Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

stdrt infection - having a hard time


  • Please log in to reply
11 replies to this topic

#1 computeronfire

computeronfire

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 January 2011 - 06:01 PM

first off i have agnosia so communication is difficult; i will do what i can because this is important.

got stdrt.exe infection about a week ago - reinstalled windows 7 x64, re generated - it is blocking (in normal windows mode [pardon my agnosia there] antivirus servers - can't update avast, can't install trend micro tit. - i am in safe mode & trying to run malwarebytes(?) superantispyware (both came up blank i think) & now emsisoft emergency scanner - as i say it came back when i reinstalled windows, so this is a pain. it also spread to my laptop.

does anyone have a EXPLICIT (the tutorials are horrible.. (what registry key?? etc)) tutorial on removing stdrt.exe?

here is my safe mode hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:12 PM, on 1/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\backforward\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKCU\..\Run: [googletalk] C:\Users\backforward\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKCU\..\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6639 bytes


please help =(((

i think this is what you want me to do:

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by backforward at 17:25:54.49 on Fri 01/28/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2591 [GMT -6:00]

AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\backforward\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\backforward\Downloads\EmsisoftEmergencyKit\start.exe
C:\Users\backforward\Downloads\EMSISOFTEMERGENCYKIT\run\a2emergencykit.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\backforward\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [googletalk] C:\Users\backforward\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [AnVir Task Manager Free] "C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe" Minimized
uRun: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
StartupFolder: C:\Users\BACKFO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\BACKFO~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}\components\snagitmozextension.dll
FF - component: C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Snagit Firefox Extension: {6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB} - %profile%\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}
FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: rapidfire: rapidfire@schmizz.net - %profile%\extensions\rapidfire@schmizz.net
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Advertising Cookie Opt-out: optout@google.com - %profile%\extensions\optout@google.com
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FireDiff: firediff@johnjbarton.com - %profile%\extensions\firediff@johnjbarton.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-1-6 39888]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-23 273488]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 250008]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-25 203776]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-23 20560]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-23 62032]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-23 40384]
S2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

