Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 won't boot, hits BSOD and restarts.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Iropan

Iropan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 01 May 2011 - 08:43 PM

I've spent the last two days reading threads on anything remotely connected to my problem but i can't fix it, i'm really hoping someone here can help me...I run Windows 7 64bit.

The other day the computer shut down on it's own. I turned it back on, Windows wouldn't load, it entered a loop of about 2 or 3 reboots and finally it loaded Windows 7. I thought it was just a big hiccup, and after a while i got a prompt to install some updates for Windows, some of which required a restart. After that restart the PC never booted Windows again. It took me to Startup Repair, where it couldn't fix the problem. In the log i could see "boot critical file D:\ ci.dll is corrupt".
Since then i've installed Windows on another HD i had, and i have accessed the problematic one connecting it as an external HD. This has allowed to scan it with several antivirus and antimalware programs; TDSSKiller found "Rootkit.Win32.TDSS.TDL4" and eliminated it. Malwarebytes found the following: "e:\Users\{username}\AppData\Local\Temp\rasdialb.exe (Trojan.Agent) -> Quarantined and deleted successfully."
This however hasn't fixed the problem. Startup repair will tell me the computer cannot be fixed automatically, and if i use a recovery disk, Startup repair will tell me it can't find a problem. System restore will tell me there are no restore points (and it lists my HD as being in unit D:, when i'm positive my drive's unit is C: ).
I've gone to the command prompt and tried the following:
-Chkdsk --> Found no problems
-sfc /scannow --> It doesn't run, says "system repair pending, please restart" (i've restarted a million times and it still won't run). I have also tried --> sfc /scannow /offbootdir=d:\ /offwindir=d:\windows , and i again got the message telling me a repair is pending, restart.
-bootrec.exe /fixmbr --> Completed successfully.
-bootrec.exe /fixboot --> Completed succesfully.
The problem has remained unchanged, when i try to load Windows i get the Windows logo while it's loading, then a BSOD for a few tenths of a second (too fast to read, but something about drivers) and it restarts.
I don't know what else to do, i can only do a repair install from within Windows, so i guess that's not an option.
I've also read that this virus infects the MBR, so formatting wouldn't help.
And i'm out of ideas, i've run Startup Repair more than 20 times now, the reference to ci.dll is gone, but the problem stays the same. I'm really hoping someone can help me!

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 02 May 2011 - 01:10 AM

Hi Iropan,

I'm going to assist you with your problem.

Download Farbar Recovery Scan Tool (x64) and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 May 2011 - 08:33 PM

Thank you very much for your help. Here's the log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.6
Ran by SYSTEM at 2011-05-03 03:19:36
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r (VIA)[2369536 2010-03-14]
HKLM-x32\...\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b (ASUSTeK Computer Inc.)[9936512 2010-07-15]
HKLM-x32\...\Run: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b (
ASUSTeK Computer Inc.)[5309056 2010-03-16]
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" (DeviceVM, Inc.)[375000 2009-10-26]
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" (Renesas Electronics Corporation)[113288 2010-04-26]
HKLM-x32\...\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r ( )[692317 2010-08-04]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)[35760 2011-01-31]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (Adobe Systems Incorporated)[932288 2010-09-20]
HKLM-x32\...\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" (Sun Microsystems, Inc.)[249064 2010-10-29]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)[1475072 2009-07-13]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)[1475072 2009-07-13]
HKU\Miguel\...\Run: [Google Update] "C:\Users\Miguel\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)[136176 2011-01-26]
HKU\Miguel\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent (Valve Corporation)[1242448 2011-01-27]
HKU\Miguel\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)[1475072 2009-07-13]
HKU\Miguel\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (DT Soft Ltd)[1305408 2011-01-20]
HKU\Miguel\...\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" (Creative Technology Ltd)[405504 2008-08-12]
HKLM\...\Policies\Explorer\Run: [ETLPVRATT] C:\Windows\SysWOW64\dhcpcore7.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe (Microsoft Corporation)[30208 2009-07-13]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1


