Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit?


  • This topic is locked This topic is locked
5 replies to this topic

#1 roor

roor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 28 November 2010 - 01:11 AM

Today I was using my computer as normal when suddenly it shut off for no apparent reason. Literally, just in the middle of working, full power off instantly. I restarted thinking I might have kicked the plug out or something, but when I finally got back Google Chrome would not load any pages, only sit there "loading" for ages before crashing. I searched around and found that it might be caused by a rootkit, so I went to investigate.

I scanned with iolo System Mechanic, which found nothing. I scanned with TDSSKiller, which found a "suspicious file" in a driver called spdt, which doesn't seem malicious as far as I can tell. I scanned with AVG which found a ton of infected filed under the name of Atapi -- I tried to remove them and got the error "the module is different". Upon Googling this it seems this is some kind of advanced rootkit; I've been trying to find a way to get this stuff off my system pretty much all night, but I can't seem to figure it out. Any help would be extremely appreciated.

I'm running Windows 7 64 bit.

I cannot get DDS to save a log file. It runs for a while, then just stops. There is no popup, no nothing.

I ran a HijackThis log instead, as this is the best I can do. I'm actually very worried now :(

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:08:53 AM, on 11/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\g\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\g\Desktop\dds.scr
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\g\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56QXVQZS\HijackThis[1].exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\g\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFJNEYtOUtURjctNkpRUVAtQUhSTjctQTRTSkctSA"&"inst=NzYtNjA4MjkwMTY4LU4xKzI"&"prod=92"&"ver=10.0.1170
O4 - HKCU\..\Run: [Google Update] "C:\Users\g\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = g\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.2.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - d:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11243 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:44 PM

Posted 04 December 2010 - 09:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#3 roor

roor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 05 December 2010 - 11:44 PM

Hi m0le, thanks for your help :)

Here are the scans you asked for:

OTL.txt

OTL logfile created on: 12/5/2010 7:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\g\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29.72 Gb Total Space | 1.96 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 736.38 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 31.87 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 966.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARMAGEDDON-PC | User Name: g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\g\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\DebugDiag\DbgSvc.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\g\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV:64bit: - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV:64bit: - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DAUpdaterSvc) -- d:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (DbgSvc) -- C:\Program Files (x86)\DebugDiag\DbgSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SAVRKBootTasks) -- C:\Windows\SysNative\SAVRKBootTasks.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (AMP) -- C:\Windows\SysNative\drivers\amp.sys (Authentium, Inc)
DRV:64bit: - (AMPSE) -- C:\Windows\SysNative\drivers\ampse.sys (Authentium, Inc)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (FileDisk) -- C:\Windows\SysWow64\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D D0 DD 78 B0 8E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/11/27 20:22:23 | 000,000,000 | ---D | M]