=============== Created Last 30 ================

2011-01-28 22:21:31 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\SUPERAntiSpyware.com
2011-01-28 22:21:31 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-01-28 22:21:27 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-01-28 22:21:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-01-27 16:53:34 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\Malwarebytes
2011-01-27 16:53:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 16:53:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-27 16:53:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-27 16:53:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-26 19:59:44 544768 ----a-w- C:\Windows\SysWow64\wbocx.ocx
2011-01-26 19:59:42 56496 ----a-w- C:\Windows\SysWow64\wbhelp2.dll
2011-01-26 19:59:39 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-01-26 19:59:37 1706800 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-01-26 19:59:33 33968 ----a-w- C:\Windows\SysWow64\anim.dll
2011-01-26 19:59:31 4608 ----a-w- C:\Windows\SysWow64\W95INF32.DLL
2011-01-26 19:59:29 2272 ----a-w- C:\Windows\SysWow64\W95INF16.DLL
2011-01-26 19:32:17 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\ElevatedDiagnostics
2011-01-26 01:30:05 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\ZScreen
2011-01-26 01:29:49 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\ZScreen
2011-01-26 01:29:42 -------- d-----w- C:\Program Files\ZScreen
2011-01-26 01:23:52 -------- d-----w- C:\Program Files (x86)\TightVNC
2011-01-26 00:18:23 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\AnvSoft
2011-01-26 00:18:20 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-01-26 00:12:19 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-01-26 00:09:29 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-01-26 00:08:52 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\Cocoon Software
2011-01-26 00:08:47 -------- d-----w- C:\Program Files\QuickMediaConverter
2011-01-26 00:08:40 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\WDSetup
2011-01-25 20:22:16 3610624 ----a-w- C:\Windows\System32\avisynth.dll
2011-01-25 20:22:16 2300928 ----a-w- C:\Windows\System32\DevIL.dll
2011-01-25 20:21:59 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2011-01-25 19:54:56 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\Broad Intelligence
2011-01-25 19:54:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-25 19:54:31 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-25 19:53:16 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\Broad Intelligence
2011-01-25 19:53:14 -------- d-----w- C:\Program Files\MediaCoder
2011-01-25 05:45:14 -------- d-----w- C:\ship out
2011-01-25 05:24:03 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-01-25 05:24:00 -------- d-----w- C:\Program Files (x86)\ATI
2011-01-25 04:46:12 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\SuperFlexibleSynchronizer
2011-01-25 04:46:11 -------- d-----w- C:\PROGRA~3\Roaming
2011-01-25 04:46:06 -------- d-----w- C:\Program Files (x86)\SuperFlexible
2011-01-25 02:47:58 -------- d-----w- C:\Fraps
2011-01-25 01:36:55 -------- d-----w- C:\Users\BACKFO~1\AppData\Roaming\TeraCopy
2011-01-24 21:49:43 -------- d-----w- C:\Program Files\TeraCopy
2011-01-24 21:48:04 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-01-24 21:48:04 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-01-24 21:48:03 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-01-24 21:47:31 230352 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2011-01-24 21:47:17 -------- d-----w- C:\Program Files\TrueCrypt
2011-01-24 21:47:01 -------- d-----w- C:\Program Files (x86)\FileZilla Server
2011-01-24 21:37:26 -------- d-----w- C:\Program Files (x86)\Everything
2011-01-24 21:26:11 -------- d-----w- C:\Program Files\COMODO
2011-01-24 21:14:11 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-01-24 21:14:11 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-01-24 21:09:38 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-01-24 21:07:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-01-24 21:07:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-01-24 21:07:46 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-01-24 21:07:46 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-01-24 21:07:46 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-01-24 21:07:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-01-24 21:07:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-01-24 21:07:46 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-01-24 21:07:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-01-24 21:07:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-01-24 21:00:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-01-24 21:00:59 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-01-24 21:00:59 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-01-24 21:00:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-01-24 21:00:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-01-24 21:00:59 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-01-24 21:00:59 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-01-24 21:00:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-01-24 21:00:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-01-24 21:00:58 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-01-24 21:00:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-01-24 21:00:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-01-24 19:14:28 -------- d-----w- C:\Program Files (x86)\AnVir Task Manager Free
2011-01-24 19:14:23 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\AnVir
2011-01-24 19:01:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-01-24 18:36:45 -------- d-----w- C:\Windows\System32\appmgmt
2011-01-24 18:30:50 395776 ----a-w- C:\Windows\System32\webio.dll
2011-01-24 18:30:50 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-01-24 18:30:49 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-01-24 18:30:48 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-24 18:30:48 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-24 18:30:42 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2011-01-24 18:30:42 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2011-01-24 17:59:57 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\Diagnostics
2011-01-24 17:57:03 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\ATI
2011-01-24 17:53:15 0 ----a-w- C:\Windows\ativpsrm.bin
2011-01-24 17:48:30 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-01-24 17:47:42 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-01-24 17:47:28 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-24 17:47:05 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-01-24 17:46:20 -------- d-----w- C:\Program Files\ATI Technologies
2011-01-24 17:45:56 -------- d-----w- C:\Program Files\ATI
2011-01-24 17:02:18 112000 ----a-w- C:\Windows\System32\consent.exe
2011-01-24 17:01:59 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-01-24 17:01:59 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-01-24 17:01:59 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-01-24 17:01:59 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-01-24 17:01:58 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-01-24 16:52:04 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\Google
2011-01-24 16:50:28 -------- d-----w- C:\Users\backforward\VirtualBox VMs
2011-01-24 16:50:01 -------- d-----w- C:\Users\backforward\.VirtualBox
2011-01-24 06:02:56 -------- d-----w- C:\Windows\Panther
2011-01-24 05:52:21 -------- d-----w- C:\Windows.old
2011-01-24 05:44:06 -------- d-sh--w- C:\Boot
2011-01-24 05:13:54 226448 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-01-24 05:13:42 54864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-01-24 05:13:39 -------- d-----w- C:\Program Files\Oracle
2011-01-24 04:55:45 -------- d-----w- C:\PROGRA~3\Comodo
2011-01-24 04:51:18 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-24 04:50:54 -------- d-sh--w- C:\Windows\Installer
2011-01-24 04:50:51 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-24 04:50:49 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-24 04:47:18 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C83181A2-244E-46B7-8B5C-C836DB3E2C42}\mpengine.dll
2011-01-24 04:47:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-24 04:30:16 -------- d-----w- C:\Users\BACKFO~1\AppData\Local\VirtualStore
2011-01-23 01:05:24 -------- d-----w- C:\86ce48c4278b7095c8623c656b019a
2011-01-23 00:11:18 -------- d-----w- C:\3dfbcca37c8ad85ab993f9645078
2011-01-22 20:56:37 -------- d-----w- C:\ATI
2011-01-21 18:28:27 -------- d-sh--w- C:\Recovery
2011-01-18 23:05:48 154256 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-01-18 23:05:46 318992 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-01-18 23:05:46 173840 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-01-06 23:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-06 23:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-06 23:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys

==================== Find3M ====================

2010-12-29 07:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-12-29 07:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-12-07 18:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 18:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll
2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 17:26:14.50 ===============

actually not sure if stdrt infection was used to infect (another harddrive) with something ELSE that prevents antivirus updates & who knows what else. i have ran emsisoft's emergency scanner [agnosia, pardon anything that doesn't make total sense there] & am about to run gratis's regrun. still in the dark - again this came on after an infection of my last install, so it seems like it's here even thru reinstalls. i have a lot of personal data on this computer (years of writing, & music) i would not want to lose, after working for years to make them. what do i do?

EDIT: Posts merged ~BP

Edited by Budapest, 30 January 2011 - 04:40 PM.
Moved from Win 7 to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:33 AM

Posted 03 February 2011 - 04:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Best Regards,
oneof4.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:33 AM

Posted 07 February 2011 - 04:44 PM

Do you still need help?

Best Regards,
oneof4.


#4 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 08 February 2011 - 09:01 PM

hi - YES =D - been busy with my sickness & my cousin's - am working on backing up so we can run the tests you want -

Thank You so much for running (volunteering) for a free service that helps me get my data secure. [i have agnosia, can't fully understand that]

we can start doing the scan after we burn 4 discs. We are going to start them right now, and we will get back to you in a little bit here. Thanks a ton.


also the computer hangs forever on ClassPNP during windows startup.. for what it's worth.

#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:33 AM

Posted 08 February 2011 - 10:47 PM

Hello computeronfire :)

Post when your ready, we'll be here, and I hope you and your cousin get better soon! :thumbup2:

Best Regards,
oneof4.