==================== Drivers and Services ====================

3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [227840 2009-07-13] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-13] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\DRIVERS\acpipmi.sys [12288 2009-07-13] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
1 AFD; C:\Windows\System32\drivers\afd.sys [500224 2009-07-13] (Microsoft Corporation)
3 agp440; C:\Windows\System32\DRIVERS\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\DRIVERS\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
3 amdide; C:\Windows\System32\DRIVERS\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [106576 2009-07-13] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-13] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2009-07-13] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-23] ()
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2009-07-13] (Microsoft Corporation)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-26] (DeviceVM, Inc.)
3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [1127032 2011-04-15] (Symantec Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Browser; C:\Windows\System32\browser.dll [136192 2009-07-13] (Microsoft Corporation)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
1 ccHP; C:\Windows\System32\drivers\NISx64\1108000.005\ccHPx64.sys [615040 2010-02-25] (Symantec Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\DRIVERS\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-13] (Microsoft Corporation)
3 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-13] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-13] (Microsoft Corporation)
2 CscService; C:\Windows\System32\cscsvc.dll [689152 2009-07-13] (Microsoft Corporation)
2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [182272 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2009-07-13] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-29] (DT Soft Ltd)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2009-10-01] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-18] (Symantec Corporation)
3 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696320 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2011-01-27] (Symantec Corporation)
3 ErrDev; C:\Windows\System32\DRIVERS\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
3 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [15192 2008-02-15] ()
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-13] (Microsoft Corporation)
3 FontCache; C:\Windows\System32\FntCache.dll [1127936 2009-07-13] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-09-25] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-13] (Microsoft Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [231936 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2009-07-13] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\DRIVERS\HpSAMD.sys [77888 2009-07-13] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-13] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-13] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
3 iaStorV; C:\Windows\System32\DRIVERS\iaStorV.sys [410688 2009-07-13] (Intel Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856384 2009-06-10] (Microsoft Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110426.001\IDSvia64.sys [476792 2011-03-14] (Symantec Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
2 IKEEXT; C:\Windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
3 intelide; C:\Windows\System32\DRIVERS\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [565760 2009-07-13] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\DRIVERS\IPMIDrv.sys [78848 2009-07-13] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [224832 2009-07-13] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-13] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-13] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153160 2009-12-11] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-08-26] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84480 2009-07-13] (Microsoft Corporation)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-13] (Microsoft Corporation)
3 mpio; C:\Windows\System32\DRIVERS\mpio.sys [155216 2009-07-13] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2009-07-13] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2011-02-22] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [286720 2011-02-22] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [126464 2011-02-22] (Microsoft Corporation)
3 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-13] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\DRIVERS\msdsm.sys [140352 2009-07-13] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [127488 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-13] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [475648 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110427.036\ENG64.SYS [117880 2011-03-30] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110427.036\EX64.SYS [1828984 2011-03-30] (Symantec Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-13] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [83080 2010-04-26] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [184968 2010-04-26] (Renesas Electronics Corporation)
3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [155752 2010-11-11] (NVIDIA Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [12961640 2011-01-07] (NVIDIA Corporation)
3 nvraid; C:\Windows\System32\DRIVERS\nvraid.sys [149056 2009-07-13] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\DRIVERS\nvstor.sys [167488 2009-07-13] (NVIDIA Corporation)
2 NVSvc; C:\Windows\System32\nvvsvc.exe [1005160 2011-01-07] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] (Microsoft Corporation)
0 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PeerDistSvc; C:\Windows\System32\peerdistsvc.dll [1361920 2009-07-13] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1390080 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [208384 2009-07-13] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] (Microsoft Corporation)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-13] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [446304 2010-04-07] (Ralink Technology, Corp.)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [333928 2010-05-30] (Realtek )
3 s3cap; C:\Windows\System32\DRIVERS\vms3cap.sys [6656 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 sbp2port; C:\Windows\System32\DRIVERS\sbp2port.sys [104016 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1114624 2010-11-01] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-13] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [104960 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\drivers\sffp_sd.sys [14336 2009-10-09] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [369664 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [558592 2010-08-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1108000.005\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-02-22] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [401920 2011-02-22] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-02-22] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [407336 2011-01-27] (Valve Corporation)
2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [378984 2011-01-07] (NVIDIA Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
3 stisvc; C:\Windows\System32\wiaservc.dll [578560 2009-07-13] (Microsoft Corporation)
0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-13] (Microsoft Corporation)
3 storvsc; C:\Windows\System32\DRIVERS\storvsc.sys [34896 2009-07-13] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1108000.005\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1108000.005\SYMEFA64.SYS [221232 2010-04-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2011-01-27] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1108000.005\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [451120 2010-05-05] (Symantec Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1780736 2009-07-13] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [93184 2009-07-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316416 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1896832 2010-06-13] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1896832 2010-06-13] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [706560 2009-07-13] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\DRIVERS\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 UmRdpService; C:\Windows\System32\umrdp.dll [195072 2009-07-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-13] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\DRIVERS\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-13] (Microsoft Corporation)
3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [38456 2009-12-21] (Advanced Micro Devices)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-13] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-13] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-13] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\DRIVERS\vhdmp.sys [217680 2009-07-13] (Microsoft Corporation)
3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1301504 2010-03-02] (VIA Technologies, Inc.)
3 viaide; C:\Windows\System32\DRIVERS\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
3 vmbus; C:\Windows\System32\DRIVERS\vmbus.sys [200272 2009-07-13] (Microsoft Corporation)
3 VMBusHID; C:\Windows\System32\DRIVERS\VMBusHID.sys [21760 2009-07-13] (Microsoft Corporation)
0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 VSS; C:\Windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1503744 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [366592 2009-07-13] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [254464 2009-07-13] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [438784 2009-07-13] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018816 2009-07-13] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2009-07-13] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [116736 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2418176 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-13] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-13] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [75264 2009-07-13] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)
1 AsIO; SysWow64\drivers\AsIO.sys [x]
3 GMSIPCI; \??\C:\INSTALL\GMSIPCI.SYS [x]
3 NTACCESS; \??\C:\NTACCESS_64.sys [x]
3 SetupNTGLM7X; \??\C:\NTGLM7X.sys [x]

