Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Virus is restricting internet access


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sjcolian27

Sjcolian27

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 07 December 2010 - 12:50 AM

I somehow contracted a virus which blocks my internet access. First it started with assigning random proxies to mozilla which I would remedy by disabling the proxy connection. Thus, my internet is working albeit sluggishly. However, whatever I have contracted is blocking internet access to any program which tries to access the internet. This includes WoW, any AV or antispyware which tries to update, and Curse Client (a trusted program which downloads addons for WoW). Additionally, on startup, my computer will boot with no explorer.exe running (i just get a black screen); explorer will come up if i run it through the taskmanager or wait about 5 mins. Prior to making this post I have run malwarebytes and Spybot S&D multiple time. On multiple occasion I have gotten coolwwwsearch.ole help and win32.autorun.tmp. CWsearch has subsided, but i think the Win32 is still around. I recently have run Malwarebytes and Spybot S&D and both have come up empty, as well as superantispyware and things like aeeater and rootalyzer. They all show up empty, but it is clear I still have a problem. I have been fighting this virus for roughly a week now. Occasionally the computer will work, but after a reboot or letting the computer run for like 5 hours, the problem resurfaces. Below are my MBAM logs, Gmerlogs, and OTL logs. Please help. If you need any other information please do not hesitate to ask. Thank you.

MBAM logs and OTL extras are attachments


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 23:20:14
Windows 6.0.6001 Service Pack 1
Running: 5qmu6pt6.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e377512d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186670570 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e377512d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186670570 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e377512d8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186670570
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186670570@00249f3c4afe 0xE2 0x1E 0xE7 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xB9 0xCA 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0x8B 0xDC 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xB7 0x9B 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x7A 0x55 0x03 ...

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 12/6/2010 10:52:02 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Steve-O\Desktop\Security
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.42 Gb Total Space | 14.57 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 39.45 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
Drive E: | 13.37 Gb Total Space | 2.34 Gb Free Space | 17.50% Space Free | Partition Type: NTFS

Computer Name: STEVE-O-PC | User Name: Steve-O | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve-O\Desktop\Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\n52te\n52teTra.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\Steve-O\Desktop\Security\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (libusbd) -- C:\Windows\SysNative\libusbd-nt.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\STacSV64.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveTurbineMessageService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.)
SRV - (LiveTurbineNetworkService) -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.)
SRV - (McShield) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys ()
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys ()
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (AVerFx2hbtv64) -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\DRIVERS\vhidmini.sys ()
DRV:64bit: - (JmtFltr) -- C:\Windows\SysNative\drivers\JmtFltr.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys ()
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys ()
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys ()
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (eabfiltr) -- C:\Windows\SysNative\DRIVERS\eabfiltr64.sys ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys ()
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys ()
DRV:64bit: - (uisp) -- C:\Windows\SysNative\Drivers\usbicp.sys ()
DRV - (mferkdk) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys (McAfee, Inc.)
DRV - (uisp) -- C:\Windows\SysWOW64\drivers\USBICP.sys (Motorola)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.gamesradar.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49859

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gamesradar.com/"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {342366CA-5842-4D7B-8C54-3F3124ECABAE}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49859

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/31 20:46:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/30 18:02:33 | 000,000,000 | ---D | M]