Best Regards,
oneof4.


#6 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 February 2011 - 08:58 PM

Hey Man, Thanks, you're awesome.. here we go:

#7 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 February 2011 - 09:00 PM

Sorry, we haven't run your scan yet. we are now scanning and will update when complete.

#8 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 February 2011 - 09:11 PM

should i run this scan in in safe mode in windows or normal mode

#9 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 February 2011 - 09:22 PM

OTL is as follows with computer in safe mode:

OTL logfile created on: 2/10/2011 8:14:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\backforward\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128.00 Gb Total Space | 70.93 Gb Free Space | 55.41% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 207.86 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
Drive E: | 557.13 Gb Total Space | 0.21 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 160.79 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 2.75 Gb Free Space | 0.20% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 92.55 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
Drive R: | 931.51 Gb Total Space | 455.81 Gb Free Space | 48.93% Space Free | Partition Type: NTFS

Computer Name: BACKFORWARD-PC | User Name: backforward | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/10 20:04:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\backforward\Downloads\OTL.exe
PRC - [2010/12/03 13:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (SafeList) ==========

MOD - [2011/02/10 20:04:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\backforward\Downloads\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/17 23:30:48 | 002,466,032 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/11/25 20:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/17 13:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Stopped] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/24 15:47:31 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/01/18 17:05:48 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/01/13 02:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/11/25 22:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 20:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/17 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/10/04 20:47:50 | 000,133,672 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
DRV:64bit: - [2007/10/04 20:47:50 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/02/01 13:04:02 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\regguard.sys -- (RegGuard)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 BB 59 B9 81 BB CB 01 [binary data]
IE - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/23 22:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/25 13:54:31 | 000,000,000 | ---D | M]