[2010/09/30 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Mozilla\Extensions
[2010/09/30 22:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\g\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2010/11/28 00:07:17 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (TextAloud Toolbar) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll (NextUp.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/08 23:37:26 | 000,000,000 | ---D | M] - D:\Autotune -- [ NTFS ]
O32 - AutoRun File - [2010/07/21 01:19:07 | 000,392,110 | R--- | M] () - F:\autorun.cdd -- [ CDFS ]
O32 - AutoRun File - [2010/07/21 01:21:46 | 002,415,152 | R--- | M] (EVGA Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/01/30 23:54:38 | 000,009,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/07/21 01:19:07 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{73dc32f0-7e9d-11df-a9cf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73dc32f0-7e9d-11df-a9cf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 19:31:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\g\Desktop\OTL.exe
[2010/12/03 20:23:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/29 21:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/28 21:48:00 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Roaming\Publish Providers
[2010/11/28 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\g\Documents\Vegas Movie Studio PE 9.0 Projects
[2010/11/28 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Roaming\Sony
[2010/11/28 21:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2010/11/28 21:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/11/28 21:00:52 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/11/28 20:58:30 | 000,032,824 | ---- | C] (Resplendence Software Projects Sp) -- C:\Windows\SysWow64\rrMon.sys
[2010/11/28 20:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Registrar Registry Manager
[2010/11/28 20:51:58 | 000,000,000 | ---D | C] -- C:\MGTOOLS
[2010/11/28 20:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExplorerXP
[2010/11/28 20:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft HiJackFree
[2010/11/28 20:09:50 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2010/11/28 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/11/28 00:48:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/28 00:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2010/11/28 00:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/11/28 00:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2010/11/28 00:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/11/27 23:52:04 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Roaming\AVG10
[2010/11/27 23:51:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/27 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/27 23:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/11/27 23:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/27 23:21:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/11/27 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\g\AppData\Local\Sony
[2010/11/27 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/27 20:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/27 20:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/11/27 20:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/26 09:29:10 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2010/11/26 09:29:10 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2010/11/26 09:29:10 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/11/26 09:29:10 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/11/26 09:29:10 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2010/11/26 09:29:09 | 020,284,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/11/26 09:29:09 | 007,491,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010/11/26 09:29:09 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010/11/26 09:29:08 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/11/26 09:29:08 | 012,788,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/11/26 09:29:08 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010/11/26 09:29:08 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010/11/26 09:29:08 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010/11/26 09:29:08 | 000,386,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010/11/26 09:29:08 | 000,319,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010/11/26 09:29:07 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/11/26 09:29:07 | 002,934,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/11/26 09:29:07 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/11/26 09:29:07 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/11/26 09:29:06 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/11/26 09:29:06 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/11/26 09:29:06 | 006,471,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/11/26 09:29:06 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/11/26 09:29:06 | 002,161,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010/11/26 09:29:06 | 001,719,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/11/26 09:29:06 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/11/26 09:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/11/26 09:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/11/23 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\g\Desktop\[wits]Swan_Lake
[2010/11/19 01:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TextStat
[2010/11/09 10:35:21 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/11/09 10:35:21 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/11/09 10:35:21 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/11/09 10:35:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/11/09 10:35:20 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/11/09 10:35:20 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/11/09 10:35:18 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/11/09 10:35:18 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/11/09 10:35:17 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/11/09 10:35:17 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/11/09 10:35:16 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/11/09 10:35:16 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/11/09 10:35:15 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/11/09 10:35:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/11/09 10:35:13 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/11/09 10:35:13 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/11/09 10:35:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/11/09 10:35:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/11/09 10:35:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/11/09 10:35:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/11/09 10:35:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/11/09 10:35:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/11/09 10:35:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/11/09 10:35:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/11/09 10:35:06 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010/11/09 10:35:06 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/11/09 10:35:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010/11/09 10:35:05 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010/11/09 10:35:03 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010/11/09 10:35:03 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/11/09 10:34:58 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010/11/09 10:34:58 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010/11/09 10:34:57 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010/11/09 10:34:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010/11/09 10:34:55 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/11/09 10:34:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/09 10:34:51 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010/11/09 10:34:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/09 10:34:49 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010/11/09 10:34:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010/11/09 10:34:49 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010/11/09 10:34:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010/11/09 10:34:46 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010/11/09 10:34:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010/11/09 10:34:44 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010/11/09 10:34:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010/11/09 10:34:44 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010/11/09 10:34:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/11/09 10:34:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010/11/09 10:34:43 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010/11/09 10:34:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010/11/09 10:34:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010/11/09 10:34:39 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010/11/09 