Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Causing Slowdown of Computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 wrikgee

wrikgee

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 07 November 2010 - 04:56 PM


Malware Problem(s) Discussed & Preparation Guide Documented Step-By-Step

/************ PLEASE FORGIVE THE GRAMMAR, THIS HAS TAKEN UP MY ENTIRE SATURDAY MORNING, NOT THAT I MIND BECAUSE YOU ALL DO SUCH AN EXCELLENT JOB AT HELPING US, BUT I AM EAGER TO BE FINISHED AND CAN'T GO OVER IT ANOTHER THREE TIMES...WAIT, I will copy it to Word and check it on there, bbut we all know the grammar checker on there, I mean it is nice of them to work so hard at making a grammar checker, but need I say more:
*************/

Malware Issue::

Hello, I am 97 percent positive that I am infected. My processes are constantly running, even when there are no windows open. This is slowing down the computer tremendously. And on startup, it is taking more time than usual to load to the desktop. It will run a number of startup processes in the background and take a number of minutes before it shows the desktop, whereas it used to right away.

1.) I made sure I backed up my data
2.) I have been checking for a few days to make sure that there is an issue with my computer
3.) I have an account
4.) Topic Reply Notification was Enabled
5.) I have my Firewall Enabled
6.) I downloaded 'Defogger' in order to 'Disable My Emulation Software. I ran the executable and followed the steps to Disable my Emulation Software..

7) I downloaded 'DDS Tool Download Link':

Once it downloaded, I ran the script and waited as the command propt ran the background code and would eventually display the logfiles. When the script was complete, it did indeed display two logfiles for me: DDS.txt and Attach.txt.

When I observed the logfile entitled 'DDS', that there are a number of files that have '*svc*, '*.dll', plus many others in it that do not need to be running. Don't get me wrong, many of them need to be used, I think (as you can tell by my software, I am a software engineer, but I am not an expert at virus creation or removal). Although I saw many processes / services and software that didn't need to be there, but I did not do anything to it, I am waiting for your advice. /when all of this was complete and the logs were saved;

8.) I downloaded 'GMER' from one of the Download Links.

Now I am about to run GMER. The appearance of the checkboxes are different in my operating system, Vista Ultimate (x64), as compared to the screen shot on your 'Preparation Guide' page. I am eternally gratefuly that your team has successfully helped me two other times, but both times, I have brought this to your attention. I firgured that more people would have this issue and there would be something about it on that preparation page. However, maybe I am doing something wrong, but it almost seems like there is an incompatibility issue with Vista x64. But you all should know more about it than I. Anyhow, what happens as follows:

Please note that I have tried just double-clicking and running the software and I have tried right-clicking and running it as administrator. Nothing changes. As a result, I am not asked if I want to do a quick scan. It automatically does a complete scan of every registry entry, every file and every service. It would have been a pain if I did it once, but I did it three times and you know the watching and waiting drill. You are like, 'just a few more files and it will be done...it is on 'w' (Windows), so how much more can there be left? And it lasts like another hour.

Many of the checkboxes in mine are greyed out as opposed to all of yours being white. It is not all of them. The greyed out boxes starting from the top at 'System' and it goes all the way down to 'Libraries' and 'Show All' are greyed out as well. Everything from 'Services' to 'ADS' is able to be checked or unchecked, but everything that is told to 'Uncheck' is greyed out. Therefore, without unchecking anything, because everything that is said to uncheck is greyed out, I click 'Scan'.

As I observe the log file that I am going to send, I ( looking in the GMER file is saying that there is Malware in some of the source code for some eBooks that I have bought for a couple of Silverlight books that I have. However, this source code is from a legitimate company, not a company which you would expect to have errors in (but I guess that is a dumb observation, the web is a playground for hackers. However, this was either Wrox or Apress, the only two companies I get my eBooks from and you would think that after writing about so many diverse computer topics (including network security and maintenance) The only solution that I can come up with (which there are probably plenty more, but these are the words of a novice virus removal specialist virus personally infected them or someone hacked into the book companies servers and dropped a virus, I don't see why these are all showing up. Finally, an instance of Microsoft Office Sharepoint Server (MOSS) was accidentally left on my local machine that I was going to install locally for testing, but moved it to a server in my LAN. I mean, I am going to delete all of those files, but I kept those there in case you needed to look at something.

/*****************************************************************************************************************************************/
So there was my preparation that I went through to get the lists that you will be looking at. As always, I am extremely grateful for all of the help that you give me. If I sounded grumpy at all in this message, I apologize. It really has nothing to do with this, it is the wonderful world of Love and relationships that is doing a number at destroying my happiness and my thought process. You guys are wonderful for helping people like this, I share my two cents on programming boards where people ask coding questions. Anyway, I digress:

9.) So I added some cheesy HTML tags that you all allowed us to use. This document (as you are observing now is the first posting in here. I hope it isn't too long for the message, meaning it doesn't look dumb., I know the grammar will. Anyway, after my log, I copied and pasted DDS.txt due to the request of the creators of this site. The I was told to upload the other DDS output: Attach.txt, and I ATTEMPTED to solely upload the GMER.exe log, which was requested to be called, ark.txt. However when I tried to it ended up being too big. It is well over two and a half MB. So I zipped the file and it was fine, Then, I posted the message, actually I am about to now...
and it looks ok. If I don't have to edit it then everything is fine. thank you folks at bleepingcomputer.com, I look forward to hearing from you.
Beginning of DDS.txt LOGFILE

DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by TEST at 0:39:08.58 on Sun 11/07/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.624 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\inetsrv\inetinfo.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.POISON\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SASHA\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\systempropertiesprotection.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TEST\Desktop\Bleeping Computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = about:blank
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [WAWifiMessage] "%ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
mRun: [hpWirelessAssistant] "%ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
uPolicies-explorer: NoRealMode = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download FLV by WinAVI... - C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: BitDefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
mRun-x64: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
mRun-x64: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\fkh8bfyy.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://bing.zugo.com/?cfg=2-76-0-1V9Pt
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\components\bdaphff3.dll
FF - component: C:\Users\TEST\AppData\Roaming\Mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}\components\Engine.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2006-12-18 52664]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-6-18 88144]
R1 Bdvedisk;BDVEDISK;C:\WINDOWS\System32\drivers\bdvedisk.sys [2010-1-19 103944]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-11-18 27648]
R2 MSSQL$POISON;SQL Server (POISON);C:\Program Files\Microsoft SQL Server\MSSQL10_50.POISON\MSSQL\Binn\sqlservr.exe [2010-4-3 61913952]
R2 MSSQL$SASHA;SQL Server (SASHA);C:\Program Files\Microsoft SQL Server\MSSQL10.SASHA\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
R2 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2009-11-18 19968]
R3 BDFM;BDFM;C:\WINDOWS\System32\drivers\bdfm.sys [2010-5-13 162896]
R3 CAXHWAZL;CAXHWAZL;C:\WINDOWS\System32\drivers\CAXHWAZL.sys [2006-10-18 296448]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
S2 SQLAgent$SASHA;SQL Server Agent (SASHA);C:\Program Files\Microsoft SQL Server\MSSQL10.SASHA\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-13 193840]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-18 27648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-4-10 342320]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S4 avc3;avc3;C:\WINDOWS\System32\drivers\avc3.sys [2010-6-28 692816]
S4 avckf;avckf;C:\WINDOWS\System32\drivers\avckf.sys [2010-6-28 1040976]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-23 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0103;RsFx0103 Driver;C:\WINDOWS\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0150;RsFx0150 Driver;C:\WINDOWS\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$POISON;SQL Server Agent (POISON);C:\Program Files\Microsoft SQL Server\MSSQL10_50.POISON\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-06 22:26:25 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-05 12:43:21 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3775F694-32C3-4B7A-AA25-B5BB15BD73D0}\mpengine.dll
2010-11-05 03:08:59 -------- d-----w- C:\AVD
2010-11-03 22:37:03 -------- d-----w- C:\source
2010-11-03 22:36:59 -------- d-----w- C:\showme
2010-11-03 22:36:59 -------- d-----w- C:\php
2010-11-03 22:36:50 -------- d-----w- C:\others
2010-11-03 22:36:48 807424 ----a-w- C:\php5.exe
2010-11-03 22:36:48 -------- d-----w- C:\isc_demo
2010-11-01 08:46:07 -------- d-----w- C:\Android SDK
2010-11-01 03:46:05 -------- d-----w- C:\Users\TEST\AppData\Roaming\Sawer
2010-11-01 03:45:01 -------- d-----w- C:\Users\TEST\AppData\Roaming\Hardcore
2010-11-01 03:43:27 -------- d-----w- C:\Users\TEST\AppData\Roaming\Juce VST Host
2010-11-01 03:33:08 -------- d-----w- C:\Users\TEST\AppData\Local\PreEmptive Solutions
2010-11-01 02:32:42 2371328 ----a-w- C:\PROGRA~3\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-11-01 02:00:15 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2010-11-01 01:29:12 86864 ----a-w- C:\Users\TEST\AppData\Local\deletetemp.exe
2010-11-01 01:29:12 711496 ----a-w- C:\Users\TEST\AppData\Local\setup.exe
2010-11-01 01:29:12 168272 ----a-w- C:\Users\TEST\AppData\Local\htmllite.dll
2010-11-01 01:23:02 1210 ----a-w- C:\Users\TEST\AppData\Local\VWL1822.tmp
2010-11-01 01:22:40 1414 ----a-w- C:\Users\TEST\AppData\Local\VWLC1F7.tmp
2010-11-01 01:18:55 -------- d-----w- C:\2bdbc74ced492a1ae42ec4e8
2010-10-31 23:36:37 -------- d-----w- C:\Users\TEST\AppData\Local\SIT28850.tmp
2010-10-31 15:34:11 2092 ----a-w- C:\Users\TEST\AppData\Local\VWL44CF.tmp
2010-10-31 15:34:11 -------- d-----w- C:\Users\TEST\AppData\Local\VSW11
2010-10-31 14:20:23 -------- d-----w- C:\Users\TEST\AppData\Local\SIT18169.tmp
2010-10-30 22:32:44 2190 ----a-w- C:\Users\TEST\AppData\Local\VWL5F14.tmp
2010-10-30 22:32:44 -------- d-----w- C:\Users\TEST\AppData\Local\VSW10
2010-10-30 22:23:37 2090 ----a-w- C:\Users\TEST\AppData\Local\VWL61E.tmp
2010-10-30 22:23:37 -------- d-----w- C:\Users\TEST\AppData\Local\VSW9
2010-10-30 22:03:46 2090 ----a-w- C:\Users\TEST\AppData\Local\VWLDC12.tmp
2010-10-30 22:03:46 -------- d-----w- C:\Users\TEST\AppData\Local\VSW8
2010-10-30 21:45:57 -------- d-----w- C:\Users\TEST\AppData\Local\VSW7
2010-10-30 21:45:56 822 ----a-w- C:\Users\TEST\AppData\Local\VWL88C2.tmp
2010-10-30 21:43:18 -------- d-----w- C:\Users\TEST\AppData\Local\VSW6
2010-10-30 21:43:17 822 ----a-w- C:\Users\TEST\AppData\Local\VWL1BCF.tmp
2010-10-30 21:38:22 2092 ----a-w- C:\Users\TEST\AppData\Local\VWL9B39.tmp
2010-10-30 21:38:22 -------- d-----w- C:\Users\TEST\AppData\Local\VSW5
2010-10-30 15:24:34 -------- d-----w- C:\Users\TEST\AppData\Local\VSW4
2010-10-30 15:24:32 2190 ----a-w- C:\Users\TEST\AppData\Local\VWL7CFC.tmp
2010-10-30 15:00:16 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2010-10-30 15:00:16 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2010-10-30 15:00:15 -------- d-----w- C:\Program Files (x86)\MagicDisc
2010-10-30 14:02:53 -------- d-----w- C:\Users\TEST\AppData\Local\VSW3
2010-10-30 14:02:50 2190 ----a-w- C:\Users\TEST\AppData\Local\VWL6855.tmp
2010-10-30 07:59:56 1308 ----a-w- C:\Users\TEST\AppData\Local\VWL9F20.tmp
2010-10-30 07:45:59 1692 ----a-w- C:\Users\TEST\AppData\Local\VWLD6E1.tmp
2010-10-30 07:45:59 -------- d-----w- C:\Users\TEST\AppData\Local\VSW2
2010-10-30 07:43:22 2178 ----a-w- C:\Users\TEST\AppData\Local\VWL71E6.tmp
2010-10-30 05:50:18 -------- d-----w- C:\2c07bf0078002888b9506d17c8
2010-10-27 16:57:58 -------- d-----w- C:\Question Mark
2010-10-27 16:21:35 -------- d-----w- C:\Users\TEST\AppData\Roaming\Passware
2010-10-27 15:10:26 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-27 15:10:25 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-27 15:10:21 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-27 15:10:21 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-27 15:10:20 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-27 15:10:17 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-25 07:59:31 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2010-10-25 07:51:13 -------- d-----w- C:\Program Files (x86)\Image-Line
2010-10-25 06:53:29 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2010-10-25 06:51:30 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2010-10-25 06:49:07 -------- d-----w- C:\Program Files (x86)\VstPlugins
2010-10-25 06:48:57 -------- d-----w- C:\Program Files (x86)\Outsim
2010-10-25 02:48:38 -------- d-----w- C:\PROGRA~3\bdch
2010-10-24 23:08:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-24 03:49:46 -------- d-----w- C:\MOSS
2010-10-21 01:57:58 47456 ----a-w- C:\Windows\SysWow64\perf-MSSQL10_50.POISON-sqlagtctr.dll
2010-10-21 01:57:57 77152 ----a-w- C:\Windows\System32\perf-MSSQL10_50.POISON-sqlagtctr.dll
2010-10-21 01:56:50 79200 ----a-w- C:\Windows\System32\perf-MSSQL$POISON-sqlctr10.50.1600.1.dll
2010-10-21 01:56:50 73568 ----a-w- C:\Windows\SysWow64\perf-MSSQL$POISON-sqlctr10.50.1600.1.dll
2010-10-20 16:07:59 -------- d-----w- C:\cf53fa158842c21e11a615419e217bdd
2010-10-20 02:15:02 -------- d-----w- C:\Program Files (x86)\MySQL
2010-10-20 01:44:22 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-20 01:44:21 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-20 01:44:21 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-20 01:44:21 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-20 01:44:20 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-20 01:44:20 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-20 01:44:20 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-20 01:44:20 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-19 05:51:07 -------- d-----w- C:\Python Files
2010-10-19 05:41:15 -------- d-----w- C:\PROGRA~3\phpDesigner
2010-10-19 03:46:10 -------- d-----w- C:\Users\TEST\AppData\Roaming\phpDesigner
2010-10-19 03:46:01 -------- d-----w- C:\Program Files (x86)\phpDesigner
2010-10-19 01:47:22 -------- d-----w- C:\Users\TEST\.PyCharm10
2010-10-19 01:29:41 -------- d-----w- C:\Program Files (x86)\JetBrains
2010-10-18 23:35:43 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-18 23:35:43 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-18 23:35:40 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-18 23:35:40 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-18 23:35:02 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-18 23:35:01 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-18 23:34:58 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-18 23:34:57 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-18 23:34:56 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-18 23:34:56 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-18 23:34:50 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-18 23:34:49 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-18 23:32:47 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-10-18 23:32:45 316928 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-18 23:32:45 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-18 23:32:43 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-18 23:32:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-18 23:30:40 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-18 23:30:40 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-18 23:30:36 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-18 23:30:36 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-18 23:28:56 -------- d-----w- C:\Users\TEST\.idlerc
2010-10-18 19:56:49 -------- d-----w- C:\Program Files\Python
2010-10-17 10:37:02 -------- d-----w- C:\Users\TEST\AppData\Roaming\BitDefender
2010-10-17 10:36:32 -------- d-----w- C:\Program Files\BitDefender
2010-10-17 10:22:25 -------- d-----w- C:\Program Files\Common Files\BitDefender
2010-10-17 10:22:25 -------- d-----w- C:\PROGRA~3\BitDefender
2010-10-17 10:22:09 388168 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2010-10-17 06:48:24 -------- d-----w- C:\Program Files (x86)\MSSOAP
2010-10-17 05:22:56 108336 ------w- C:\Windows\SysWow64\mswinsck.ocx
2010-10-17 05:22:08 -------- d-----w- C:\Users\TEST\AppData\Roaming\QuickScan
2010-10-17 05:08:28 302077 ----a-w- C:\PROGRA~3\bdinstall.bin
2010-10-10 02:29:53 -------- d-----w- C:\SimpleCSharpApp
2010-10-10 02:26:59 -------- d-----w- C:\CSharpApp
2010-10-09 22:56:36 212 ----a-w- C:\Windows\ildasmfnt.bin

==================== Find3M ====================

2010-11-02 23:15:14 88144 ----a-w- C:\Windows\System32\drivers\bdfndisf6.sys
2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-01 14:57:52 46589 ----a-w- C:\Windows\System32\rundll32.dll
2010-10-01 14:43:09 46589 ----a-w- C:\Windows\System32\rundll32.txt
2010-09-27 01:19:27 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe


The Two Attachments; Attach.txt & Ark.txt: I HAD TO ZIP 'Ark.txt' BECAUSE IT WAS TOO LARGE TO UPLOAD



============= FINISH: 0:45:08.46 =============Attached File  Attach.txt   18.58KB   0 downloadsAttached File  ark.zip   59.76KB   0 downloads==

END of DDS.txt LOGFILE

Edited by wrikgee, 07 November 2010 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:20 AM

Posted 15 November 2010 - 09:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 15 November 2010 - 03:29 PM

The following is the result of the OTL.log file. I have attached a walkthrough file that I wrote while I was doing this. Please note that 'Extras' did not get produced. It was neither minimized nor anywhere else in my OS. If you would like me to try to run it again, I will. but I didn't know if I should run it with the script. Anyway, the OTL log is here and I gave you the checks and selects in OTL that were there when I ran it. I know the log gives you that, I didn't check if it gave everything, so I supplied you with everything in my .txt file. Thanks you for your help thus far.