[2011/01/25 13:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\backforward\AppData\Roaming\Mozilla\Extensions
[2011/01/25 13:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\backforward\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/01/24 13:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\7nn6jezy.default\extensions
[2011/01/24 13:22:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\7nn6jezy.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/02/08 20:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions
[2011/01/26 17:46:58 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/01/26 17:46:56 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/01/24 13:23:54 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/24 13:23:55 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/01/24 13:23:55 | 000,000,000 | ---D | M] (Snagit Firefox Extension) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}
[2011/01/26 17:47:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/01/26 17:47:03 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/01/26 17:47:03 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/01/26 17:47:03 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/01/26 17:46:57 | 000,000,000 | ---D | M] () -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2011/01/26 17:46:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/26 17:47:03 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/26 17:47:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/24 13:23:54 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/01/26 17:46:59 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/01/26 17:46:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/24 13:23:52 | 000,000,000 | ---D | M] ("MultirowBookmarksToolbar") -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/24 13:23:52 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\fastdial@telega.phpnet.us
[2011/01/24 13:23:53 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\max@subfighter.com
[2011/01/24 13:23:55 | 000,000,000 | ---D | M] (Advertising Cookie Opt-out) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\optout@google.com
[2011/01/24 13:23:52 | 000,000,000 | ---D | M] (rapidfire) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\rapidfire@schmizz.net
[2011/01/26 17:47:02 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\SkipScreen@SkipScreen
[2011/01/24 13:23:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\backforward\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.the one\extensions\YoutubeDownloader@PeterOlayev.com
[2011/02/08 20:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/25 13:54:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 13:35:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [@RegRunOnSecure] C:\Program Files (x86)\Greatis\RegRunSuite\OnSecure.exe (Greatis Software)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RegRun WinBait] C:\Windows\WinBait.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000..\Run: [AnVir Task Manager Free] C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000..\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe ()
O4 - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000..\Run: [googletalk] C:\Users\backforward\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1942859137-1430589858-3606678085-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files (x86)\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/12 05:34:01 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{39e9418c-2780-11e0-befa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{39e9418c-2780-11e0-befa-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - File not found
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 08:15:31 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2011/01/31 23:47:36 | 000,000,000 | ---D | C] -- C:\Users\backforward\Desktop\writing not backed up yet
[2011/01/31 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burn To The Brim
[2011/01/31 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burn To The Brim
[2011/01/29 20:33:29 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\ImgBurn
[2011/01/29 20:08:46 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/01/29 20:08:45 | 000,000,000 | -H-D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2011/01/29 20:08:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2011/01/29 20:08:45 | 000,000,000 | ---D | C] -- C:\Users\backforward\Documents\RegRun2
[2011/01/29 20:08:32 | 001,385,240 | ---- | C] (Greatis Software) -- C:\Windows\RunGuard.exe
[2011/01/29 20:08:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2011/01/29 20:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegRun Security Suite
[2011/01/29 20:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2011/01/28 16:48:35 | 063,704,552 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2011/01/28 16:21:31 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/28 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/28 16:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/28 16:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/01/28 16:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/27 10:53:34 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Malwarebytes
[2011/01/27 10:53:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/27 10:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 10:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/27 10:53:09 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/27 10:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/26 14:05:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Trend_Micro
[2011/01/26 13:59:44 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\SysWow64\wbocx.ocx
[2011/01/26 13:59:42 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2011/01/26 13:59:39 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/01/26 13:59:37 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/01/26 13:59:33 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2011/01/26 13:59:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\W95INF32.DLL
[2011/01/26 13:59:29 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\W95INF16.DLL
[2011/01/26 13:35:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/01/26 13:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/01/26 13:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/01/26 13:32:17 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\ElevatedDiagnostics
[2011/01/25 19:30:05 | 000,000,000 | ---D | C] -- C:\Users\backforward\Documents\ZScreen
[2011/01/25 19:30:05 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\ZScreen
[2011/01/25 19:29:49 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\ZScreen
[2011/01/25 19:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZScreen
[2011/01/25 19:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\ZScreen
[2011/01/25 19:25:19 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/01/25 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2011/01/25 19:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TightVNC
[2011/01/25 18:18:38 | 000,000,000 | ---D | C] -- C:\Users\backforward\Documents\Any Video Converter
[2011/01/25 18:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011/01/25 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\AnvSoft
[2011/01/25 18:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/01/25 18:12:48 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\vlc
[2011/01/25 18:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/01/25 18:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/01/25 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/01/25 18:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickMediaConverter
[2011/01/25 18:08:52 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Cocoon Software
[2011/01/25 18:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2011/01/25 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\WDSetup
[2011/01/25 15:20:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/25 14:22:16 | 003,610,624 | ---- | C] (The Public) -- C:\Windows\SysNative\avisynth.dll
[2011/01/25 14:22:16 | 002,300,928 | ---- | C] (Abysmal Software) -- C:\Windows\SysNative\DevIL.dll
[2011/01/25 14:22:00 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/01/25 14:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/01/25 14:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/01/25 14:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/25 14:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/25 13:54:56 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Broad Intelligence
[2011/01/25 13:54:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/01/25 13:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/01/25 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64
[2011/01/25 13:53:16 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Broad Intelligence
[2011/01/25 13:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011/01/25 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Adobe
[2011/01/25 12:07:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/01/24 23:45:14 | 000,000,000 | ---D | C] -- C:\ship out
[2011/01/24 23:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/01/24 23:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/01/24 23:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/01/24 23:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2011/01/24 23:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/01/24 22:46:12 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\SuperFlexibleSynchronizer
[2011/01/24 22:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2011/01/24 22:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Flexible File Synchronizer
[2011/01/24 22:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFlexible
[2011/01/24 20:48:38 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/01/24 20:47:58 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/01/24 19:36:55 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\TeraCopy
[2011/01/24 15:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2011/01/24 15:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2011/01/24 15:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/01/24 15:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/01/24 15:48:21 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/01/24 15:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/01/24 15:48:04 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2011/01/24 15:48:04 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2011/01/24 15:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2011/01/24 15:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011/01/24 15:47:31 | 000,230,352 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/01/24 15:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011/01/24 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/01/24 15:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/01/24 15:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Server