10:34:39 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010/11/09 10:34:39 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010/11/09 10:34:39 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010/11/09 10:34:36 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010/11/09 10:34:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/11/09 10:34:34 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010/11/09 10:34:34 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010/11/09 10:34:34 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010/11/09 10:34:34 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010/11/09 10:34:33 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010/11/09 10:34:33 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010/11/09 10:34:32 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010/11/09 10:34:32 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010/11/09 10:34:30 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010/11/09 10:34:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010/11/09 10:34:30 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010/11/09 10:34:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010/11/09 10:34:28 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010/11/09 10:34:28 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010/11/09 10:34:26 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010/11/09 10:34:26 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010/11/09 10:34:23 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/11/09 10:34:22 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010/11/09 10:34:22 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010/11/09 10:34:21 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010/11/09 10:34:21 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010/11/09 10:34:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010/11/09 10:34:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010/11/09 10:34:19 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010/11/09 10:34:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010/11/09 10:34:17 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/11/09 10:34:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/11/09 10:34:17 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/11/09 10:34:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/11/09 10:34:15 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/11/09 10:34:15 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/11/09 10:34:14 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010/11/09 10:34:14 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010/11/09 10:34:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010/11/09 10:34:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010/11/09 10:34:11 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010/11/09 10:34:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010/11/09 10:34:10 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010/11/09 10:34:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010/11/09 10:34:10 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010/11/09 10:34:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010/11/09 10:34:07 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010/11/09 10:34:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010/11/09 10:34:06 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010/11/09 10:34:06 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010/11/09 10:34:04 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010/11/09 10:34:04 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010/11/09 10:34:04 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010/11/09 10:34:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010/11/09 10:34:02 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010/11/09 10:34:02 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010/11/09 10:34:01 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010/11/09 10:34:01 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010/11/09 10:34:00 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/11/09 10:34:00 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/11/09 10:34:00 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/11/09 10:34:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/11/09 10:33:58 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/11/09 10:33:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/11/09 10:33:57 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010/11/09 10:33:57 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010/11/09 10:33:57 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010/11/09 10:33:57 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010/11/09 10:33:55 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010/11/09 10:33:55 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010/11/09 10:33:55 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010/11/09 10:33:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010/11/09 10:33:53 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010/11/09 10:33:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/11/09 10:33:52 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010/11/09 10:33:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/11/09 10:33:51 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010/11/09 10:33:51 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010/11/09 10:33:50 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010/11/09 10:33:50 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010/11/09 10:33:50 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010/11/09 10:33:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010/11/09 10:33:48 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010/11/09 10:33:48 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010/11/09 10:33:47 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010/11/09 10:33:47 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010/11/09 10:33:46 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010/11/09 10:33:46 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010/11/09 10:33:45 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010/11/09 10:33:45 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010/11/09 10:33:43 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/11/09 10:33:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/11/09 10:33:42 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010/11/09 10:33:42 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010/11/09 10:33:42 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010/11/09 10:33:42 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010/11/09 10:33:40 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010/11/09 10:33:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010/11/09 10:33:39 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010/11/09 10:33:39 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010/11/09 10:33:39 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010/11/09 10:33:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010/11/09 10:33:38 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010/11/09 10:33:38 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010/11/09 10:33:37 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010/11/09 10:33:37 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010/11/09 10:33:36 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010/11/09 10:33:36 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010/11/09 10:33:25 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010/11/09 10:33:25 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/11/09 10:33:24 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010/11/09 10:33:24 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010/11/09 10:33:24 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010/11/09 10:33:24 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010/11/09 10:33:22 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010/11/09 10:33:22 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010/11/09 10:33:20 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010/11/09 10:33:20 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010/11/09 10:33:18 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010/11/09 10:33:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010/11/09 10:33:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/11/09 10:33:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/11/09 10:33:15 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/11/09 10:33:15 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/11/09 10:33:14 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010/11/09 10:33:14 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010/11/08 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/11/08 16:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010/11/08 16:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/11/08 16:36:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