========================= NetSvcs ============================

============ One Month Created Files and folders ============

2011-05-01 05:28 - 2011-04-30 07:49 - 7130944 ____A (SurfRight B.V.) C:\HitmanPro35_x64.exe
2011-04-29 07:14 - 2011-03-10 22:19 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-04-29 07:14 - 2011-03-10 22:19 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-04-29 07:14 - 2011-03-10 21:40 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-04-29 07:14 - 2011-03-10 21:40 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-04-29 07:14 - 2011-03-02 19:58 - 3133440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-04-29 07:14 - 2011-02-23 22:29 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-04-29 07:14 - 2011-02-23 22:28 - 1499136 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-04-29 07:14 - 2011-02-23 22:25 - 9311744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-04-29 07:14 - 2011-02-23 22:25 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-04-29 07:14 - 2011-02-23 22:25 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-04-29 07:14 - 2011-02-23 22:25 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-04-29 07:14 - 2011-02-23 22:25 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 2447872 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 12369408 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-04-29 07:14 - 2011-02-23 22:24 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-04-29 07:14 - 2011-02-23 22:21 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-04-29 07:14 - 2011-02-23 21:32 - 1228800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-04-29 07:14 - 2011-02-23 21:32 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 5981696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0599040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-04-29 07:14 - 2011-02-23 21:30 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-04-29 07:14 - 2011-02-23 21:29 - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-04-29 07:14 - 2011-02-23 21:29 - 10989056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-04-29 07:14 - 2011-02-23 21:29 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-04-29 07:14 - 2011-02-23 21:29 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-04-29 07:14 - 2011-02-23 21:29 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-04-29 07:14 - 2011-02-23 21:27 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-04-29 07:14 - 2011-02-23 21:05 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-04-29 07:14 - 2011-02-23 20:24 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-04-29 07:14 - 2011-02-23 20:23 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-04-29 07:14 - 2011-02-23 19:50 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-04-29 07:14 - 2011-02-22 21:16 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-04-29 07:14 - 2011-02-22 21:16 - 0401920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-04-29 07:14 - 2011-02-22 21:15 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-04-29 07:14 - 2011-02-17 22:37 - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-04-29 07:14 - 2011-02-17 22:36 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-04-29 07:14 - 2011-02-17 21:36 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-04-29 07:14 - 2011-02-17 21:35 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-04-29 07:14 - 2011-02-05 04:41 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2011-04-29 07:14 - 2011-02-05 04:41 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2011-04-29 07:14 - 2011-02-05 04:41 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2011-04-29 07:14 - 2011-02-05 04:41 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2011-04-29 07:14 - 2011-02-05 04:41 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2011-04-29 07:14 - 2011-02-05 04:39 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2011-04-29 07:14 - 2011-02-05 04:39 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2011-04-29 07:13 - 2011-03-07 22:14 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-04-29 07:13 - 2011-03-07 21:38 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-04-29 07:13 - 2011-03-02 