[2011/01/24 15:37:27 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2011/01/24 15:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2011/01/24 15:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/01/24 15:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/01/24 15:07:46 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/01/24 15:07:46 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/01/24 15:07:46 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/01/24 15:07:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/01/24 15:07:46 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/01/24 15:07:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/01/24 15:07:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/01/24 15:07:46 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/01/24 15:01:04 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/01/24 15:01:04 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/01/24 15:01:04 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/01/24 15:01:04 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/01/24 15:01:04 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/01/24 15:01:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/01/24 15:01:03 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/01/24 15:01:03 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/01/24 15:01:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/01/24 15:01:00 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2011/01/24 15:01:00 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2011/01/24 15:01:00 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2011/01/24 15:01:00 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2011/01/24 15:01:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2011/01/24 15:01:00 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2011/01/24 15:01:00 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2011/01/24 15:01:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2011/01/24 15:01:00 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2011/01/24 15:01:00 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2011/01/24 15:01:00 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2011/01/24 15:01:00 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2011/01/24 15:01:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2011/01/24 15:01:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2011/01/24 15:01:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2011/01/24 15:01:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2011/01/24 15:00:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/01/24 15:00:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/01/24 15:00:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/01/24 15:00:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/01/24 15:00:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/01/24 15:00:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/01/24 15:00:58 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/01/24 15:00:58 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/01/24 14:59:56 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/01/24 14:59:56 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/01/24 14:59:07 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011/01/24 14:59:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2011/01/24 14:59:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2011/01/24 14:59:06 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011/01/24 13:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnVir Task Manager Free
[2011/01/24 13:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnVir Task Manager Free
[2011/01/24 13:14:23 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\AnVir
[2011/01/24 13:03:50 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/01/24 13:03:50 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/01/24 13:03:50 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/01/24 13:03:50 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/01/24 13:03:50 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/01/24 13:03:50 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/01/24 13:03:50 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/01/24 13:03:50 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/01/24 13:03:49 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/01/24 13:03:49 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/01/24 13:03:49 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/01/24 13:03:49 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/01/24 13:03:49 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/01/24 13:03:49 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/01/24 13:03:49 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/01/24 13:03:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/01/24 13:03:48 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/01/24 13:03:48 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/01/24 13:03:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/01/24 13:03:48 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/01/24 13:03:48 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/01/24 13:03:48 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/01/24 13:03:48 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/01/24 13:03:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/01/24 13:03:47 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/01/24 13:03:47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/01/24 13:03:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/01/24 13:03:47 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/01/24 13:03:46 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/01/24 13:03:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/01/24 13:03:45 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/01/24 13:03:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/01/24 13:03:44 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/01/24 13:03:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/01/24 13:03:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/01/24 13:03:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/01/24 13:03:44 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/01/24 13:03:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/01/24 13:03:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/01/24 13:03:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/01/24 13:03:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/01/24 13:03:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/01/24 13:03:43 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/01/24 13:03:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/01/24 13:03:43 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/01/24 13:03:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/01/24 13:03:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/01/24 13:03:43 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/01/24 13:03:43 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/01/24 13:03:43 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/01/24 13:03:42 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/01/24 13:03:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/01/24 13:03:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/01/24 13:03:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/01/24 13:03:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/01/24 13:03:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/01/24 13:03:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/01/24 13:03:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/01/24 13:03:41 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/01/24 13:03:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/01/24 13:03:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/01/24 13:03:41 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/01/24 13:03:41 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/01/24 13:03:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/01/24 13:03:40 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/01/24 13:03:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/01/24 13:03:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/01/24 13:03:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/01/24 13:03:40 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/01/24 13:03:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/01/24 13:03:40 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/01/24 13:03:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/01/24 13:03:39 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/01/24 13:03:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/01/24 13:03:39 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/01/24 13:03:39 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/01/24 13:03:39 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/01/24 13:03:39 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/01/24 13:03:39 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/01/24 13:03:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/01/24 13:03:39 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/01/24 13:03:39 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/01/24 13:03:38 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/01/24 13:03:38 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/01/24 13:03:38 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/01/24 13:03:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/01/24 13:03:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/01/24 13:03:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/01/24 13:03:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/01/24 13:03:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/01/24 13:03:37 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/01/24 13:03:37 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/01/24 13:03:37 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/01/24 13:03:37 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/01/24 13:03:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/01/24 13:03:37 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/01/24 13:03:36 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/01/24 13:03:36 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/01/24 13:03:36 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/01/24 13:03:36 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/01/24 13:03:36 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/01/24 13:03:36 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/01/24 13:03:36 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/01/24 13:03:36 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/01/24 13:03:36 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/01/24 13:03:36 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/01/24 13:03:35 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/01/24 13:03:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/01/24 13:03:35 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/01/24 13:03:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/01/24 13:03:35 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/01/24 13:03:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/01/24 13:03:33 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/01/24 13:03:33 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/01/24 13:03:33 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/01/24 13:03:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/01/24 13:03:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/01/24 13:03:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/01/24 13:03:33 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/01/24 13:03:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/01/24 13:03:32 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/01/24 13:03:32 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/01/24 13:03:32 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/01/24 13:03:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/01/24 13:03:32 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/01/24 13:03:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/01/24 13:03:32 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/01/24 13:03:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/01/24 13:03:32 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/01/24 13:03:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/01/24 13:03:31 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/01/24 13:03:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/01/24 13:03:31 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/01/24 13:03:31 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/01/24 13:03:31 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/01/24 13:03:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/01/24 13:03:30 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/01/24 13:03:30 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/01/24 13:03:30 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/01/24 13:03:30 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/01/24 13:03:30 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/01/24 13:03:30 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/01/24 13:03:29 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/01/24 13:03:29 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/01/24 13:03:29 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/01/24 13:03:29 