========== Files - Modified Within 30 Days ==========

[2010/12/05 19:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\g\Desktop\OTL.exe
[2010/12/05 19:30:34 | 000,000,000 | ---- | M] () -- C:\Users\g\Desktop\OTL (1).exe
[2010/12/04 23:52:45 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/04 23:52:45 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/04 23:49:55 | 000,779,758 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/04 23:49:55 | 000,661,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/04 23:49:55 | 000,121,198 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/04 23:45:32 | 000,000,448 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2010/12/04 23:45:32 | 000,000,448 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2010/12/04 23:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/04 23:43:50 | 3219,251,200 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 04:27:58 | 000,082,674 | ---- | M] () -- C:\Users\g\Desktop\tumblr_la865pbMyi1qclwnro1_1280.jpg
[2010/12/01 04:26:58 | 000,496,199 | ---- | M] () -- C:\Users\g\Desktop\tumblr_la95nrADNc1qclwnro1_1280.jpg
[2010/12/01 03:59:38 | 000,027,875 | ---- | M] () -- C:\Users\g\Desktop\mochigif.gif
[2010/12/01 03:16:09 | 000,033,927 | ---- | M] () -- C:\Users\g\Desktop\1291138784819.png
[2010/11/30 04:21:23 | 007,562,870 | ---- | M] () -- C:\Users\g\Desktop\TSFH_-_United We Stand - Divided We Fall.mp3
[2010/11/30 03:38:19 | 000,205,910 | ---- | M] () -- C:\Users\g\Desktop\ass.png
[2010/11/30 03:38:13 | 001,254,713 | ---- | M] () -- C:\Users\g\Desktop\crap.psd
[2010/11/30 02:42:12 | 000,026,822 | ---- | M] () -- C:\Users\g\Desktop\wc063.gif
[2010/11/30 02:33:55 | 002,116,433 | ---- | M] () -- C:\Users\g\Desktop\deswing.psd
[2010/11/30 01:02:36 | 000,002,611 | ---- | M] () -- C:\Users\Public\Desktop\WoW Model Viewer 64-bit.lnk
[2010/11/29 21:52:24 | 000,079,216 | ---- | M] () -- C:\Users\g\Documents\80crap.xml
[2010/11/29 21:35:55 | 000,001,343 | ---- | M] () -- C:\Users\g\Desktop\Rawr.lnk
[2010/11/28 21:43:08 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2010/11/28 21:18:23 | 000,000,210 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2010/11/28 17:24:36 | 000,000,880 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/11/28 00:48:51 | 000,000,020 | ---- | M] () -- C:\Users\g\defogger_reenable
[2010/11/28 00:42:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-830210223-1408011041-292588204-1001UA.job
[2010/11/28 00:09:11 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/11/28 00:09:11 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010/11/28 00:09:11 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2010/11/28 00:07:17 | 000,000,860 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/27 23:40:08 | 000,002,297 | ---- | M] () -- C:\Users\g\Desktop\Google Chrome.lnk
[2010/11/27 23:29:32 | 000,508,472 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2010/11/27 20:25:39 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/27 20:21:53 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/26 19:55:19 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-830210223-1408011041-292588204-1001Core.job
[2010/11/23 02:42:28 | 001,506,445 | ---- | M] () -- C:\Users\g\Desktop\iy8y.psd
[2010/11/22 23:32:49 | 000,010,885 | ---- | M] () -- C:\Users\g\Desktop\c2e21d909d700c7b9622ef66d371edf6073cfda7_full.jpg
[2010/11/14 01:00:09 | 000,426,669 | ---- | M] () -- C:\Users\g\Documents\cataguide.odt
[2010/11/13 21:13:25 | 003,135,242 | ---- | M] () -- C:\Users\g\Desktop\2.png
[2010/11/11 03:41:23 | 001,285,572 | ---- | M] () -- C:\Users\g\Desktop\Untitled.png
[2010/11/09 22:12:58 | 000,174,277 | ---- | M] () -- C:\Users\g\Desktop\russ1.jpg
[2010/11/09 18:45:28 | 013,644,397 | ---- | M] () -- C:\Users\g\Desktop\azi.psd
[2010/11/08 23:15:07 | 000,000,221 | ---- | M] () -- C:\Users\g\Desktop\Call of Duty Black Ops.url
[2010/11/08 23:15:07 | 000,000,221 | ---- | M] () -- C:\Users\g\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/11/05 21:39:19 | 000,139,193 | ---- | M] () -- C:\Users\g\Desktop\Bookmarks.bak
[2010/11/05 21:39:19 | 000,139,193 | ---- | M] () -- C:\Users\g\Desktop\Bookmarks