Also, some fishy observances in my task manager that I do not know if they are normal:

dwm.exe - Desktop Windows Manager - A very high memory eater, is this usual?
Also, another big memory drainer yesterday, but not as much today was:
csrss.exe - Client Server Runtime Process; This might be normal, but I am just informing you just in case

--------------------------------------------------------------------------------- OTL --------------------------------------------------------------------------------

OTL logfile created on: 11/15/2010 12:44:17 PM - Run 11
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\TEST\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 1.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.49 Gb Total Space | 9.67 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
Drive D: | 7.56 Gb Total Space | 1.04 Gb Free Space | 13.81% Space Free | Partition Type: NTFS

Computer Name: TEST-PC | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe (BitDefender S.R.L.)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\TEST\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchook32.dll (BitDefender S.R.L.)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00055_002\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WMSvc) -- C:\Windows\SysNative\inetsrv\wmsvc.exe (Microsoft Corporation)
SRV:64bit: - (MSFTPSVC) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_4176eef.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WAS) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AppHostSvc) -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (Bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV:64bit: - (Bdfndisf) -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys (BitDefender)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\DRIVERS\avckf.sys (BitDefender)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\DRIVERS\avc3.sys (BitDefender)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\DRIVERS\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (Bdvedisk) -- C:\Windows\SysNative\DRIVERS\bdvedisk.sys (BitDefender)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\CHDART64.sys (Conexant Systems Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://bing.zugo.com/?cfg=2-76-0-1V9Pt"
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.4.7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: debugger@aptana.com:1.5.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/01/19 22:43:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/10/17 09:47:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/05 01:43:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/11 18:12:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/10/17 05:37:08 | 000,000,000 | ---D | M]