[2008/08/05 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Extensions
[2010/12/06 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions
[2009/08/09 16:44:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 16:33:56 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/12/03 00:46:26 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\illimitux@illimitux.net
[2008/10/23 20:11:29 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Mozilla\Firefox\Profiles\ahydwys9.default\extensions\moveplayer@movenetworks.com
[2008/08/05 21:31:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/04 16:10:09 | 000,426,617 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14694 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files (x86)\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3201205a-0917-11df-971c-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{3201205a-0917-11df-971c-002186670570}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{d73cc56f-09af-11de-a955-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{d73cc56f-09af-11de-a955-002186670570}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e0eef4cd-2655-11df-bac3-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eef4cd-2655-11df-bac3-002186670570}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fee57693-7b9c-11dd-a3b5-002186670570}\Shell - "" = AutoRun
O33 - MountPoints2\{fee57693-7b9c-11dd-a3b5-002186670570}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 22:45:43 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\Avira
[2010/12/06 22:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/06 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/06 22:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2010/12/06 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2010/12/06 20:29:00 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/12/06 20:25:43 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\Desktop\Security
[2010/12/06 16:32:19 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\DoctorWeb
[2010/12/06 14:51:14 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/06 14:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/06 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/06 14:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/05 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/12/05 16:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/12/05 16:08:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/05 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/12/05 15:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/05 15:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/04 15:40:15 | 000,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl
[2010/12/04 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/04 14:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/12/04 14:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/04 14:18:42 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Roaming\GlarySoft
[2010/12/04 14:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Registry Repair
[2010/12/03 20:58:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/03 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/03 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/12/03 19:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/11 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\Documents\Vindictus
[2010/11/11 13:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2010/11/11 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\Steve-O\AppData\Local\PMB Files
[2010/11/11 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[6 C:\Users\Steve-O\Documents\*.tmp files -> C:\Users\Steve-O\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/06 22:43:33 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/06 22:41:29 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/12/06 22:18:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-261287017-3795730463-87405456-1000UA.job
[2010/12/06 22:05:45 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 22:05:45 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 20:33:53 | 000,005,742 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101206_203331.reg
[2010/12/06 20:12:47 | 000,716,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/06 20:12:47 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/06 20:12:47 | 000,108,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/06 20:09:26 | 000,427,266 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/06 20:09:05 | 000,000,254 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/06 20:08:57 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/12/06 20:06:34 | 000,427,266 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/06 20:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 20:03:35 | 000,001,908 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/06 14:50:56 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/06 11:47:30 | 000,027,935 | ---- | M] () -- C:\Users\Steve-O\AppData\Roaming\8B05.A05
[2010/12/06 03:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-261287017-3795730463-87405456-1000Core.job
[2010/12/05 17:57:50 | 000,011,155 | ---- | M] () -- C:\Users\Steve-O\Documents\XmAS 2011.docx
[2010/12/05 16:30:05 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/12/05 16:14:10 | 000,002,711 | ---- | M] () -- C:\Users\Steve-O\Desktop\Attach.rar
[2010/12/05 16:08:09 | 000,000,905 | ---- | M] () -- C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/05 16:07:43 | 000,000,725 | ---- | M] () -- C:\Users\Steve-O\Desktop\NTREGOPT.lnk
[2010/12/05 16:07:43 | 000,000,706 | ---- | M] () -- C:\Users\Steve-O\Desktop\ERUNT.lnk
[2010/12/05 15:49:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/12/05 15:31:12 | 000,000,000 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\prvlcl.dat
[2010/12/04 16:14:15 | 000,086,412 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101204_161410.reg
[2010/12/04 16:10:09 | 000,426,617 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/04 15:18:19 | 000,059,904 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 14:38:56 | 000,001,083 | ---- | M] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/04 14:38:56 | 000,001,059 | ---- | M] () -- C:\Users\Steve-O\Desktop\Spybot - Search & Destroy.lnk
