:\Windows\SysNative\prfh0404.dat
[2010/11/04 01:48:33 | 000,117,346 | ---- | C] () -- C:\Windows\SysNative\prfc0404.dat
[2010/11/04 01:48:33 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0404.dat
[2010/11/04 01:41:09 | 000,000,406 | ---- | C] () -- C:\Users\Public\Desktop\Messenger Center.lnk
[2010/11/04 01:41:09 | 000,000,406 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Center.lnk
[2010/11/04 01:40:50 | 000,157,694 | ---- | C] () -- C:\Windows\SysNative\perfi012.dat
[2010/11/04 01:40:49 | 000,430,692 | ---- | C] () -- C:\Windows\SysNative\perfh012.dat
[2010/11/04 01:40:49 | 000,122,688 | ---- | C] () -- C:\Windows\SysNative\perfc012.dat
[2010/11/04 01:40:49 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd012.dat
[2010/11/04 01:33:16 | 000,111,310 | ---- | C] () -- C:\Windows\SysNative\prfi0804.dat
[2010/11/04 01:33:15 | 000,386,422 | ---- | C] () -- C:\Windows\SysNative\prfh0804.dat
[2010/11/04 01:33:15 | 000,122,260 | ---- | C] () -- C:\Windows\SysNative\prfc0804.dat
[2010/11/04 01:33:15 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0804.dat
[2010/11/04 01:18:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/11/04 01:18:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/11/04 00:54:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/11/04 00:52:50 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat
[2010/11/04 00:52:49 | 000,419,098 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat
[2010/11/04 00:52:49 | 000,124,400 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat
[2010/11/04 00:52:49 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat
[2010/11/04 00:16:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf
[2010/11/03 22:24:30 | 000,001,973 | ---- | C] () -- C:\Users\Lenny\Desktop\Update Checker.lnk
[2010/11/03 22:19:04 | 000,000,020 | ---- | C] () -- C:\Users\Lenny\Documents\gpfax.adr
[2010/11/03 22:19:04 | 000,000,008 | ---- | C] () -- C:\Users\Lenny\Documents\gpfax.idx
[2010/11/03 21:57:55 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2010/11/03 21:57:01 | 000,000,000 | -H-- | C] () -- C:\Users\Lenny\Documents\Default.rdp
[2010/11/03 21:52:41 | 000,000,332 | ---- | C] () -- C:\Windows\SysNative\CNCMFP23.INI
[2010/11/03 21:41:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/11/03 21:23:09 | 000,001,115 | ---- | C] () -- C:\Users\Lenny\Desktop\Driver Genius Professional Edition.lnk
[2010/11/03 21:14:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/03 21:14:49 | 000,001,967 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/03 21:14:49 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/03 21:09:04 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2010/11/03 21:06:54 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/03 21:05:42 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/03 21:00:41 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
[2010/11/03 21:00:41 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WN111v2 Smart Wizard.lnk
[2010/10/17 10:44:21 | 000,159,363 | ---- | C] () -- C:\Users\Lenny\Documents\dhaergaerg.xps
[2010/10/17 10:37:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/10/16 22:03:42 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/10/16 21:55:58 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/16 21:55:20 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 21:53:28 | 000,001,441 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/16 21:52:57 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/10/16 21:52:50 | 067,613,425 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/16 21:52:50 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/10/16 21:51:31 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/10/16 14:49:24 | 000,000,290 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/16 14:49:24 | 000,000,272 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/16 14:47:59 | 000,763,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/16 14:43:20 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2010/10/16 14:43:19 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2010/10/16 14:43:19 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2010/10/16 14:43:19 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2010/10/16 14:43:19 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2010/10/16 14:43:19 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2010/10/16 14:43:19 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2010/10/16 14:15:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/16 14:12:55 | 3170,050,048 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/11/14 23:05:38 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\DMCache
[2010/11/03 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\IDM
[2010/11/14 23:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\uTorrent
[2009/07/14 16:08:49 | 000,004,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras

OTL Extras logfile created on: 14/11/2010 11:04:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Lenny\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 30.10 Gb Total Space | 5.58 Gb Free Space | 18.53% Space Free | Partition Type: NTFS
Drive D: | 173.39 Gb Total Space | 91.43 Gb Free Space | 52.73% Space Free | Partition Type: NTFS

Computer Name: LENNY-PC | User Name: Lenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3635381637-1645959762-1203659913-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{239A8D60-270B-42e8-82D3-60D70A2942E0}" = Canon MF4100 Series
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3635381637-1645959762-1203659913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2010 6:51:12 AM | Computer Name = Lenny-PC | Source = VSS | ID = 8194
Description =

Error - 16/10/2010 6:55:46 AM | Computer Name = Lenny-PC | Source = Application Error | ID = 1000
Description = Faulting application name: utorrent.exe, version: 1.8.3.15772, time
stamp: 0x4a4bb1ec Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x000328bf Faulting process
id: 0xe88 Faulting application start time: 0x01cb6d20a6ec81db Faulting application
path: F:\After reinstalling windows\utorrent.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: ed77ed81-d913-11df-9de1-001d60dc8e6a

[ System Events ]
Error - 3/11/2010 10:49:21 AM | Computer Name = Lenny-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Microsoft - Other hardware - HID Non-User Input Data Filter
(KB 911895).

Error - 3/11/2010 11:19:07 AM | Computer Name = Lenny-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 3/11/2010 12:20:21 PM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 4/11/2010 4:57:39 PM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 6/11/2010 5:28:20 AM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 6/11/2010 6:47:38 AM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 6/11/2010 6:58:57 AM | Computer Name = Lenny-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 13/11/2010 9:09:12 PM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 13/11/2010 10:54:32 PM | Computer Name = Lenny-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 13/11/2010 11:15:45 PM | Computer Name = Lenny-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 14 November 2010 - 07:24 AM

What makes you think this problem is realted to malware? I don't see any sign of malware here.

P2P WARNING
-------------------
Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 15 November 2010 - 09:00 PM

my friend said it was malware... i dont really know much about computers so... :/

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5E-VM DO
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 166):
0x02A1A000 \SystemRoot\system32\ntoskrnl.exe
0x02FF6000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00C31000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C75000 \SystemRoot\system32\PSHED.dll
0x00C89000 \SystemRoot\system32\CLFS.SYS
0x00CE7000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010C9000 \SystemRoot\System32\Drivers\sppg.sys
0x011EF000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB2000 \SystemRoot\system32\DRIVERS\pci.sys
0x0109D000 \SystemRoot\System32\drivers\partmgr.sys
0x010B2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E86000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E8F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EB9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00DA7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00EC4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01223000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01422000 \SystemRoot\System32\Drivers\msrpc.sys
0x01480000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0149A000 \SystemRoot\System32\Drivers\cng.sys
0x0150D000 \SystemRoot\System32\drivers\pcw.sys
0x0151E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162C000 \SystemRoot\system32\drivers\ndis.sys
0x0171E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01528000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x01574000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015AE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E8000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01400000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x00C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01215000 \SystemRoot\System32\Drivers\Null.SYS
0x0141B000 \SystemRoot\System32\Drivers\Beep.SYS
0x00EEB000 \SystemRoot\System32\drivers\vga.sys
0x02C2A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C4F000 \SystemRoot\System32\drivers\watchdog.sys
0x02C5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C68000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C71000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C7A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C85000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C96000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CC1000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02D12000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D57000 \SystemRoot\system32\drivers\afd.sys
0x02DE1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A23000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A32000 \SystemRoot\system32\DRIVERS\serial.sys
0x03A4F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03ACF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03ADB000

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 16 November 2010 - 05:48 AM