[2010/08/04 21:17:45 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Extensions
[2010/11/05 12:10:58 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions
[2010/08/26 00:19:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/26 21:12:26 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/08/29 11:27:19 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/08/26 00:09:09 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\debugger@aptana.com
[2010/08/04 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\firebug@software.joehewitt.com
[2010/08/29 11:25:58 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\isreaditlater@ideashower.com
[2010/08/29 11:25:58 | 000,000,000 | ---D | M] -- C:\Users\TEST\AppData\Roaming\mozilla\Firefox\Profiles\fkh8bfyy.default\extensions\tineye@ideeinc.com
[2010/09/26 21:12:26 | 000,002,267 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\Mozilla\FireFox\Profiles\fkh8bfyy.default\searchplugins\bing-zugo.xml
[2010/11/05 12:10:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/18 22:22:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2007/08/07 09:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/10/24 17:30:59 | 000,424,324 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 14611 more lines...
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [hpWirelessAssistant] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WAWifiMessage] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2952794803-3157024702-141513974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\7.0.517.44\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPClouds.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPClouds.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -H-- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\PROGRA~2\MICROS~2\Office\OSA9.EXE - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: dywcrbvd - hkey= - key= - C:\Users\TEST\AppData\Local\yseyilexf\fwpqxbqtssd.exe File not found
MsConfig:64bit - StartUpReg: EKIJ5000StatusMonitor - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe File not found
MsConfig:64bit - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: mrvmbqqn - hkey= - key= - C:\Users\TEST\AppData\Local\btwsrmnka\ftrlhedtssd.exe File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: xeevad - hkey= - key= - C:\Users\TEST\xeevad.exe File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1E9A6EFB-A57F-0F09-C647-C8F6DCC07EC0} - Internet Explorer
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F21B1C4A-E043-1970-1DC8-34BF441A5DCC} - Themes Setup
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 00:44:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/11/14 13:26:12 | 009,183,120 | ---- | C] (The Eraser Project) -- C:\Users\TEST\Desktop\Eraser 6.0.8.2273.exe
[2010/11/11 19:14:29 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\Windows Live
[2010/11/11 14:07:46 | 000,418,584 | ---- | C] (Yahoo! Inc.) -- C:\Users\TEST\Desktop\msgr10us.exe
[2010/11/10 03:05:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/11/06 23:28:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Bleeping Computer
[2010/11/06 17:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/04 22:08:59 | 000,000,000 | ---D | C] -- C:\AVD
[2010/11/03 17:37:03 | 000,000,000 | ---D | C] -- C:\source
[2010/11/03 17:36:59 | 000,000,000 | ---D | C] -- C:\showme
[2010/11/03 17:36:59 | 000,000,000 | ---D | C] -- C:\php
[2010/11/03 17:36:50 | 000,000,000 | ---D | C] -- C:\others
[2010/11/03 17:36:48 | 000,807,424 | ---- | C] (BDG Publishing Inc.) -- C:\php5.exe
[2010/11/03 17:36:48 | 000,000,000 | ---D | C] -- C:\isc_demo
[2010/11/01 03:46:07 | 000,000,000 | ---D | C] -- C:\Android SDK
[2010/10/31 22:46:05 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Sawer
[2010/10/31 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Hardcore
[2010/10/31 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Juce VST Host
[2010/10/31 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\PreEmptive Solutions
[2010/10/31 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/31 21:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2010/10/31 20:29:12 | 000,711,496 | ---- | C] (Microsoft Corporation) -- C:\Users\TEST\AppData\Local\setup.exe
[2010/10/31 20:29:12 | 000,168,272 | ---- | C] (Microsoft Corporation) -- C:\Users\TEST\AppData\Local\htmllite.dll
[2010/10/31 20:29:12 | 000,086,864 | ---- | C] (Microsoft Corporation) -- C:\Users\TEST\AppData\Local\deletetemp.exe
[2010/10/31 20:18:55 | 000,000,000 | ---D | C] -- C:\2bdbc74ced492a1ae42ec4e8
[2010/10/31 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\SIT28850.tmp
[2010/10/31 10:34:11 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW11
[2010/10/31 09:20:23 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\SIT18169.tmp
[2010/10/30 17:32:44 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW10
[2010/10/30 17:23:37 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW9
[2010/10/30 17:03:46 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW8
[2010/10/30 16:45:57 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW7
[2010/10/30 16:43:18 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW6
[2010/10/30 16:38:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW5
[2010/10/30 10:24:34 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW4
[2010/10/30 10:00:16 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/10/30 09:02:53 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW3
[2010/10/30 02:45:59 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Local\VSW2
[2010/10/30 00:50:18 | 000,000,000 | ---D | C] -- C:\2c07bf0078002888b9506d17c8
[2010/10/28 13:57:38 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\RoR - Ruby on Rails
[2010/10/28 03:21:14 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\BubbleBurst in the MVVM Design
[2010/10/27 11:57:58 | 000,000,000 | ---D | C] -- C:\Question Mark
[2010/10/27 11:21:35 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\Passware
[2010/10/27 10:10:26 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/10/27 10:10:25 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/10/27 10:10:21 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/10/27 10:10:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/10/27 10:10:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/10/27 10:10:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/10/25 13:08:19 | 000,000,000 | ---D | C] -- C:\Users\TEST\Desktop\Fruity Loops 28 Video Tutorials
[2010/10/25 02:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2010/10/25 02:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2010/10/25 01:53:29 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2010/10/25 01:53:10 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Image-Line
[2010/10/25 01:51:30 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2010/10/25 01:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2010/10/25 01:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2010/10/24 21:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2010/10/24 18:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/24 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Microsoft Press
[2010/10/23 22:49:46 | 000,000,000 | ---D | C] -- C:\Microsoft Office SharePoint Server x32
[2010/10/23 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\Games for Windows - LIVE Demos
[2010/10/23 16:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/10/23 16:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/10/20 20:57:58 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL10_50.POISON-sqlagtctr.dll
[2010/10/20 20:57:57 | 000,077,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL10_50.POISON-sqlagtctr.dll
[2010/10/20 20:56:50 | 000,079,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$POISON-sqlctr10.50.1600.1.dll
[2010/10/20 20:56:50 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$POISON-sqlctr10.50.1600.1.dll
[2010/10/20 20:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/20 11:07:59 | 000,000,000 | ---D | C] -- C:\cf53fa158842c21e11a615419e217bdd
[2010/10/19 21:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2010/10/19 20:44:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/10/19 20:44:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/10/19 20:44:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/10/19 20:44:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/19 20:43:31 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/19 20:43:31 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/19 20:43:30 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/19 20:43:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/19 20:43:29 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/19 20:43:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/19 20:43:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/19 20:43:27 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/19 20:43:25 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/19 20:43:25 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/10/19 20:43:24 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/19 20:43:24 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/10/19 20:43:23 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/10/19 20:43:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/10/19 20:43:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/10/19 20:43:18 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/10/19 20:43:18 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/10/19 20:43:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/10/19 20:43:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/19 20:43:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/10/19 20:43:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/19 20:43:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/10/19 20:43:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/10/19 20:43:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/10/19 20:43:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/10/19 20:43:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/10/19 20:43:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/19 20:43:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/19 13:10:38 | 000,000,000 | ---D | C] -- C:\Users\TEST\Documents\My ISO Files
[2010/10/19 00:51:07 | 000,000,000 | ---D | C] -- C:\Python Files
[2010/10/19 00:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\phpDesigner
[2010/10/18 22:46:10 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\phpDesigner
[2010/10/18 22:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phpDesigner
[2010/10/18 20:47:22 | 000,000,000 | ---D | C] -- C:\Users\TEST\.PyCharm10
[2010/10/18 20:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JetBrains
[2010/10/18 18:35:56 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/18 18:35:51 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/18 18:35:40 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/18 18:35:40 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/18 18:35:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/18 18:34:58 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/18 18:34:50 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/18 18:34:49 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/18 18:32:45 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/10/18 18:32:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/10/18 18:32:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/18 18:32:42 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/18 18:30:40 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/18 18:30:40 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/18 18:28:56 | 000,000,000 | ---D | C] -- C:\Users\TEST\.idlerc
[2010/10/18 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Python
[2010/10/17 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\BitDefender