========== Files Created - No Company Name ==========

[2010/12/05 19:30:38 | 000,000,000 | ---- | C] () -- C:\Users\g\Desktop\OTL (1).exe
[2010/12/04 00:11:03 | 000,000,448 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2010/12/04 00:11:03 | 000,000,448 | ---- | C] () -- C:\Windows\SysNative\iolo.ini
[2010/12/01 04:27:58 | 000,082,674 | ---- | C] () -- C:\Users\g\Desktop\tumblr_la865pbMyi1qclwnro1_1280.jpg
[2010/12/01 04:26:58 | 000,496,199 | ---- | C] () -- C:\Users\g\Desktop\tumblr_la95nrADNc1qclwnro1_1280.jpg
[2010/12/01 03:59:38 | 000,027,875 | ---- | C] () -- C:\Users\g\Desktop\mochigif.gif
[2010/12/01 03:16:19 | 000,033,927 | ---- | C] () -- C:\Users\g\Desktop\1291138784819.png
[2010/11/30 04:20:34 | 007,562,870 | ---- | C] () -- C:\Users\g\Desktop\TSFH_-_United We Stand - Divided We Fall.mp3
[2010/11/30 03:38:18 | 000,205,910 | ---- | C] () -- C:\Users\g\Desktop\ass.png
[2010/11/30 03:38:12 | 001,254,713 | ---- | C] () -- C:\Users\g\Desktop\crap.psd
[2010/11/30 02:42:12 | 000,026,822 | ---- | C] () -- C:\Users\g\Desktop\wc063.gif
[2010/11/30 02:33:46 | 002,116,433 | ---- | C] () -- C:\Users\g\Desktop\deswing.psd
[2010/11/30 01:02:36 | 000,002,611 | ---- | C] () -- C:\Users\Public\Desktop\WoW Model Viewer 64-bit.lnk
[2010/11/29 21:52:22 | 000,079,216 | ---- | C] () -- C:\Users\g\Documents\80crap.xml
[2010/11/29 21:35:55 | 000,001,343 | ---- | C] () -- C:\Users\g\Desktop\Rawr.lnk
[2010/11/28 21:43:08 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2010/11/28 21:18:23 | 000,000,210 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2010/11/28 20:58:12 | 000,120,376 | ---- | C] () -- C:\Windows\SysWow64\rrsec.dll
[2010/11/28 20:58:12 | 000,097,888 | ---- | C] () -- C:\Windows\SysWow64\rrsec2k.exe
[2010/11/28 17:22:57 | 000,000,880 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/11/28 00:48:51 | 000,000,020 | ---- | C] () -- C:\Users\g\defogger_reenable
[2010/11/28 00:07:47 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/11/28 00:07:47 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010/11/28 00:07:46 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2010/11/27 23:40:08 | 000,002,297 | ---- | C] () -- C:\Users\g\Desktop\Google Chrome.lnk
[2010/11/27 23:39:18 | 000,139,193 | ---- | C] () -- C:\Users\g\Desktop\Bookmarks.bak
[2010/11/27 23:39:18 | 000,139,193 | ---- | C] () -- C:\Users\g\Desktop\Bookmarks
[2010/11/27 20:25:39 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/27 20:21:53 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/26 09:03:26 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/11/23 02:42:26 | 001,506,445 | ---- | C] () -- C:\Users\g\Desktop\iy8y.psd
[2010/11/22 23:32:55 | 000,010,885 | ---- | C] () -- C:\Users\g\Desktop\c2e21d909d700c7b9622ef66d371edf6073cfda7_full.jpg
[2010/11/13 21:13:25 | 003,135,242 | ---- | C] () -- C:\Users\g\Desktop\2.png
[2010/11/11 03:41:23 | 001,285,572 | ---- | C] () -- C:\Users\g\Desktop\Untitled.png
[2010/11/10 22:19:57 | 000,426,669 | ---- | C] () -- C:\Users\g\Documents\cataguide.odt
[2010/11/09 22:12:58 | 000,174,277 | ---- | C] () -- C:\Users\g\Desktop\russ1.jpg
[2010/11/09 18:45:26 | 013,644,397 | ---- | C] () -- C:\Users\g\Desktop\azi.psd
[2010/11/08 23:15:07 | 000,000,221 | ---- | C] () -- C:\Users\g\Desktop\Call of Duty Black Ops.url
[2010/11/08 23:15:07 | 000,000,221 | ---- | C] () -- C:\Users\g\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/10/28 20:29:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/24 14:49:09 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/09/25 23:20:24 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/25 23:20:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/16 21:31:11 | 000,000,333 | ---- | C] () -- C:\Windows\game.ini