That is not the complete log. Can you please verify that this was all?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 20 November 2010 - 07:58 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: P5E-VM DO
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 166):
0x02A1A000 \SystemRoot\system32\ntoskrnl.exe
0x02FF6000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00C31000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C75000 \SystemRoot\system32\PSHED.dll
0x00C89000 \SystemRoot\system32\CLFS.SYS
0x00CE7000 \SystemRoot\system32\CI.dll
0x00EFF000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010C9000 \SystemRoot\System32\Drivers\sppg.sys
0x011EF000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB2000 \SystemRoot\system32\DRIVERS\pci.sys
0x0109D000 \SystemRoot\System32\drivers\partmgr.sys
0x010B2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E86000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E8F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EB9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00DA7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00EC4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01223000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01422000 \SystemRoot\System32\Drivers\msrpc.sys
0x01480000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0149A000 \SystemRoot\System32\Drivers\cng.sys
0x0150D000 \SystemRoot\System32\drivers\pcw.sys
0x0151E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162C000 \SystemRoot\system32\drivers\ndis.sys
0x0171E000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01528000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x01574000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015AE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E8000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01400000 \SystemRoot\System32\Drivers\avgrkx64.sys
0x00C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01215000 \SystemRoot\System32\Drivers\Null.SYS
0x0141B000 \SystemRoot\System32\Drivers\Beep.SYS
0x00EEB000 \SystemRoot\System32\drivers\vga.sys
0x02C2A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C4F000 \SystemRoot\System32\drivers\watchdog.sys
0x02C5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C68000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C71000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C7A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C85000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C96000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CC1000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02D12000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D57000 \SystemRoot\system32\drivers\afd.sys
0x02DE1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DEA000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A23000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A32000 \SystemRoot\system32\DRIVERS\serial.sys
0x03A4F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A6A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A7E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03ACF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03ADB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AE6000 \SystemRoot\System32\drivers\discache.sys
0x03AF5000 \SystemRoot\system32\drivers\csc.sys
0x03B78000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B96000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03BA7000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03BAF000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03C71000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C97000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03E33000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03CAD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x043A3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03DA1000 \SystemRoot\system32\DRIVERS\e1e6032e.sys
0x043E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04403000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04427000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04465000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04472000 \SystemRoot\system32\DRIVERS\parport.sys
0x0448F000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x04497000 \SystemRoot\system32\DRIVERS\serenum.sys
0x044C1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x044D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x044DD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x044ED000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04503000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04527000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04533000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04562000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0457D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0459E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045B8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x045C3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045D2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04AD5000 \SystemRoot\system32\DRIVERS\ks.sys
0x04B18000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04B2A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04B84000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04B8F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A9B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05CD5000 \SystemRoot\system32\drivers\portcls.sys
0x05D12000 \SystemRoot\system32\drivers\drmk.sys
0x05D34000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D3A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05D57000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x000B0000 \SystemRoot\System32\win32k.sys
0x05D59000 \SystemRoot\System32\drivers\Dxapi.sys
0x05D65000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05D77000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05D80000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05D8E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05DA7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05DB5000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05DC1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05DCE000 \SystemRoot\system32\DRIVERS\point64.sys
0x020B9000 \SystemRoot\system32\DRIVERS\WN111v2w7x.sys
0x021C3000 \SystemRoot\System32\drivers\vwifibus.sys
0x021D0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x021E1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x021ED000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02000000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0200C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x02015000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02028000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x00990000 \SystemRoot\System32\ATMFD.DLL
0x02036000 \SystemRoot\system32\drivers\luafv.sys
0x02059000 \SystemRoot\system32\drivers\WudfPf.sys
0x0207A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05A00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0208F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05A53000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04A00000 \SystemRoot\system32\drivers\HTTP.sys
0x05A6B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05DDE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04BA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x038A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x038F4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03917000 \SystemRoot\system32\drivers\peauth.sys
0x039BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x039C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03812000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05EA7000 \SystemRoot\System32\DRIVERS\srv.sys
0x05F3D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05F73000 \SystemRoot\System32\Drivers\PCASp50a64.sys
0x77970000 \Windows\System32\ntdll.dll
0x48390000 \Windows\System32\smss.exe
0xFFC90000 \Windows\System32\apisetschema.dll
0xFFE00000 \Windows\System32\autochk.exe