[2010/10/17 05:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/10/17 05:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010/10/17 05:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010/10/17 05:22:09 | 000,388,168 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010/10/17 01:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/10/17 00:22:56 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2010/10/17 00:22:08 | 000,000,000 | ---D | C] -- C:\Users\TEST\AppData\Roaming\QuickScan
[2010/04/23 11:56:28 | 000,086,864 | ---- | C] (Microsoft Corporation) -- C:\Users\TEST\AppData\Local\Del7AA5.exe
[26 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 12:35:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 12:08:32 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/15 11:27:48 | 000,003,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 11:27:48 | 000,003,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 09:29:28 | 000,047,536 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/11/15 09:28:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 09:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/15 09:27:16 | 2146,025,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 01:46:59 | 000,001,057 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\vso_ts_preview.xml
[2010/11/15 01:04:19 | 000,020,992 | ---- | M] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 00:44:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TEST\Desktop\OTL.exe
[2010/11/14 22:57:05 | 000,002,557 | ---- | M] () -- C:\Users\TEST\Desktop\HiJackThis.lnk
[2010/11/14 13:26:16 | 009,183,120 | ---- | M] (The Eraser Project) -- C:\Users\TEST\Desktop\Eraser 6.0.8.2273.exe
[2010/11/11 14:07:35 | 000,418,584 | ---- | M] (Yahoo! Inc.) -- C:\Users\TEST\Desktop\msgr10us.exe
[2010/11/11 11:47:36 | 000,002,637 | ---- | M] () -- C:\Users\TEST\Desktop\Microsoft Word 2010.lnk
[2010/11/10 22:33:09 | 000,000,036 | ---- | M] () -- C:\Users\TEST\.org.eclipse.epp.usagedata.recording.userId
[2010/11/08 21:28:55 | 002,516,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/08 21:28:55 | 001,047,308 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2010/11/08 21:28:55 | 000,954,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/08 21:28:55 | 000,277,738 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2010/11/08 21:28:55 | 000,232,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/07 16:51:50 | 000,061,193 | ---- | M] () -- C:\Users\TEST\Desktop\ark.zip
[2010/11/06 17:26:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 18:15:14 | 000,088,144 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2010/11/01 13:03:21 | 000,000,680 | ---- | M] () -- C:\Users\TEST\AppData\Local\d3d9caps.dat
[2010/11/01 05:56:20 | 002,502,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 22:36:35 | 000,001,655 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\SvcTraceViewer.exe.settings
[2010/10/31 22:34:31 | 000,000,212 | ---- | M] () -- C:\Windows\ildasmfnt.bin
[2010/10/31 21:27:16 | 000,001,200 | ---- | M] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2010.lnk
[2010/10/31 20:29:12 | 000,010,848 | ---- | M] () -- C:\Users\TEST\AppData\Local\setup.ini
[2010/10/31 09:48:01 | 000,046,103 | ---- | M] () -- C:\Users\TEST\Documents\NHUI 10-31-10.docx
[2010/10/30 00:58:02 | 000,092,395 | ---- | M] () -- C:\Users\TEST\Desktop\VS2010RTM.htm
[2010/10/29 13:47:56 | 000,000,162 | -H-- | M] () -- C:\Users\TEST\Desktop\~$gnizant submittal template.docx
[2010/10/28 14:47:47 | 000,013,906 | ---- | M] () -- C:\Users\TEST\Documents\AGILE.docx
[2010/10/28 01:31:18 | 025,639,191 | ---- | M] () -- C:\Users\TEST\Desktop\WinVideo-WPF-CreateNavigationApplicationsinWPF.wmv
[2010/10/27 16:14:59 | 000,000,411 | ---- | M] () -- C:\ProgramData\search_result.xml
[2010/10/25 02:59:31 | 000,000,977 | ---- | M] () -- C:\Users\TEST\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2010/10/25 02:58:13 | 000,000,974 | ---- | M] () -- C:\Users\TEST\Desktop\FL Studio 9.lnk
[2010/10/24 18:08:44 | 000,001,121 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/24 18:08:44 | 000,001,097 | ---- | M] () -- C:\Users\TEST\Desktop\Spybot - Search & Destroy.lnk
[2010/10/24 17:30:59 | 000,424,324 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/24 16:26:55 | 000,424,324 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101024-183059.backup
[2010/10/24 02:53:09 | 004,960,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/24 01:48:54 | 000,037,920 | ---- | M] () -- C:\Users\TEST\Documents\NHUI 10-24-10.docx
[2010/10/23 17:34:09 | 000,000,966 | ---- | M] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/10/20 20:04:59 | 000,000,644 | ---- | M] () -- C:\Users\TEST\Documents\90.reg
[2010/10/20 19:26:08 | 000,012,329 | ---- | M] () -- C:\Users\TEST\Documents\Alabama Position.docx
[2010/10/19 18:12:19 | 000,048,770 | ---- | M] () -- C:\Users\TEST\Documents\Game Dev Books for.ROXIO
[2010/10/19 07:59:59 | 000,027,703 | ---- | M] () -- C:\Users\TEST\AppData\Roaming\phpdesigner.xml
[2010/10/18 15:08:33 | 000,000,062 | ---- | M] () -- C:\Users\TEST\Documents\Data_101810_160352.roxio
[2010/10/18 11:00:42 | 000,178,918 | ---- | M] () -- C:\Users\TEST\Documents\NHUI Reclaimant.docx
[2010/10/17 05:52:39 | 000,302,077 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010/10/17 05:44:10 | 000,000,415 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010/10/17 05:37:21 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Total Security 2011.lnk
[2010/10/17 00:22:56 | 000,108,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[26 C:\Users\TEST\AppData\Local\*.tmp files -> C:\Users\TEST\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 22:33:09 | 000,000,036 | ---- | C] () -- C:\Users\TEST\.org.eclipse.epp.usagedata.recording.userId
[2010/11/07 16:51:57 | 000,061,193 | ---- | C] () -- C:\Users\TEST\Desktop\ark.zip
[2010/11/06 17:26:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 17:36:48 | 000,002,695 | ---- | C] () -- C:\search.htm
[2010/11/03 17:36:48 | 000,001,627 | ---- | C] () -- C:\menu.js
[2010/11/03 17:36:47 | 000,019,912 | ---- | C] () -- C:\index.bdg
[2010/11/03 17:36:47 | 000,007,688 | ---- | C] () -- C:\menu.htm
[2010/11/01 06:31:11 | 001,658,528 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI6C7E.txt
[2010/11/01 06:31:07 | 000,011,274 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI6C7E.txt
[2010/10/31 22:39:15 | 000,001,200 | ---- | C] () -- C:\Users\TEST\Desktop\Microsoft Visual Studio 2010.lnk
[2010/10/31 22:36:35 | 000,001,655 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\SvcTraceViewer.exe.settings
[2010/10/31 22:17:08 | 000,335,914 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI7263.txt
[2010/10/31 22:11:04 | 000,832,474 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI6DC1.txt
[2010/10/31 22:08:16 | 001,462,364 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SpTools_x86_enu6BA0.txt
[2010/10/31 22:08:04 | 000,150,010 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TSqlLanguageService_MSI6B76.txt
[2010/10/31 22:07:48 | 000,446,374 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACProjectSystem_MSI6B45.txt
[2010/10/31 22:07:38 | 000,163,160 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACFramework_MSI6B24.txt
[2010/10/31 22:06:48 | 002,809,642 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SharedManagementObjects_MSI6A81.txt
[2010/10/31 22:06:13 | 000,503,078 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SQLSysClrTypes_msi6A0E.txt
[2010/10/31 22:05:57 | 000,320,914 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SqlPubWiz_14_msi69DA.txt
[2010/10/31 22:05:45 | 000,215,748 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_designtime_x64_msi69B3.txt
[2010/10/31 22:05:21 | 001,114,324 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncSDK_amd64_MSI6965.txt
[2010/10/31 22:05:12 | 000,376,346 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ProviderServices_amd64_MSI6944.txt
[2010/10/31 22:05:01 | 000,282,874 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncServicesADO_amd64_MSI6920.txt
[2010/10/31 22:04:51 | 000,316,432 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI6903.txt
[2010/10/31 22:02:18 | 000,677,598 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_CrystalReportsTemplates670C.txt
[2010/10/31 22:01:51 | 000,219,534 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DotfuscatorCE_MSI66B7.txt
[2010/10/31 21:56:21 | 003,367,048 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstodt40_x64.msi627E.txt
[2010/10/31 21:50:36 | 001,005,394 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64_msi5E1B.txt
[2010/10/31 21:49:09 | 001,467,036 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_silverlight_sdk.msi5CFE.txt
[2010/10/31 21:45:39 | 000,125,882 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_AspNetMVC2.msi5A4D.txt
[2010/10/31 21:36:28 | 000,434,764 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VS2010ToolsMVC2.msi5349.txt
[2010/10/31 20:55:40 | 059,121,888 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog340F.txt
[2010/10/31 20:47:56 | 001,538,918 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp2E21.txt
[2010/10/31 20:46:58 | 000,459,332 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TFS_ObjectModel_x64_MSI2D67.txt
[2010/10/31 20:46:36 | 000,299,318 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_fsharpredist2.02D1F.txt
[2010/10/31 20:46:05 | 001,355,470 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_PreReq_AMD64_MSI2CB6.txt
[2010/10/31 20:35:51 | 000,659,628 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x64_msi24E4.txt
[2010/10/31 20:33:24 | 000,670,298 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x86_msi2304.txt
[2010/10/31 20:29:41 | 000,349,237 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_VS_PRO_100.txt
[2010/10/31 20:29:23 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_error_vs_procore_100.txt
[2010/10/31 20:29:22 | 000,726,896 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_install_vs_procore_100.txt
[2010/10/31 20:29:12 | 000,173,818 | ---- | C] () -- C:\Users\TEST\AppData\Local\baseline.dat
[2010/10/31 20:29:12 | 000,070,222 | ---- | C] () -- C:\Users\TEST\AppData\Local\setup.sdb
[2010/10/31 20:29:12 | 000,015,720 | ---- | C] () -- C:\Users\TEST\AppData\Local\vs_setup.pdi
[2010/10/31 20:29:12 | 000,010,848 | ---- | C] () -- C:\Users\TEST\AppData\Local\setup.ini
[2010/10/31 20:29:12 | 000,001,292 | ---- | C] () -- C:\Users\TEST\AppData\Local\readme.htm
[2010/10/31 20:29:12 | 000,000,120 | ---- | C] () -- C:\Users\TEST\AppData\Local\LocData.ini
[2010/10/31 20:18:40 | 000,339,288 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x64_msi17BA.txt
[2010/10/31 20:18:20 | 000,338,988 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x86_msi1779.txt
[2010/10/31 20:17:36 | 000,442,368 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_Red_MSI16E9.txt
[2010/10/31 19:04:42 | 028,763,090 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog5F1E.txt
[2010/10/31 12:01:50 | 000,092,395 | ---- | C] () -- C:\Users\TEST\Desktop\VS2010RTM.htm
[2010/10/31 11:01:57 | 000,703,730 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI6D8F.txt
[2010/10/31 11:01:50 | 000,014,832 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI6D8F.txt
[2010/10/31 10:31:30 | 000,981,464 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI564D.txt
[2010/10/31 10:31:27 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI564D.txt
[2010/10/31 09:53:40 | 000,012,432 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI3962.txt
[2010/10/31 09:47:57 | 000,046,103 | ---- | C] () -- C:\Users\TEST\Documents\NHUI 10-31-10.docx
[2010/10/30 18:37:12 | 000,206,546 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x86MSI7BE9.txt
[2010/10/30 18:37:09 | 000,016,044 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x86UI7BE9.txt
[2010/10/30 17:32:18 | 000,986,824 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI4A36.txt
[2010/10/30 17:32:13 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI4A36.txt
[2010/10/30 17:23:44 | 000,011,714 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x86UI43B8.txt