[2010/12/04 14:29:43 | 000,397,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/04 14:23:39 | 000,415,696 | ---- | M] () -- C:\Users\Steve-O\Documents\cc_20101204_142248.reg
[2010/12/04 14:20:52 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/04 14:18:46 | 000,000,838 | ---- | M] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010/12/04 14:18:46 | 000,000,814 | ---- | M] () -- C:\Users\Steve-O\Desktop\Glary Registry Repair.lnk
[2010/12/03 20:58:40 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/03 20:47:59 | 000,000,036 | ---- | M] () -- C:\Users\Steve-O\AppData\Local\housecall.guid.cache
[2010/12/03 19:58:17 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/02 17:50:02 | 000,173,748 | ---- | M] () -- C:\Users\Steve-O\Documents\JIBL Fall 2010 Note 2 edits.docx
[2010/12/01 16:52:53 | 000,179,357 | ---- | M] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.pdf
[2010/12/01 16:52:44 | 000,032,079 | ---- | M] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.docx
[2010/12/01 12:00:21 | 000,020,826 | ---- | M] () -- C:\Users\Steve-O\Documents\Steve TL final.docx
[2010/11/30 21:13:53 | 000,017,191 | ---- | M] () -- C:\Users\Steve-O\Documents\Oral Arg.docx
[2010/11/30 17:26:26 | 000,024,044 | ---- | M] () -- C:\Users\Steve-O\Documents\FRANK FISINO AFFI.docx
[2010/11/30 00:12:59 | 000,028,398 | ---- | M] () -- C:\Users\Steve-O\Documents\PT Skills memo final.docx
[2010/11/29 20:38:45 | 000,164,304 | ---- | M] () -- C:\Users\Steve-O\Documents\6 Hickey.docx
[2010/11/29 20:38:45 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$Hickey.docx
[2010/11/29 20:38:15 | 000,268,288 | ---- | M] () -- C:\Users\Steve-O\Desktop\6 Hickey.doc
[2010/11/29 18:28:53 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$3213.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/29 17:01:11 | 000,015,042 | ---- | M] () -- C:\Users\Steve-O\Documents\STIPS.docx
[2010/11/29 15:11:31 | 000,145,344 | ---- | M] () -- C:\Users\Steve-O\Documents\5 Hickey.docx
[2010/11/29 13:59:49 | 000,054,426 | ---- | M] () -- C:\Users\Steve-O\Documents\Stipulations of Settlement.pdf
[2010/11/28 23:51:53 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$ Skills memo final.docx
[2010/11/28 18:23:00 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$ANK FISINO AFFI.docx
[2010/11/28 15:54:18 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$.assignment.fall.2010.docx
[2010/11/28 15:33:35 | 000,000,162 | -H-- | M] () -- C:\Users\Steve-O\Documents\~$eve TL final.docx
[2010/11/26 16:47:50 | 000,000,312 | ---- | M] () -- C:\Users\Steve-O\Desktop\Curse Client.appref-ms
[2010/11/22 23:24:37 | 000,010,257 | ---- | M] () -- C:\Users\Steve-O\Documents\GTX460.docx
[2010/11/22 23:24:12 | 000,031,803 | ---- | M] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.docx
[2010/11/21 16:44:13 | 000,048,640 | ---- | M] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.doc
[2010/11/15 19:05:16 | 000,038,428 | ---- | M] () -- C:\Users\Steve-O\Documents\Letter and Resume.docx
[2010/11/15 18:55:49 | 000,012,996 | ---- | M] () -- C:\Users\Steve-O\Documents\LG cover letter.docx
[2010/11/14 23:00:48 | 000,012,927 | ---- | M] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.docx
[2010/11/14 22:39:47 | 000,059,411 | ---- | M] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.pdf
[2010/11/10 14:27:04 | 000,014,784 | ---- | M] () -- C:\Users\Steve-O\Documents\Settlement on Judgment with notice.docx
[2010/11/10 12:14:19 | 000,052,950 | ---- | M] () -- C:\Users\Steve-O\Documents\Lit Drafting OTSC-FINAL.docx
[2010/11/10 12:02:19 | 000,031,958 | ---- | M] () -- C:\Users\Steve-O\Documents\LBA OTSC FINAL UPDATED.docx
[2010/11/10 10:40:48 | 000,038,317 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo updated(1).docx
[2010/11/10 02:37:30 | 000,037,100 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo updated.docx
[2010/11/09 21:04:56 | 000,022,942 | ---- | M] () -- C:\Users\Steve-O\Documents\LBA OTSC Final.docx
[2010/11/09 21:01:14 | 000,021,815 | ---- | M] () -- C:\Users\Steve-O\Documents\lba final memo.docx
[2010/11/07 20:31:02 | 000,017,612 | ---- | M] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.docx
[2010/11/07 20:15:36 | 000,071,167 | ---- | M] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.pdf
[2010/11/07 20:08:48 | 000,072,792 | ---- | M] () -- C:\Users\Steve-O\Documents\JIBL Vol X No 1 Defeis-edits-1.docx
[6 C:\Users\Steve-O\Documents\*.tmp files -> C:\Users\Steve-O\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 22:43:33 | 000,001,863 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/06 22:43:14 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/06 22:43:14 | 000,081,584 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/06 22:41:29 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2010/12/06 20:33:44 | 000,005,742 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101206_203331.reg
[2010/12/06 14:50:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/05 16:30:05 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/12/05 16:14:10 | 000,002,711 | ---- | C] () -- C:\Users\Steve-O\Desktop\Attach.rar
[2010/12/05 16:08:09 | 000,000,905 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/05 16:07:43 | 000,000,725 | ---- | C] () -- C:\Users\Steve-O\Desktop\NTREGOPT.lnk
[2010/12/05 16:07:43 | 000,000,706 | ---- | C] () -- C:\Users\Steve-O\Desktop\ERUNT.lnk
[2010/12/05 15:49:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/12/05 15:48:47 | 000,415,312 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\dd_vcredistMSI77D6.txt
[2010/12/05 15:48:47 | 000,013,630 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\dd_vcredistUI77D6.txt
[2010/12/04 16:14:12 | 000,086,412 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101204_161410.reg
[2010/12/04 14:38:56 | 000,001,083 | ---- | C] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/04 14:38:56 | 000,001,059 | ---- | C] () -- C:\Users\Steve-O\Desktop\Spybot - Search & Destroy.lnk
[2010/12/04 14:22:54 | 000,415,696 | ---- | C] () -- C:\Users\Steve-O\Documents\cc_20101204_142248.reg
[2010/12/04 14:20:52 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/04 14:18:46 | 000,000,838 | ---- | C] () -- C:\Users\Steve-O\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Registry Repair.lnk
[2010/12/04 14:18:46 | 000,000,814 | ---- | C] () -- C:\Users\Steve-O\Desktop\Glary Registry Repair.lnk
[2010/12/03 20:58:40 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/03 20:47:59 | 000,000,036 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\housecall.guid.cache