Processes (total 65):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
416 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
524 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
532 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
600 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
784 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
808 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\Ati2evxx.exe
336 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\Ati2evxx.exe
1564 C:\Windows\System32\dwm.exe
1584 C:\Windows\System32\svchost.exe
1632 C:\Windows\explorer.exe
1836 C:\Windows\System32\spoolsv.exe
1864 C:\Windows\System32\svchost.exe
1944 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1976 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2000 C:\Windows\System32\taskhost.exe
2020 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2056 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2076 C:\Windows\System32\svchost.exe
2540 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2548 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2568 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
2580 C:\Program Files (x86)\uTorrent\uTorrent.exe
2600 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2644 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
2720 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
2888 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
2896 C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
2928 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2960 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3048 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1532 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
592 C:\Program Files (x86)\AVG\AVG9\avgam.exe
2484 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
3300 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3596 C:\Windows\System32\SearchIndexer.exe
3868 C:\Program Files\iPod\bin\iPodService.exe
2840 C:\Program Files\Windows Media Player\wmpnetwk.exe
4228 C:\Windows\System32\svchost.exe
4448 C:\Windows\System32\svchost.exe
4456 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
4620 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
4200 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
3232 C:\Windows\System32\wuauclt.exe
4136 C:\Windows\System32\audiodg.exe
4424 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5000 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3040 C:\Windows\System32\SearchProtocolHost.exe
2776 C:\Windows\System32\SearchFilterHost.exe
4340 C:\Users\Lenny\Desktop\MBRCheck.exe
3744 C:\Windows\System32\conhost.exe
4716 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000032`b2300000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`5343e000 (NTFS)

PhysicalDrive0 Model Number: ST3250620A, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 21 November 2010 - 03:23 AM

Is G a drive or a partition? I see only on drive here with 2 partitions (C and D). What is supposed to be on your G drive?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 November 2010 - 08:13 AM

its a drive

stuff I download, my personal stuff, no system files

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 23 November 2010 - 02:54 PM

Lets see if the following tool sees it.

You're going to need a program called TestDisk. It's a free and open source disk recovery program.

Step 1: Download the TestDisk executable for Windows here: Download
Step 2: Extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:
Posted Image
Press Enter here to create a new log file.

Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:
Posted Image
You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.

Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.

With /dev/sda selected, press Enter

Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).
Posted Image
Press Enter.

Step 7: Select Analyse and press Enter.
Posted Image

Step 8: The next screen will list all found partitions. Press Enter to run a Quick Search.
Posted Image

When asked, say Yes to this screen:
Posted Image

Step 9: If your missing drive is found, it should show up in the list:
Posted Image
Highlight your partition and press P
Press Q until you exit and post me the Testdisk log, which can be found in the Win directory of Testdisk (please do not attach the log, but copy/paste its contents in the reply box).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 24 November 2010 - 01:12 AM

I have 2 hard drives, C and D is partitioned on 1 of them, while G drive is a harddrive by itself on 1 partition

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 24 November 2010 - 05:54 AM

MBRCheck did not see your G drive, which is why I want to see a Testdisk log. Testdisk is usually pretty good at detecting disks.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 24 November 2010 - 08:29 AM

I dont understand which partition I should press P for

Posted Image

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:51 PM

Posted 24 November 2010 - 09:25 AM

Are you sure your G drive is connected correctly? Can you verify if it shows up in BIOS?
Please tell me how big the drive is supposed to be.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 lenny.coffee

lenny.coffee
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 25 November 2010 - 08:51 AM

I've opened up my computer and I can very clearly hear the whirring sound of the drive booting up when I unplug and plug it in

Its supposed to be 500 gb

How do I verify it shows in BIOS?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users