[2010/10/30 17:19:56 | 001,334,898 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI3EDC.txt
[2010/10/30 17:17:23 | 000,016,092 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI3EDC.txt
[2010/10/30 17:02:49 | 001,335,160 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI33A9.txt
[2010/10/30 17:02:45 | 000,016,140 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI33A9.txt
[2010/10/30 16:46:04 | 000,012,252 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI26E4.txt
[2010/10/30 16:46:01 | 000,012,252 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI26DA.txt
[2010/10/30 16:45:17 | 000,981,448 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI262D.txt
[2010/10/30 16:45:08 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI262D.txt
[2010/10/30 16:40:47 | 001,335,064 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI22C2.txt
[2010/10/30 16:40:40 | 000,016,124 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI22C2.txt
[2010/10/30 16:38:11 | 000,011,714 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI20DB.txt
[2010/10/30 16:32:23 | 000,981,456 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI1C4D.txt
[2010/10/30 16:32:14 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI1C4D.txt
[2010/10/30 16:30:00 | 000,013,896 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI1A98.txt
[2010/10/30 16:03:29 | 000,013,204 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI064C.txt
[2010/10/30 10:22:20 | 000,981,260 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI00FD.txt
[2010/10/30 10:22:05 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI0100.txt
[2010/10/30 09:00:49 | 000,981,456 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64MSI41A1.txt
[2010/10/30 08:59:17 | 000,015,400 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64UI41A1.txt
[2010/10/30 02:58:45 | 001,463,436 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SpTools_x86_enu2DB0.txt
[2010/10/30 02:58:37 | 000,148,612 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TSqlLanguageService_MSI2D96.txt
[2010/10/30 02:58:19 | 000,442,544 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACProjectSystem_MSI2D5B.txt
[2010/10/30 02:58:10 | 000,161,662 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACFramework_MSI2D3A.txt
[2010/10/30 02:56:39 | 003,037,724 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SharedManagementObjects_MSI2C14.txt
[2010/10/30 02:56:01 | 000,673,682 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SQLSysClrTypes_msi2B98.txt
[2010/10/30 02:55:39 | 000,321,928 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SqlPubWiz_14_msi2B50.txt
[2010/10/30 02:55:30 | 000,133,752 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TraceDebugger_NativeBits_amd64_MSI2B33.txt
[2010/10/30 02:55:08 | 000,566,934 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_Performance_Collection_Tools_x64_MSI2AE8.txt
[2010/10/30 02:54:48 | 000,217,316 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_designtime_x64_msi2AA7.txt
[2010/10/30 02:54:08 | 001,114,964 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncSDK_amd64_MSI2A24.txt
[2010/10/30 02:53:47 | 000,378,172 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ProviderServices_amd64_MSI29E3.txt
[2010/10/30 02:53:32 | 000,283,928 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncServicesADO_amd64_MSI29AE.txt
[2010/10/30 02:53:15 | 000,317,666 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI297A.txt
[2010/10/30 02:52:15 | 000,681,754 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_CrystalReportsTemplates28B3.txt
[2010/10/30 02:51:12 | 000,218,952 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DotfuscatorCE_MSI27E2.txt
[2010/10/30 02:47:40 | 003,073,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstodt40_x64.msi2531.txt
[2010/10/30 02:46:06 | 001,005,422 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64_msi2401.txt
[2010/10/30 02:45:15 | 000,541,500 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VS2010ToolsMVC2.msi2357.txt
[2010/10/30 02:43:19 | 000,004,446 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_rdbg64_80MSI21D0.txt
[2010/10/30 02:43:14 | 000,018,262 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_rdbg64_80UI21D0.txt
[2010/10/30 02:07:51 | 058,845,776 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog06BB.txt
[2010/10/30 02:05:24 | 001,322,116 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp04D7.txt
[2010/10/30 02:03:47 | 000,446,420 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TFS_ObjectModel_x64_MSI039B.txt
[2010/10/30 02:02:59 | 000,253,068 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_fsharpredist2.002FE.txt
[2010/10/30 02:01:22 | 000,442,336 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_Red_MSI01C1.txt
[2010/10/30 00:50:21 | 000,015,516 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_profilerUI4B6A.txt
[2010/10/30 00:47:32 | 000,046,894 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI4942.txt
[2010/10/30 00:47:32 | 000,014,064 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_UI4942.txt
[2010/10/30 00:46:42 | 000,004,388 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI489B.txt
[2010/10/30 00:46:41 | 000,013,418 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_UI489B.txt
[2010/10/30 00:45:49 | 000,027,638 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI47EE.txt
[2010/10/30 00:45:48 | 000,010,270 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_UI47EE.txt
[2010/10/30 00:22:09 | 000,029,676 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI35D1.txt
[2010/10/30 00:22:08 | 000,009,708 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_UI35D1.txt
[2010/10/29 13:47:56 | 000,000,162 | -H-- | C] () -- C:\Users\TEST\Desktop\~$gnizant submittal template.docx
[2010/10/28 11:45:39 | 000,013,906 | ---- | C] () -- C:\Users\TEST\Documents\AGILE.docx
[2010/10/28 01:31:22 | 025,639,191 | ---- | C] () -- C:\Users\TEST\Desktop\WinVideo-WPF-CreateNavigationApplicationsinWPF.wmv
[2010/10/26 11:25:38 | 000,000,411 | ---- | C] () -- C:\ProgramData\search_result.xml
[2010/10/25 02:59:31 | 000,000,977 | ---- | C] () -- C:\Users\TEST\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2010/10/25 02:58:13 | 000,000,974 | ---- | C] () -- C:\Users\TEST\Desktop\FL Studio 9.lnk
[2010/10/25 00:59:50 | 000,002,637 | ---- | C] () -- C:\Users\TEST\Desktop\Microsoft Word 2010.lnk
[2010/10/24 18:21:59 | 002,123,486 | ---- | C] () -- C:\instnwnd.sql
[2010/10/24 18:08:44 | 000,001,121 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/24 18:08:44 | 000,001,097 | ---- | C] () -- C:\Users\TEST\Desktop\Spybot - Search & Destroy.lnk
[2010/10/24 01:47:38 | 000,037,920 | ---- | C] () -- C:\Users\TEST\Documents\NHUI 10-24-10.docx
[2010/10/23 17:34:09 | 000,000,966 | ---- | C] () -- C:\Users\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/10/20 20:04:59 | 000,000,644 | ---- | C] () -- C:\Users\TEST\Documents\90.reg
[2010/10/20 19:26:07 | 000,012,329 | ---- | C] () -- C:\Users\TEST\Documents\Alabama Position.docx
[2010/10/19 18:12:19 | 000,048,770 | ---- | C] () -- C:\Users\TEST\Documents\Game Dev Books for.ROXIO
[2010/10/19 07:59:59 | 000,027,703 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\phpdesigner.xml
[2010/10/18 21:30:47 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/18 21:30:44 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/18 15:08:33 | 000,000,062 | ---- | C] () -- C:\Users\TEST\Documents\Data_101810_160352.roxio
[2010/10/18 10:24:43 | 000,178,918 | ---- | C] () -- C:\Users\TEST\Documents\NHUI Reclaimant.docx
[2010/10/17 05:44:10 | 000,000,415 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010/10/17 05:37:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Total Security 2011.lnk
[2010/10/17 00:08:28 | 000,302,077 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/09/29 13:05:40 | 000,001,057 | ---- | C] () -- C:\Users\TEST\AppData\Roaming\vso_ts_preview.xml
[2010/09/29 01:12:34 | 000,652,528 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp664B.txt
[2010/09/29 00:24:21 | 027,643,964 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog415E.txt
[2010/09/29 00:21:20 | 000,943,242 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64_msi3F15.txt
[2010/09/28 23:42:10 | 000,431,916 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vsa_env_msi211B.txt
[2010/09/28 23:41:54 | 000,041,068 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp20E3.txt
[2010/09/28 23:41:20 | 000,053,288 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog2074.txt
[2010/09/28 23:40:33 | 000,045,250 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64_msi1FDE.txt
[2010/09/28 22:39:48 | 002,176,210 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstodt40_x64.msi715F.txt
[2010/09/28 22:39:14 | 000,534,774 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_CrystalReportsTemplates70F0.txt
[2010/09/28 22:39:07 | 000,260,228 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI70D9.txt
[2010/09/28 22:38:58 | 000,240,936 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncServicesADO_amd64_MSI70BC.txt
[2010/09/28 22:38:50 | 000,298,856 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ProviderServices_amd64_MSI70A2.txt
[2010/09/28 22:38:22 | 000,601,030 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncSDK_amd64_MSI7046.txt
[2010/09/28 22:38:11 | 000,320,536 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_Performance_Collection_Tools_x64_MSI7022.txt
[2010/09/28 22:38:02 | 000,209,296 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SqlPubWiz_14_msi7002.txt
[2010/09/28 22:37:53 | 000,163,264 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACFramework_MSI6FE4.txt
[2010/09/28 22:37:42 | 000,281,844 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACProjectSystem_MSI6FC0.txt
[2010/09/28 22:37:34 | 000,149,534 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TSqlLanguageService_MSI6FA9.txt
[2010/09/28 22:36:42 | 001,258,880 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SpTools_x86_enu6F00.txt
[2010/09/28 22:00:59 | 001,461,748 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SpTools_x86_enu53A6.txt
[2010/09/28 22:00:36 | 000,169,356 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TSqlLanguageService_MSI535E.txt
[2010/09/28 22:00:18 | 000,461,246 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACProjectSystem_MSI5324.txt
[2010/09/28 22:00:08 | 000,162,586 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DACFramework_MSI5300.txt
[2010/09/28 21:49:23 | 003,073,574 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SharedManagementObjects_MSI4AC9.txt
[2010/09/28 21:48:54 | 000,679,756 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SQLSysClrTypes_msi4A6A.txt
[2010/09/28 21:48:47 | 000,133,176 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TraceDebugger_NativeBits_amd64_MSI4A53.txt
[2010/09/28 21:48:33 | 000,564,118 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_Performance_Collection_Tools_x64_MSI4A25.txt
[2010/09/28 21:48:22 | 000,215,486 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_designtime_x64_msi4A01.txt
[2010/09/28 21:48:05 | 001,113,050 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncSDK_amd64_MSI49CA.txt
[2010/09/28 21:47:57 | 000,375,354 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ProviderServices_amd64_MSI49B0.txt
[2010/09/28 21:47:50 | 000,282,056 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncServicesADO_amd64_MSI4996.txt
[2010/09/28 21:47:43 | 000,315,306 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI4982.txt
[2010/09/28 21:47:11 | 000,678,422 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_CrystalReportsTemplates491A.txt
[2010/09/28 21:46:50 | 000,223,210 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_DotfuscatorCE_MSI48D5.txt
[2010/09/28 21:45:40 | 003,069,320 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstodt40_x64.msi47F0.txt
[2010/09/28 21:43:15 | 001,143,808 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vstor40_x64_msi4614.txt
[2010/09/28 21:42:08 | 000,539,900 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VS2010ToolsMVC2.msi4539.txt