[2010/12/03 20:27:21 | 000,011,155 | ---- | C] () -- C:\Users\Steve-O\Documents\XmAS 2011.docx
[2010/12/03 19:58:17 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/12/03 16:43:02 | 000,027,935 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\8B05.A05
[2010/12/01 16:48:46 | 000,179,357 | ---- | C] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.pdf
[2010/12/01 12:35:13 | 000,032,079 | ---- | C] () -- C:\Users\Steve-O\Documents\LEASE AGREEMENT.docx
[2010/11/30 20:36:34 | 000,017,191 | ---- | C] () -- C:\Users\Steve-O\Documents\Oral Arg.docx
[2010/11/29 20:38:45 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$Hickey.docx
[2010/11/29 20:38:43 | 000,164,304 | ---- | C] () -- C:\Users\Steve-O\Documents\6 Hickey.docx
[2010/11/29 20:38:13 | 000,268,288 | ---- | C] () -- C:\Users\Steve-O\Desktop\6 Hickey.doc
[2010/11/29 18:28:53 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$3213.docx
[2010/11/29 15:11:28 | 000,145,344 | ---- | C] () -- C:\Users\Steve-O\Documents\5 Hickey.docx
[2010/11/29 13:59:48 | 000,054,426 | ---- | C] () -- C:\Users\Steve-O\Documents\Stipulations of Settlement.pdf
[2010/11/28 23:51:53 | 000,028,398 | ---- | C] () -- C:\Users\Steve-O\Documents\PT Skills memo final.docx
[2010/11/28 23:51:53 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$ Skills memo final.docx
[2010/11/28 18:23:00 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$ANK FISINO AFFI.docx
[2010/11/28 18:22:59 | 000,024,044 | ---- | C] () -- C:\Users\Steve-O\Documents\FRANK FISINO AFFI.docx
[2010/11/28 18:17:51 | 000,015,042 | ---- | C] () -- C:\Users\Steve-O\Documents\STIPS.docx
[2010/11/28 15:54:18 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$.assignment.fall.2010.docx
[2010/11/28 15:33:35 | 000,000,162 | -H-- | C] () -- C:\Users\Steve-O\Documents\~$eve TL final.docx
[2010/11/28 15:33:34 | 000,020,826 | ---- | C] () -- C:\Users\Steve-O\Documents\Steve TL final.docx
[2010/11/22 23:24:36 | 000,010,257 | ---- | C] () -- C:\Users\Steve-O\Documents\GTX460.docx
[2010/11/22 23:24:09 | 000,031,803 | ---- | C] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.docx
[2010/11/21 16:44:12 | 000,048,640 | ---- | C] () -- C:\Users\Steve-O\Documents\TL.assignment.fall.2010.doc
[2010/11/18 21:31:47 | 000,173,748 | ---- | C] () -- C:\Users\Steve-O\Documents\JIBL Fall 2010 Note 2 edits.docx
[2010/11/15 19:05:15 | 000,038,428 | ---- | C] () -- C:\Users\Steve-O\Documents\Letter and Resume.docx
[2010/11/15 18:55:48 | 000,012,996 | ---- | C] () -- C:\Users\Steve-O\Documents\LG cover letter.docx
[2010/11/14 22:39:45 | 000,059,411 | ---- | C] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.pdf
[2010/11/13 18:04:56 | 000,012,927 | ---- | C] () -- C:\Users\Steve-O\Documents\FISINO JURY CHARGE.docx
[2010/11/10 14:27:03 | 000,014,784 | ---- | C] () -- C:\Users\Steve-O\Documents\Settlement on Judgment with notice.docx
[2010/11/10 12:07:44 | 000,052,950 | ---- | C] () -- C:\Users\Steve-O\Documents\Lit Drafting OTSC-FINAL.docx
[2010/11/10 10:40:47 | 000,038,317 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo updated(1).docx
[2010/11/10 02:37:29 | 000,037,100 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo updated.docx
[2010/11/09 21:03:53 | 000,031,958 | ---- | C] () -- C:\Users\Steve-O\Documents\LBA OTSC FINAL UPDATED.docx
[2010/11/08 17:04:21 | 000,021,815 | ---- | C] () -- C:\Users\Steve-O\Documents\lba final memo.docx
[2010/11/07 20:05:19 | 000,071,167 | ---- | C] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.pdf
[2010/11/07 19:43:51 | 000,022,942 | ---- | C] () -- C:\Users\Steve-O\Documents\LBA OTSC Final.docx
[2010/11/07 18:09:11 | 000,017,612 | ---- | C] () -- C:\Users\Steve-O\Documents\EBT report - MORRELL.docx
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/13 19:27:43 | 000,000,077 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/13 19:25:35 | 000,001,669 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/28 14:30:25 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\prvlcl.dat
[2010/06/11 18:50:32 | 000,000,120 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\Izofi.dat
[2010/06/11 18:50:32 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\Bmepitaduxotoye.bin
[2010/06/11 18:49:08 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\chrtmp
[2010/05/10 18:35:15 | 000,000,016 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\msesbucf.txt
[2010/04/13 13:54:20 | 000,000,095 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\fusioncache.dat
[2010/04/06 15:06:00 | 000,007,808 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\d3d9caps.dat
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\QSwitch.txt
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\DSwitch.txt
[2010/03/12 22:28:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\AtStart.txt
[2010/03/12 22:22:49 | 000,059,904 | ---- | C] () -- C:\Users\Steve-O\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 21:21:59 | 000,009,780 | -HS- | C] () -- C:\Users\Steve-O\AppData\Local\D0vGv42335R44
[2010/01/29 17:18:33 | 000,002,994 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\com.koingosw.LibrarianPro.xml
[2009/10/28 15:26:47 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/26 19:22:01 | 000,427,266 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/26 19:22:01 | 000,427,266 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/09/01 23:49:08 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2008/08/10 21:33:43 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2008/08/05 15:35:57 | 000,078,717 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\nvModes.001
[2008/08/05 15:35:54 | 000,078,717 | ---- | C] () -- C:\Users\Steve-O\AppData\Roaming\nvModes.dat
[2008/02/25 06:38:23 | 000,002,298 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005/08/10 10:56:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ESxUtil.dll
[1996/11/18 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[1996/11/18 00:00:00 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\P2sodbc.dll
[1996/11/18 00:00:00 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[1996/11/18 00:00:00 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[1996/11/18 00:00:00 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\P2bbnd.dll
[1996/05/25 16:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\fxtls432.dll