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/01/24 13:03:28 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/01/24 13:03:28 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/01/24 13:03:28 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/01/24 13:03:28 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/01/24 13:03:28 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/01/24 13:03:28 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/01/24 13:03:28 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/01/24 13:03:28 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/01/24 13:03:27 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/01/24 13:03:27 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/01/24 13:03:27 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/01/24 13:03:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/01/24 13:03:27 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/01/24 13:03:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/01/24 13:03:26 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/01/24 13:03:26 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/01/24 13:03:26 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/01/24 13:03:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/01/24 13:03:25 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/01/24 13:03:25 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/01/24 13:03:24 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/01/24 13:03:24 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/01/24 13:03:24 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/01/24 13:03:24 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/01/24 13:03:24 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/01/24 13:03:24 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/01/24 13:03:23 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/01/24 13:03:23 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/01/24 13:03:23 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/01/24 13:03:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/01/24 13:03:22 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/01/24 13:03:22 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/01/24 13:03:22 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/01/24 13:03:22 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/01/24 13:03:22 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/01/24 13:03:22 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/01/24 13:01:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/01/24 12:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/24 12:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/24 12:36:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/01/24 12:31:40 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/01/24 12:31:40 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/01/24 12:31:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/01/24 12:31:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/01/24 12:31:25 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/01/24 12:31:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/01/24 12:31:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011/01/24 12:31:24 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/01/24 12:31:24 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/01/24 12:31:24 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/01/24 12:31:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/01/24 12:31:22 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/01/24 12:31:21 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/01/24 12:31:21 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/01/24 12:31:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/01/24 12:31:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011/01/24 12:30:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/01/24 12:30:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/01/24 12:30:49 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/01/24 12:30:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/24 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Diagnostics
[2011/01/24 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\ATI
[2011/01/24 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\ATI
[2011/01/24 11:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/01/24 11:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/01/24 11:47:28 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/01/24 11:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/01/24 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/01/24 11:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/01/24 11:27:19 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\FileZilla
[2011/01/24 11:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/01/24 11:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/01/24 11:11:30 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011/01/24 11:11:29 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/01/24 11:11:29 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/01/24 11:11:28 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/01/24 11:11:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2011/01/24 11:11:24 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011/01/24 11:11:24 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011/01/24 11:11:21 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/01/24 11:11:20 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/01/24 11:11:19 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/01/24 11:11:19 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/01/24 11:11:18 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/01/24 11:11:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/01/24 11:02:18 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/01/24 11:02:07 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/24 11:02:07 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/24 11:02:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/01/24 11:02:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/01/24 11:02:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/01/24 11:02:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/01/24 11:02:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/01/24 11:02:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/01/24 11:02:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/01/24 11:02:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/01/24 11:02:00 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/01/24 11:02:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/01/24 11:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/01/24 11:02:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/01/24 11:02:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/01/24 11:02:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/01/24 11:01:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/01/24 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Macromedia
[2011/01/24 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/01/24 10:52:04 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Google
[2011/01/24 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Google
[2011/01/24 10:50:28 | 000,000,000 | ---D | C] -- C:\Users\backforward\VirtualBox VMs
[2011/01/24 10:50:01 | 000,000,000 | ---D | C] -- C:\Users\backforward\.VirtualBox
[2011/01/24 00:11:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/01/24 00:08:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/01/24 00:02:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/01/23 23:52:21 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/01/23 23:44:06 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/01/23 23:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/01/23 23:13:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/01/23 23:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/01/23 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Mozilla
[2011/01/23 22:59:22 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Mozilla
[2011/01/23 22:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/23 22:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/23 22:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/01/23 22:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/01/23 22:51:22 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/23 22:51:22 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/23 22:51:21 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/23 22:51:21 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/23 22:51:18 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/23 22:51:18 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/23 22:50:54 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/01/23 22:50:51 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/23 22:50:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/23 22:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/23 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/23 22:30:27 | 000,000,000 | R--D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/23 22:30:27 | 000,000,000 | R--D | C] -- C:\Users\backforward\Searches
[2011/01/23 22:30:27 | 000,000,000 | R--D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/23 22:30:27 | 000,000,000 | -H-D | C] -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/23 22:30:19 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Identities
[2011/01/23 22:30:17 | 000,000,000 | R--D | C] -- C:\Users\backforward\Contacts
[2011/01/23 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\VirtualStore
[2011/01/23 22:25:03 | 000,000,000 | --SD | C] -- C:\Users\backforward\AppData\Roaming\Microsoft
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Videos
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Saved Games
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Pictures
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Music
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Links
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Favorites
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Downloads
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\My Documents
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\Desktop
[2011/01/23 22:25:03 | 000,000,000 | R--D | C] -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\AppData\Local\Temporary Internet Files
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Templates
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Start Menu
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\SendTo
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Recent
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\PrintHood
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\NetHood
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Documents\My Videos
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Documents\My Pictures
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Documents\My Music
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\My Documents
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Local Settings
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\AppData\Local\History
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Cookies
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\Application Data
[2011/01/23 22:25:03 | 000,000,000 | -HSD | C] -- C:\Users\backforward\AppData\Local\Application Data
[2011/01/23 22:25:03 | 000,000,000 | -H-D | C] -- C:\Users\backforward\AppData
[2011/01/23 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Temp
[2011/01/23 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Local\Microsoft
[2011/01/23 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\backforward\AppData\Roaming\Media Center Programs
[2011/01/22 19:05:24 | 000,000,000 | ---D | C] -- C:\86ce48c4278b7095c8623c656b019a
[2011/01/22 18:11:18 | 000,000,000 | ---D | C] -- C:\3dfbcca37c8ad85ab993f9645078
[2011/01/22 14:56:37 | 000,000,000 | ---D | C] -- C:\ATI
[2011/01/21 12:28:27 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/01/21 00:52:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/18 17:05:48 | 000,154,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2011/01/18 17:05:46 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll

========== Files - Modified Within 30 Days ==========

[2011/02/10 19:49:14 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/10 19:49:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/10 19:49:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/10 19:44:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/10 19:44:47 | 3220,082,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 19:40:38 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2011/02/01 13:04:02 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\regguard.sys
[2011/02/01 08:20:48 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 08:20:48 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 08:15:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/01/31 23:51:27 | 000,003,446 | ---- | M] () -- C:\Users\backforward\Desktop\writing not backed up yet.zip
[2011/01/31 14:23:52 | 000,001,067 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn to the Brim.lnk
[2011/01/31 14:23:52 | 000,001,043 | ---- | M] () -- C:\Users\backforward\Desktop\Burn to the Brim.lnk
[2011/01/31 14:23:52 | 000,000,007 | ---- | M] () -- C:\Windows\INI2=No
[2011/01/31 14:23:52 | 000,000,007 | ---- | M] () -- C:\Windows\INI1=No
[2011/01/29 20:08:49 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/01/29 20:08:49 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/01/29 20:08:46 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2011/01/29 20:08:33 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\RegRun WatchDog Schedule Task.job
[2011/01/29 20:08:32 | 000,001,088 | ---- | M] () -- C:\Users\backforward\Desktop\RegRun Control Center.lnk
[2011/01/28 17:27:23 | 000,003,107 | ---- | M] () -- C:\Users\backforward\Desktop\Attach.zip
[2011/01/28 16:49:10 | 063,704,552 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2011/01/28 16:21:27 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/28 16:05:39 | 000,032,715 | ---- | M] () -- C:\Users\backforward\AppData\Roaming\sffs - superflexible settings.ini
[2011/01/28 15:47:18 | 000,000,036 | ---- | M] () -- C:\Users\backforward\AppData\Local\housecall.guid.cache
[2011/01/27 10:45:07 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/26 20:46:51 | 000,001,938 | ---- | M] () -- C:\Users\backforward\Desktop\home.html
[2011/01/26 17:45:23 | 403,264,381 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/26 14:02:28 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/01/25 18:12:45 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/01/25 18:09:01 | 000,000,974 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Media Converter.lnk
[2011/01/25 12:24:08 | 000,002,092 | ---- | M] () -- C:\Users\backforward\Desktop\mine for aaron..lnk
[2011/01/24 22:49:07 | 000,000,439 | ---- | M] () -- C:\Users\backforward\AppData\Roaming\SuperFlexibleSynchronizer.ini
[2011/01/24 20:48:39 | 000,000,562 | ---- | M] () -- C:\Users\backforward\Desktop\Fraps.lnk
[2011/01/24 15:48:53 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/01/24 15:48:21 | 000,000,993 | ---- | M] () -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/01/24 15:47:31 | 000,230,352 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011/01/24 15:47:15 | 000,002,087 | ---- | M] () -- C:\Users\backforward\Desktop\FileZilla Server Interface.lnk
[2011/01/24 15:26:23 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/01/24 15:21:47 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/24 15:10:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011/01/24 13:14:29 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\AnVir Task Manager Free.lnk
[2011/01/24 13:14:29 | 000,001,027 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\AnVir Task Manager Free.lnk
[2011/01/24 11:53:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/01/24 00:13:45 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/01/24 00:13:45 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/01/24 00:02:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/23 23:13:54 | 000,001,058 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2011/01/23 23:13:54 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/01/23 22:59:17 | 000,001,967 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 22:59:17 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/23 22:46:50 | 000,001,441 | ---- | M] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/18 17:05:48 | 000,154,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2011/01/18 17:05:46 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2011/01/18 13:21:02 | 001,385,240 | ---- | M] (Greatis Software) -- C:\Windows\RunGuard.exe
[2011/01/18 13:20:12 | 000,020,248 | ---- | M] () -- C:\Windows\WinBait.org
[2011/01/18 13:20:12 | 000,020,248 | ---- | M] () -- C:\Windows\WinBait.exe
[2011/01/13 02:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 02:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/01/13 02:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/01/13 02:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 02:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 02:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 02:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 02:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/02/10 19:40:38 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2011/02/01 08:15:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/01/31 23:51:27 | 000,003,446 | ---- | C] () -- C:\Users\backforward\Desktop\writing not backed up yet.zip
[2011/01/31 14:23:52 | 000,001,067 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn to the Brim.lnk
[2011/01/31 14:23:52 | 000,001,043 | ---- | C] () -- C:\Users\backforward\Desktop\Burn to the Brim.lnk
[2011/01/31 14:23:52 | 000,000,007 | ---- | C] () -- C:\Windows\INI2=No
[2011/01/31 14:23:52 | 000,000,007 | ---- | C] () -- C:\Windows\INI1=No
[2011/01/29 20:08:49 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/01/29 20:08:49 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2011/01/29 20:08:33 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\RegRun WatchDog Schedule Task.job
[2011/01/29 20:08:32 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2011/01/29 20:08:32 | 000,020,248 | ---- | C] () -- C:\Windows\WinBait.org
[2011/01/29 20:08:32 | 000,020,248 | ---- | C] () -- C:\Windows\WinBait.exe
[2011/01/29 20:08:32 | 000,001,088 | ---- | C] () -- C:\Users\backforward\Desktop\RegRun Control Center.lnk
[2011/01/28 17:27:23 | 000,003,107 | ---- | C] () -- C:\Users\backforward\Desktop\Attach.zip
[2011/01/28 16:21:27 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/28 15:47:18 | 000,000,036 | ---- | C] () -- C:\Users\backforward\AppData\Local\housecall.guid.cache
[2011/01/26 20:46:51 | 000,001,938 | ---- | C] () -- C:\Users\backforward\Desktop\home.html
[2011/01/26 14:01:35 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/01/26 13:59:25 | 000,000,439 | ---- | C] () -- C:\Windows\SysWow64\shfolder.inf
[2011/01/25 18:12:45 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/01/25 18:09:01 | 000,000,974 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Media Converter.lnk
[2011/01/25 15:20:42 | 403,264,381 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/25 12:22:34 | 000,002,092 | ---- | C] () -- C:\Users\backforward\Desktop\mine for aaron..lnk
[2011/01/24 22:49:00 | 000,000,439 | ---- | C] () -- C:\Users\backforward\AppData\Roaming\SuperFlexibleSynchronizer.ini
[2011/01/24 20:48:39 | 000,000,562 | ---- | C] () -- C:\Users\backforward\Desktop\Fraps.lnk
[2011/01/24 15:48:53 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/01/24 15:48:53 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/01/24 15:48:21 | 000,000,993 | ---- | C] () -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/01/24 15:47:15 | 000,002,087 | ---- | C] () -- C:\Users\backforward\Desktop\FileZilla Server Interface.lnk
[2011/01/24 15:26:23 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/01/24 15:10:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011/01/24 13:14:29 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\AnVir Task Manager Free.lnk
[2011/01/24 13:14:29 | 000,001,027 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\AnVir Task Manager Free.lnk
[2011/01/24 11:53:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/24 00:13:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/01/24 00:13:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/01/23 23:38:30 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011/01/23 23:13:54 | 000,001,058 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2011/01/23 23:13:54 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/01/23 22:59:17 | 000,001,967 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/23 22:59:17 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/23 22:51:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/23 22:46:50 | 000,001,441 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/23 22:30:35 | 000,001,413 | ---- | C] () -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/01/23 22:30:30 | 000,001,447 | ---- | C] () -- C:\Users\backforward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/01/23 22:25:03 | 000,000,290 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/23 22:25:03 | 000,000,272 | ---- | C] () -- C:\Users\backforward\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/21 12:28:55 | 000,171,136 | RHS- | C] () -- C:\grldr
[2011/01/21 00:52:50 | 3220,082,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 00:48:37 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/07/24 00:09:09 | 000,032,715 | ---- | C] () -- C:\Users\backforward\AppData\Roaming\sffs - superflexible settings.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