[2010/07/03 16:46:01 | 000,003,842 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010/07/03 00:51:11 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/24 05:12:08 | 000,007,611 | ---- | C] () -- C:\Users\g\AppData\Local\Resmon.ResmonCfg
[2009/07/30 20:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/28 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Ableton
[2010/06/23 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\acccore
[2010/06/23 00:17:52 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Acreon
[2010/08/27 22:17:52 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Amazon
[2010/11/27 23:52:04 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\AVG10
[2010/10/10 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Canon
[2010/08/28 19:32:45 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\DAEMON Tools Lite
[2010/07/03 01:16:26 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Dragon Age Toolset
[2010/12/03 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Dropbox
[2010/10/24 15:05:05 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\FreshDiagnose
[2010/10/24 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\iolo
[2010/10/19 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\JardicPro
[2010/06/25 17:25:17 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\OpenOffice.org
[2010/07/11 16:03:45 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\PrimoPDF
[2010/11/28 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Publish Providers
[2010/10/05 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\SecondLife
[2010/11/29 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Sony
[2010/11/01 11:32:57 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\SystemRequirementsLab
[2010/09/30 22:50:48 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\Thunderbird
[2010/08/24 18:42:16 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/08/24 21:07:14 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/11/29 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\uTorrent
[2010/08/14 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\g\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2010/11/28 00:09:11 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/11/28 00:09:11 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2010/11/28 00:09:11 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2010/12/04 23:43:55 | 000,029,386 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/28 21:18:23 | 000,000,210 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/11/19 01:38:23 | 000,456,639 | ---- | M] ()(C:\Users\g\Desktop\???????? ????????. ????? ? ??????????? ??????????? ??????? ????? ???????.htm) -- C:\Users\g\Desktop\Владимир Войнович. Жизнь и необычайные приключения солдата Ивана Чонкина.htm
[2010/11/19 01:38:22 | 000,456,639 | ---- | C] ()(C:\Users\g\Desktop\???????? ????????. ????? ? ??????????? ??????????? ??????? ????? ???????.htm) -- C:\Users\g\Desktop\Владимир Войнович. Жизнь и необычайные приключения солдата Ивана Чонкина.htm
[2010/10/19 19:02:47 | 000,000,660 | ---- | M] ()(C:\Users\g\Documents\???.txt) -- C:\Users\g\Documents\иии.txt
[2010/10/19 19:02:47 | 000,000,660 | ---- | C] ()(C:\Users\g\Documents\???.txt) -- C:\Users\g\Documents\иии.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