========== LOP Check ==========

[2010/02/10 20:02:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Bioshock2
[2010/05/12 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2008/09/05 17:47:38 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DAEMON Tools
[2010/12/06 15:50:02 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Defense Center
[2008/08/05 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DigitalPersona
[2008/09/01 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\DNA
[2010/12/04 14:18:42 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\GlarySoft
[2010/01/29 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Librarian Pro
[2009/10/22 10:57:09 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LimeWire
[2010/07/23 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LolClient
[2009/09/27 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/16 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\LPECommon
[2010/01/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\MediaMan
[2009/12/28 22:17:38 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\n52te
[2009/09/29 11:23:45 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\NeopleLauncherDFO
[2010/01/29 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Obsidium
[2010/10/12 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\runic games
[2009/11/02 21:14:34 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\SystemRequirementsLab
[2010/04/13 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Turbine
[2010/04/06 16:32:07 | 000,000,000 | ---D | M] -- C:\Users\Steve-O\AppData\Roaming\Unity
[2010/12/06 20:03:35 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\MISC4\Winall\Driver64\IaStor.sys
[2007/09/30 07:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/30 07:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\MISC4\Winall\Driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/10 13:18:25 | 010,624,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Files - Unicode (All) ==========
[2010/11/11 16:28:35 | 000,000,000 | ---D | M](C:\Users\Steve-O\Documents\?? ???) -- C:\Users\Steve-O\Documents\넥슨 플러그
[2010/11/11 16:28:35 | 000,000,000 | ---D | C](C:\Users\Steve-O\Documents\?? ???) -- C:\Users\Steve-O\Documents\넥슨 플러그

< End of report >

Attached Files



BC AdBot (Login to Remove)

 


#2 Sjcolian27

Sjcolian27
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 07 December 2010 - 01:22 AM

please close this post, updated thread has been made

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 07 December 2010 - 01:34 AM

Closed at member's request.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users