#10 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 10 February 2011 - 09:23 PM

Extras as follows with computer in safe mode

OTL Extras logfile created on: 2/10/2011 8:14:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\backforward\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128.00 Gb Total Space | 70.93 Gb Free Space | 55.41% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 207.86 Gb Free Space | 22.31% Space Free | Partition Type: NTFS
Drive E: | 557.13 Gb Total Space | 0.21 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 160.79 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 2.75 Gb Free Space | 0.20% Space Free | Partition Type: NTFS
Drive K: | 232.88 Gb Total Space | 0.06 Gb Free Space | 0.02% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 92.55 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
Drive R: | 931.51 Gb Total Space | 455.81 Gb Free Space | 48.93% Space Free | Partition Type: NTFS

Computer Name: BACKFORWARD-PC | User Name: backforward | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1942859137-1430589858-3606678085-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{33CF8D2C-0430-2949-FD8F-695C97C472C5}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}" = ATI Catalyst Install Manager
"{67048E0C-29A5-534C-FF67-83C4BF948D48}" = AMD Drag and Drop Transcoding
"{ADCF7C16-C3AC-4AFB-A738-968C86A5C2CF}" = Oracle VM VirtualBox 4.0.2
"{B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}" = WMV9/VC-1 Video Playback
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D87047B9-BBC5-9941-00B4-719B9E56CACC}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"TeraCopy_is1" = TeraCopy 2.12
"ZScreen_is1" = ZScreen 3.27.3.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8F6FE1DC-E868-B38A-07E5-897508745128}" = ccc-core-static
"{BEA6BE31-4A1F-7FA2-B861-CBC0AC535731}" = Catalyst Control Center InstallProxy
"{D3D867DD-6C81-E695-4FFE-BE921DF44931}" = Catalyst Control Center Graphics Previews Common
"{F08A1CA0-55A7-8244-3A05-7431447CE9BA}" = CCC Help English
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnVir Task Manager Free" = AnVir Task Manager Free
"Any Video Converter_is1" = Any Video Converter 3.1.7
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Burn To The Brim" = Burn To The Brim 2.9.0
"Everything" = Everything 1.2.1.371
"FileZilla Client" = FileZilla Client 3.3.5.1
"FileZilla Server" = FileZilla Server (remove only)
"Fraps" = Fraps (remove only)
"ImgBurn" = ImgBurn
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder x64" = MediaCoder x64 0.7.5.4799
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"RegRun Security Suite_is1" = RegRun Security Suite Standard
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v4.22
"TightVNC" = TightVNC 2.0.2
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1942859137-1430589858-3606678085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"QUICKMEDIACONVERTER" = Quick Media Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2011 3:52:54 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/26/2011 3:52:55 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/26/2011 4:04:50 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/26/2011 4:04:50 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/26/2011 10:47:11 PM | Computer Name = backforward-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp:
0x4d33c913 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb3b Exception code: 0xc0000006 Fault offset: 0x00058583 Faulting process id:
0xa98 Faulting application start time: 0x01cbbdb54128fab0 Faulting application path:
G:\games\dolphin gamecube & wii\Dolphin.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: bca04fb0-29bf-11e0-b58e-b4d557c8aa99

Error - 1/26/2011 10:47:11 PM | Computer Name = backforward-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Dolphin.exe because of this error. Program: Dolphin.exe File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C000026E
Disk
type: 0

Error - 1/27/2011 12:22:31 AM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/27/2011 12:22:31 AM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/28/2011 6:48:33 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/28/2011 6:48:33 PM | Computer Name = backforward-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\backforward\Downloads\TrendMicro_Downloader(TAV)\Agent\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 2/10/2011 9:45:42 PM | Computer Name = backforward-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume L: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 2/10/2011 10:03:13 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:13 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:13 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:13 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 2/10/2011 10:03:14 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:14 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:14 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:14 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/10/2011 10:03:14 PM | Computer Name = backforward-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

#11 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 13 March 2011 - 11:30 PM

hey - any help? am waiting - computer totally unusable, on the laptop, hindered in music making.

any help???

#12 computeronfire

computeronfire
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 01 April 2011 - 01:48 PM

ok, it's been two months, am i going to get any help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users