[2010/09/28 20:50:20 | 062,496,540 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog1D93.txt
[2010/09/28 20:47:25 | 001,321,296 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp1B5B.txt
[2010/09/28 20:45:32 | 000,445,770 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_TFS_ObjectModel_x64_MSI19E7.txt
[2010/09/28 20:43:12 | 001,885,822 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vsa_env_msi1821.txt
[2010/09/28 20:42:02 | 000,252,536 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_fsharpredist2.0173C.txt
[2010/09/28 20:40:58 | 001,372,074 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_PreReq_AMD64_MSI166B.txt
[2010/09/28 20:39:29 | 000,440,310 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_Red_MSI1549.txt
[2010/09/07 19:36:56 | 000,519,658 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923MSI7C91.txt
[2010/09/07 19:36:52 | 000,011,668 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923UI7C91.txt
[2010/08/30 01:00:27 | 000,282,286 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI3508.txt
[2010/08/30 01:00:27 | 000,011,178 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI3508.txt
[2010/08/30 01:00:22 | 000,390,072 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI34F8.txt
[2010/08/30 01:00:22 | 000,011,176 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI34F8.txt
[2010/08/30 01:00:08 | 000,397,162 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI34C7.txt
[2010/08/30 01:00:07 | 000,011,240 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI34C7.txt
[2010/08/26 17:45:16 | 000,706,166 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI7D8E.txt
[2010/08/26 17:12:34 | 000,706,156 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI6487.txt
[2010/08/25 09:08:46 | 000,207,226 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SQLCEToolsForVS2007_MSI241C.txt
[2010/08/25 09:08:29 | 000,663,670 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SSCERuntime_64_MSI23E4.txt
[2010/08/25 09:08:00 | 000,956,700 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SSCERuntime_MSI2386.txt
[2010/08/25 09:02:03 | 011,827,866 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog1EF8.txt
[2010/08/25 09:01:33 | 000,339,366 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x64_msi1E96.txt
[2010/08/25 08:42:32 | 000,128,291 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_VCS_EXP_100.txt
[2010/08/25 08:42:25 | 000,333,028 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_install_vcs_xcor_100.txt
[2010/08/25 08:42:25 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_error_vcs_xcor_100.txt
[2010/08/10 09:42:24 | 000,536,910 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923MSI29CE.txt
[2010/08/10 09:42:20 | 000,011,668 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ATL80SP1_KB973923UI29CE.txt
[2010/08/03 17:59:21 | 000,647,116 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI0347.txt
[2010/08/02 11:18:03 | 000,013,343 | ---- | C] () -- C:\Program Files (x86)\BitDefender Log in a Word Table Format.docx
[2010/08/02 03:50:43 | 000,003,266 | ---- | C] () -- C:\Users\TEST\AppData\Local\setup.log
[2010/08/02 03:49:06 | 000,656,148 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI2A63.txt
[2010/07/29 22:25:06 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/25 15:28:00 | 000,646,762 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_NET_Framework35_LangPack_MSI503E.txt
[2010/07/25 15:27:38 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error_lp.txt
[2010/07/25 15:27:37 | 000,647,912 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install_lp.txt
[2010/07/25 15:21:58 | 001,079,153 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010/07/25 15:21:40 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35error.txt
[2010/07/25 15:21:39 | 000,855,648 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dotnetfx35install.txt
[2010/07/25 01:24:39 | 000,282,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI4AC1.txt
[2010/07/25 01:24:38 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI4AC1.txt
[2010/07/25 01:24:23 | 000,384,306 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI4A8C.txt
[2010/07/25 01:24:22 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI4A8C.txt
[2010/07/25 01:23:59 | 000,396,582 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI4A3E.txt
[2010/07/25 01:23:58 | 000,011,208 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI4A3E.txt
[2010/07/21 06:28:36 | 000,282,186 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI7ADB.txt
[2010/07/21 06:28:35 | 000,011,146 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI7ADB.txt
[2010/07/21 06:28:29 | 000,386,464 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI7AC7.txt
[2010/07/21 06:28:29 | 000,011,144 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI7AC7.txt
[2010/07/21 06:28:11 | 000,399,826 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI7A89.txt
[2010/07/21 06:28:10 | 000,011,192 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI7A89.txt
[2010/07/13 20:22:33 | 000,490,064 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_silverlighttoolsMSI0816.txt
[2010/07/13 20:22:33 | 000,012,752 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_silverlighttoolsUI0816.txt
[2010/07/13 12:19:46 | 000,000,901 | ---- | C] () -- C:\Program Files\_vimrc
[2010/07/13 10:48:05 | 017,973,754 | ---- | C] () -- C:\Program Files\vim72-376-x64.zip
[2010/07/11 10:03:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010/07/10 12:37:38 | 000,001,007 | ---- | C] () -- C:\Windows\seRapid.INI
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/17 21:36:44 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/06/15 19:15:01 | 002,992,103 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_VS_VSTS_100.txt
[2010/06/15 19:14:36 | 000,020,680 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_error_vs_vstscore_100.txt
[2010/06/15 19:14:35 | 004,209,158 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_install_vs_vstscore_100.txt
[2010/05/16 14:06:57 | 000,000,089 | ---- | C] () -- C:\Users\TEST\AppData\Local\Del19FF.bat
[2010/05/14 19:36:52 | 000,047,536 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/14 19:36:52 | 000,047,536 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/04 06:47:07 | 000,000,732 | ---- | C] () -- C:\Users\TEST\AppData\Local\d3d9caps64.dat
[2010/04/23 11:55:47 | 000,336,480 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_HelpSetup_MSI4B73.txt
[2010/04/23 11:53:55 | 000,968,012 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI4A02.txt
[2010/04/23 11:52:28 | 002,249,940 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SharedManagementObjects_MSI48E9.txt
[2010/04/23 11:51:45 | 000,776,086 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SQLSysClrTypes_msi485C.txt
[2010/04/23 11:51:18 | 001,473,474 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_silverlight_sdk.msi4801.txt
[2010/04/23 11:50:02 | 000,322,718 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_SqlPubWiz_14_msi4709.txt
[2010/04/23 11:49:37 | 000,126,258 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_AspNetMVC2.msi46BA.txt
[2010/04/23 11:46:50 | 000,440,560 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VWD2010ToolsMVC2.msi4499.txt
[2010/04/23 11:46:19 | 000,502,790 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_WebDeploy_x64_en-US.msi4434.txt
[2010/04/23 11:36:57 | 017,647,830 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VSMsiLog3D05.txt
[2010/04/23 11:36:11 | 001,539,862 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_netfx_dtp3C6F.txt
[2010/04/23 11:35:16 | 001,301,892 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vsexpbsln64_1003BBC.txt
[2010/04/23 11:33:29 | 000,450,548 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_Red_MSI3A5E.txt
[2010/04/23 11:33:07 | 000,339,528 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vc_runtime_x86_msi3A16.txt
[2010/04/23 11:31:51 | 000,345,782 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_dw20shared_x86_msi3921.txt
[2010/04/23 11:26:20 | 000,160,594 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_depcheck_VNS_EXP_100.txt
[2010/04/23 11:25:45 | 000,175,164 | ---- | C] () -- C:\Users\TEST\AppData\Local\uxeventlog.txt
[2010/04/23 11:25:45 | 000,000,002 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_error_vns_xcor_100.txt
[2010/04/23 11:25:44 | 000,465,390 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_install_vns_xcor_100.txt
[2010/03/04 15:22:36 | 000,000,236 | ---- | C] () -- C:\Users\TEST\AppData\Local\LaunchHomeCenter.log
[2010/02/08 06:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2010/01/11 15:28:36 | 000,364,372 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistMSI4CC1.txt
[2010/01/11 15:28:35 | 000,011,154 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI4CC1.txt
[2010/01/11 15:28:00 | 000,357,022 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistMSI4C4B.txt
[2010/01/11 15:27:59 | 000,011,378 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI4C4B.txt
[2009/12/19 23:13:30 | 000,230,910 | ---- | C] () -- C:\Users\TEST\AppData\Local\debuggee.mdmp
[2009/12/18 14:54:01 | 000,000,680 | ---- | C] () -- C:\Users\TEST\AppData\Local\d3d9caps.dat
[2009/12/04 19:06:32 | 000,375,732 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistMSI5A5F.txt
[2009/12/04 19:06:24 | 000,017,370 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI5A69.txt
[2009/12/04 19:06:21 | 000,017,926 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI5A5F.txt
[2009/12/02 22:06:55 | 000,370,130 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistMSI484B.txt
[2009/12/02 22:06:55 | 000,020,322 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI484F.txt
[2009/12/02 22:06:54 | 000,021,630 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_vcredistUI484B.txt
[2009/11/27 21:38:49 | 000,282,462 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeMSI2C23.txt
[2009/11/27 21:38:49 | 000,011,822 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_i64RuntimeUI2C23.txt
[2009/11/27 21:38:44 | 000,380,828 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeMSI2C12.txt
[2009/11/27 21:38:44 | 000,011,932 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x64RuntimeUI2C12.txt
[2009/11/27 21:38:39 | 000,392,728 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeMSI2C02.txt
[2009/11/27 21:38:39 | 000,011,916 | ---- | C] () -- C:\Users\TEST\AppData\Local\dd_VC_x86RuntimeUI2C02.txt
[2009/11/22 23:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/22 23:51:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/20 22:51:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/11/20 22:51:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/11/18 11:05:09 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/11/16 12:59:42 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/13 20:59:05 | 000,020,992 | ---- | C] () -- C:\Users\TEST\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/13 18:02:04 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\XMLConfig_SYSID.ini
[2009/11/13 16:50:01 | 002,502,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/11 20:18:11 | 000,000,000 | ---- | C] () -- C:\Users\TEST\AppData\Local\FnF4.txt
[2009/11/11 17:39:56 | 000,000,000 | ---- | C] () -- C:\Users\TEST\AppData\Local\QSwitch.txt
[2009/11/11 17:39:56 | 000,000,000 | ---- | C] () -- C:\Users\TEST\AppData\Local\DSwitch.txt
[2009/11/11 17:39:56 | 000,000,000 | ---- | C] () -- C:\Users\TEST\AppData\Local\AtStart.txt
[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll
[2006/11/29 02:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/12/20 20:19:26 | 005,934,080 | ---- | M] (Kasper-Key Sharing Network (KKSN)) -- C:\Kasper-Key Sharing Network V1.2.6d.exe
[2003/07/17 09:17:40 | 000,335,936 | ---- | M] () -- C:\KeyViewer.exe
[2003/08/01 05:33:14 | 000,807,424 | ---- | M] (BDG Publishing Inc.) -- C:\php5.exe
[2010/02/08 15:41:16 | 001,233,408 | ---- | M] (EZB Systems, Inc.) -- C:\UltraISO.exe