Extras.txt

OTL Extras logfile created on: 12/5/2010 7:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\g\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29.72 Gb Total Space | 1.96 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 736.38 Gb Free Space | 79.05% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 31.87 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 966.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARMAGEDDON-PC | User Name: g | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3747D749-D0E1-4D83-96CA-F108CFE7370F}" = World of Warcraft Model Viewer
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{5ED208BF-C15D-4BDA-8C75-7EB956F80996}" = World of Warcraft Model Viewer 64-bit
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"CCleaner" = CCleaner
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"Registrar Registry Manager 6.52 (Lite Edition)" = Registrar Registry Manager 6.52 (Lite Edition)
"Registrar_is1" = Registrar Registry Manager 6.52
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07D11D64-940C-2E39-53F3-D465E835AC2D}" = Zinio Reader 4
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{269D9C87-36E2-453E-A58D-B39BD617917C}" = Scratch Live 2.1.0 (21057)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B78B379-C0E7-4FBF-9FD9-04FB6E05E60F}" = Debug Diagnostics Tool 1.1 (x86)
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{458207CA-1B0C-4A35-AEDF-9C9D5B0579C5}" = Livestream Procaster
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{A0DE0B76-09D3-4C66-9442-82404F747AAE}" = Reference Image v1 Demo
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8322D71-F51B-CD0E-1A2E-606037CFA7BF}" = TweetDeck
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F82C1FF3-4B7A-49B2-ACF7-5AE402C4C0CB}" = Call of Duty® 4 - Modern Warfare™
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoolSpeech 5.0" = CoolSpeech 5.0
"Download Manager" = Download Manager 2.3.10
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.5
"ExplorerXP" = ExplorerXP (remove only)
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"InstallShield_{F82C1FF3-4B7A-49B2-ACF7-5AE402C4C0CB}" = Call of Duty® 4 - Modern Warfare™
"JardicPro" = Uninstall Jardic Pro
"LastFM_is1" = Last.fm 1.5.4.27091
"LuaEdit_is1" = LuaEdit 3.0.3 RC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pepakura_designer3en" = Pepakura Designer 3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 2200" = Quake III Arena
"Steam App 22380" = Fallout: New Vegas
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 2330" = Quake II: The Reckoning
"Steam App 2340" = Quake II: Ground Zero
"Steam App 2350" = Quake III: Team Arena
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 47730" = Dragon Age: Origins - Awakening
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 630" = Alien Swarm
"Steam App 9030" = Quake Mission Pack 2: Dissolution of Eternity
"Steam App 9040" = Quake Mission Pack 1: Scourge of Armagon
"TextAloud3_is1" = TextAloud 3.0
"TextStat_is1" = TextStat 3.0
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VTFEdit_is1" = VTFEdit 1.2.5
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WordFrequencyCounter" = WordFrequencyCounter 1.22
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2937143553.elitistjerks.com" = Rawr
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2010 9:55:53 PM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 11/30/2010 3:24:18 PM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 12/1/2010 12:57:32 AM | Computer Name = ARMAGEDDON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WoW.exe, version: 4.0.3.13329, time stamp:
0x4ce41b27 Faulting module name: WoW.exe, version: 4.0.3.13329, time stamp: 0x4ce41b27
Exception
code: 0x40000015 Fault offset: 0x002341bc Faulting process id: 0x131c Faulting application
start time: 0x01cb90c93583212c Faulting application path: E:\Games\World of Warcraft\WoW.exe
Faulting
module path: E:\Games\World of Warcraft\WoW.exe Report Id: 80bd9598-fd07-11df-80cc-00241d1cbd2c

Error - 12/2/2010 3:42:35 PM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 12/2/2010 7:59:08 PM | Computer Name = ARMAGEDDON-PC | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.200.2, time stamp:
0x4bc398af Faulting module name: nvoglv32.DLL, version: 8.17.12.6099, time stamp:
0x4cb9da73 Exception code: 0xc0000005 Fault offset: 0x006737a0 Faulting process id:
0x1338 Faulting application start time: 0x01cb927ce7f36df4 Faulting application path:
C:\Program Files (x86)\Java\jre6\bin\java.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: 265f3c9a-fe70-11df-b6fa-00241d1cbd2c

Error - 12/3/2010 6:38:49 PM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 12/3/2010 9:24:29 PM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 12/4/2010 1:09:35 AM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

Error - 12/4/2010 9:35:58 PM | Computer Name = ARMAGEDDON-PC | Source = Application Hang | ID = 1002
Description = The program WoW.exe version 4.0.3.13329 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 268 Start Time:
01cb94123e0b18e2 Termination Time: 121 Application Path: E:\Games\World of Warcraft\WoW.exe

Report
Id: 005c0374-0010-11e0-a39f-00241d1cbd2c

Error - 12/5/2010 12:43:55 AM | Computer Name = ARMAGEDDON-PC | Source = Schedule | ID = 0
Description =

[ System Events ]
Error - 12/5/2010 6:49:03 PM | Computer Name = ARMAGEDDON-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952506.

Error - 12/5/2010 6:49:03 PM | Computer Name = ARMAGEDDON-PC | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014790.