< MD5 for: EXPLORER.EXE >
[2009/11/13 14:44:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/11/13 14:44:22 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/11/13 14:44:23 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/11/13 14:44:21 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006/11/02 06:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/11/13 14:40:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2009/11/13 14:44:22 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/11/13 14:39:59 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2009/11/13 14:44:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/11/13 14:40:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/11/13 14:44:21 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/11/13 14:44:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/19 03:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2009/11/13 14:40:01 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\SysWOW64\wininit.exe
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\SysWOW64\wininit.exe
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/19 03:00:45 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006/11/02 06:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/19 03:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 06:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

_________

Thank you, please inform me if you would like me to run the OTL program again if you woul like to get the other logfile and if I should use that script that you supplied.

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:20 AM

Posted 16 November 2010 - 03:09 AM

Hi,

your logs are looking clean. None of the processes there are processes you would not expect to run on a vista machine. DWM is responsible for the vista look. If you turn of aero and other optical features, I am sure that the usage will go down a lot.
CSRSS is another very crucial windows process, without this process Windows won't run.

OTL will only create the extra log on the first run, it seems you have run OLT a couple of times before. You can create the Extras log, by selecting "safelist" in the Extras section. The OTL log is the way I wanted it.
Gmer will not run on 64bit systems, at least not the way described in the guide.

2GB of RAM for vista sadly isn't much and 64bit systems tend to use a little more RAM than 32bit systems. If it is an option I would consider upgrading the RAM. Otherwise turning of all the graphical additions like aero and similar should free up a lot of RAM.

Please run a scan with Malwarebytes to check for possible infections: Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 16 November 2010 - 11:51 AM

I will do this for you, but I have a purchased version of MBAM which I run weekly. However, I will do it. I do have Office 2010, and many IDE's, like Visual Studio 2010 and SQL Server 2008, along with other open source IDE's like Eclipse and APtana; I am sure that they are eating up my memory. It could be Visual Studio and SQL Server that are causing all of the processes to run. However, it just seems like the hard drive never stops. I am currently running a Virus Scan, and infections are always picked up, so I will let you know what comes up because it is only halfway done and there are already 12 discovered infections. There is Malware always found in the temp directory, is this something normal now?

Anyway, regarding the newer aoftware that I have, I realize that I need a brand new computer. It is just the fact that I cannot afford it, but I am job hunting, interviewing and getting offers currently. When obtained, I am going to donate something, it win't be much, but what I can afford. I am grateful to all of the help you all have given me. So besides MBAM, is there anything that I can run. One other thing, whenever I have Adobe open, because I have lots of programming eBooks and I read them when I am programming constantly. And when they are open, Adobe is sucking my memory. It could be due to the new Suite 5 Version, with ARM and all the new junk they put in it. If so, isn't there like an updater that they put in that isn't relevant if you want to do manual updates?

Anyway, when complete, within a few hours, I will post this stuff for you and we can go from there, if there is anywhere to go. Thanks again.

#6 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 16 November 2010 - 06:54 PM

I know you didn't ask request that I run BitDefender, but it was scheduled to do an automatic scan while I fell asleep with the computer on. By the time I woke up, it was more than halfway complete and there were infections. MBAM'amaslamma is below this, but as I told you, I run it constantly, so the results are not suprising. This was the ultimate result:

Scanned items: 1470132
Infected items: 18
Suspect items: 0 (no suspected items have been detected)
Resolved items: 12
Unresolved items: 6

So in regards to the 6 unresolved items, this is them, I could have looked it up, but I am certain you have a better idea than I:

Object Path | Threat Name | Final Status
| |
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-2a8ec11d=>dev/s/DyesyasZ.class | Java.Trojan.Exploit.Bytverify.N | Infected
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7738cbf8-344e4312=>dev/s/LoaderX.class | Java.Trojan.Exploit.Bytverify.N | Infected
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-2a8ec11d=>dev/s/AdgredY.class | Java.Trojan.Exploit.Bytverify.N | Infected
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4808c9f2-2a8ec11d=>dev/s/LoaderX.class | Java.Trojan.Exploit.Bytverify.N | Infected
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7738cbf8-344e4312=>dev/s/DyesyasZ.class | Java.Trojan.Exploit.Bytverify.N | Infected
File: C:\Users\TEST\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7738cbf8-344e4312=>dev/s/AdgredY.class | Java.Trojan.Exploit.Bytverify.N | Infected
__________________________________________________________________________________________________________________________________________________________________________

MBAM
__________________________________________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.46 beta
www.malwarebytes.org

Database version: 5129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/16/2010 6:05:57 PM
mbam-log-2010-11-16 (18-05-57).txt

Scan type: Quick scan
Objects scanned: 157252
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:20 AM

Posted 17 November 2010 - 05:13 AM

Hi,

those are basically attempts from a website to infect you. They were checking if your java can be tricked into infecting you. You can delete the files by emptying java cache:
Clear the Java cache:
  • Go to Start -> Control Panel.
  • In the Control Panel, double-click the Java icon.
    • The Java Control Panel appears.
  • Click Settings... under "Temporary Internet Files".The Temporary Files Settings dialog box appears.
  • Click Delete Files...The Delete Temporary Files dialog box appears.
  • Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
  • Click OK on the Temporary Files Settings window.
  • Close the Java Control Panel.

    You can also view these instructions along with screenshots here.

If you have a little knowledge of the inside of a PC, you could just upgrade the RAM. 2Gb of DDR2 RAM should cost about 40-50$ and may resolve the slowness.
In what folder where the other infections found?

regards myrti

Edited by myrti, 17 November 2010 - 05:13 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 17 November 2010 - 11:32 PM

I am fine with a PC, I have been fixing them since Windows 3.1. Plus I am a software developer. However, I never got into removing viruses. If you have any good books I can get or sites (but I don't think a site would be good due to the diversity of programs) to go to, I would appreciate it. So am I all set now? Do you want the OTL log file that I didn't' get before, if so, how do I make it so that the machine doesn't thinkit is still there, so I can get it to post the other log, because you said that it only runs on the first instance and I have used it multiple times. If I am complete, thank you and have a great day.

Rick

#9 wrikgee

wrikgee
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marblehead, Massachusetts
  • Local time:06:20 PM

Posted 18 November 2010 - 12:11 AM

I didn't mean to come across like a know it all in the last post, thank you so much for all of the help and advice that you have give me, it is greatly appreciated.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:20 AM

Posted 22 November 2010 - 04:02 PM

Hi,

I am sorry for the delay. I had a crazy week-end. You can get the second log from OTL by selecting "safelist" instead of "none" under "extra registry" once the program is started. I would be interested in seeing it, yes.

This is very much all I can do from far to check for malware. I don't see any indication that there is something present and would suspect that your slowness is either due to hardware or software issues.

There are many sites that will deal of malware and even more books. The way we do malware removal on the boards has never been captured in a book, as far as I know. We teach this at our site, through a studyhall and if you are interested in joining and helping out here, I would suggest you check this thread out: http://www.bleepingcomputer.com/forums/topic86678.html

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:20 AM

Posted 27 December 2010 - 07:49 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users