Error - 12/5/2010 7:12:38 PM | Computer Name = ARMAGEDDON-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952506.

Error - 12/5/2010 7:12:38 PM | Computer Name = ARMAGEDDON-PC | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014790.

Error - 12/5/2010 7:13:08 PM | Computer Name = ARMAGEDDON-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952506.

Error - 12/5/2010 7:13:08 PM | Computer Name = ARMAGEDDON-PC | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014790.

Error - 12/5/2010 7:15:23 PM | Computer Name = ARMAGEDDON-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952506.

Error - 12/5/2010 7:15:23 PM | Computer Name = ARMAGEDDON-PC | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014790.

Error - 12/5/2010 7:15:53 PM | Computer Name = ARMAGEDDON-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147952506.

Error - 12/5/2010 7:15:53 PM | Computer Name = ARMAGEDDON-PC | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147014790.


< End of report >

Sarscan.log


Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 12/5/2010 at 19:54:20 PM
User "g" on computer "ARMAGEDDON-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\93C3.tmp
Hidden: file C:\Users\g\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Quake.url
Hidden: file C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\9681.tmp
Hidden: file C:\NVIDIA\DisplayDriver\257.21\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe
Hidden: file C:\Users\g\Desktop\OTL.exe
Hidden: file C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011f
Hidden: file C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\PCI\AMEImporters\redist\WindowsInstaller-KB893803-v2-x86.exe
Hidden: file C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\PCI\AMEExporters\redist\WindowsInstaller-KB893803-v2-x86.exe
Hidden: file C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\database-template\bin\x86\mysqldump.exe
Hidden: file C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\database-template\bin\x86\mysqlimport.exe
Hidden: file C:\Program Files\Logitech\GamePanel Software\LU\LogitechUpdate.exe
Hidden: file C:\Program Files\Logitech\GamePanel Software\LU\LULnchr.exe
Hidden: file C:\NVIDIA\DisplayDriver\258.96\WinVista_Win7_64\English\hdaudio_1.0.15.0_xp_vista_win7.exe

Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 12/5/2010 at 20:16:39 PM
User "g" on computer "ARMAGEDDON-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files (x86)\QuickTime\QTPlugin.ocx
Hidden: file C:\NVIDIA\DisplayDriver\257.21\WinVista_Win7_64\English\hdaudio_1.0.9.1_xp_vista_win7.exe
Hidden: file C:\Users\g\Desktop\OTL.exe
Hidden: file C:\Users\g\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00011f
Hidden: file C:\Windows\RtlExUpd.dll
Hidden: file C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\PCI\AMEImporters\redist\WindowsInstaller-KB893803-v2-x86.exe
Hidden: file C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\PCI\AMEExporters\redist\WindowsInstaller-KB893803-v2-x86.exe
Hidden: file C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\database-template\bin\x86\mysqladmin.exe
Hidden: file C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\database-template\bin\x86\mysqldump.exe
Hidden: file C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\database-template\bin\x86\mysqlimport.exe
Hidden: file C:\Program Files\Logitech\GamePanel Software\LU\LogitechUpdate.exe
Hidden: file C:\Program Files\Logitech\GamePanel Software\LU\LULnchr.exe
Hidden: file C:\NVIDIA\DisplayDriver\258.96\WinVista_Win7_64\English\hdaudio_1.0.15.0_xp_vista_win7.exe

Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 12/5/2010 at 23:11:02 PM
User "g" on computer "ARMAGEDDON-PC"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Info: Starting disk scan of D: (NTFS).
Info: Starting disk scan of E: (NTFS).
Stopped logging on 12/5/2010 at 23:39:18 PM

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:44 PM

Posted 06 December 2010 - 04:50 PM

Sophos says everything's fine but what you are describing is a TDSS rootkit attack so we're going to dig a bit more.

Please rerun TDSSKiller again and follow the instructions below exactly (even if it sounds like the file being removed is a legitimate one because TDSS infects legitimate files)

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:44 PM

Posted 09 December 2010 - 08:29 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:44 PM

Posted 11 December 2010 - 08:01 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users