22:17 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2011-04-29 07:13 - 2011-03-02 22:17 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2011-04-29 07:13 - 2011-03-02 22:14 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2011-04-29 07:13 - 2011-03-02 21:29 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2011-04-29 07:13 - 2011-03-02 21:27 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2011-04-29 07:13 - 2011-02-18 22:36 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2011-04-29 07:13 - 2011-02-18 21:32 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2011-04-29 07:13 - 2011-02-18 20:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2011-04-29 07:13 - 2011-02-18 19:37 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2011-04-29 07:13 - 2011-02-11 22:14 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2011-04-29 07:12 - 2011-02-22 21:15 - 0286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-04-29 07:12 - 2011-02-22 21:15 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-04-29 07:12 - 2011-02-22 21:15 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-04-29 07:12 - 2011-02-22 21:15 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2011-04-29 07:05 - 2011-04-29 07:05 - 0285384 ____A C:\Windows\Minidump\042911-25038-01.dmp
2011-04-29 07:04 - 2011-04-29 07:05 - 372956399 ____A C:\Windows\MEMORY.DMP
2011-04-29 07:04 - 2011-04-29 07:05 - 0000000 ____D C:\Windows\Minidump
2011-04-29 07:04 - 2011-04-29 07:04 - 0286704 ____A C:\Windows\Minidump\042911-25786-01.dmp
2011-04-29 07:00 - 2011-04-29 07:18 - 0000252 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2011-04-29 07:00 - 2011-04-29 07:15 - 0000252 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2011-04-29 07:00 - 2011-04-29 07:06 - 0000252 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2011-04-29 05:07 - 2011-04-29 05:07 - 0004588 ____A C:\Users\Miguel\Downloads\Eset_nod32_Antivirus_V_4_2_64_12.torrent
2011-04-29 01:42 - 2011-04-29 01:42 - 0511928 ____A C:\Users\Miguel\Downloads\tumblr_lizg84LSax1qcawg9o1_500.gif
2011-04-28 14:44 - 2011-04-28 14:44 - 0007490 ____A C:\Users\Miguel\Downloads\South.Park.S15E01.Human.CentiPad.HDTV.XviD-FQM.[eztv].torrent
2011-04-28 12:55 - 2011-04-28 12:55 - 0074838 ____A C:\Users\Miguel\Downloads\Red.Faction.Guerrilla-RELOADED.torrent
2011-04-28 09:29 - 2011-04-28 09:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{7007B117-2641-4B44-863B-5C96BDC011C7}
2011-04-28 02:48 - 2011-04-28 02:48 - 0036789 ____A C:\Users\Miguel\Downloads\1984___Yngwie_Malmsteen___Rising_Force.torrent
2011-04-27 12:54 - 2011-04-27 12:54 - 0197933 ____A C:\Users\Miguel\Downloads\jNN3t.png
2011-04-27 11:09 - 2011-04-27 11:10 - 0000000 ____D C:\Users\Miguel\AppData\Local\{C40B158B-CE8B-4814-B10C-CABFF98D06C1}
2011-04-26 17:29 - 2011-04-26 17:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{35584707-C287-4902-83D6-17A6FE9F6D0F}
2011-04-26 16:38 - 2011-04-26 16:38 - 0055514 ____A C:\Users\Miguel\Downloads\tumblr_lka4z9dmoB1qj01sgo1_500.jpg
2011-04-25 23:45 - 2011-04-26 00:12 - 0001379 ____A C:\Users\Miguel\Desktop\Carta Telenor.rtf
2011-04-25 07:42 - 2011-04-25 07:42 - 0001529 ____A C:\Users\Miguel\Desktop\Shogun 2.lnk
2011-04-25 06:20 - 2011-04-25 06:20 - 0000000 ____D C:\Users\Miguel\AppData\Local\Chromium
2011-04-25 05:32 - 2011-04-25 07:44 - 0000000 ____D C:\Program Files (x86)\Total War Shogun 2
2011-04-25 04:28 - 2011-04-25 04:28 - 0000000 ____D C:\Users\Miguel\AppData\Local\{E31FD7E2-81A6-4D74-AC37-DD7628409C53}
2011-04-24 13:57 - 2011-04-24 13:57 - 0000000 ____D C:\Users\Miguel\AppData\Local\{A4191EF8-1F35-4712-8102-FC5ADBEA13DE}
2011-04-23 15:04 - 2011-04-23 15:04 - 0038528 ____A C:\Users\Miguel\Downloads\Muppets_Tonight___Complete_Series.torrent
2011-04-23 13:15 - 2011-04-23 13:15 - 0000000 ____D C:\Users\Miguel\AppData\Local\{84F95068-A216-43E5-AE6B-8618AB636A14}
2011-04-23 13:12 - 2011-04-23 13:12 - 0001953 ____A C:\Users\Miguel\Desktop\Empire Total War.lnk
2011-04-22 14:04 - 2011-04-22 14:04 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3349B5AE-41FC-4CB1-9A81-D7C45C4AF4D2}
2011-04-21 09:01 - 2011-04-21 09:01 - 0183047 ____A C:\Users\Miguel\Downloads\Seinfeld_-_Complete_Collection.3645074.TPB.torrent
2011-04-20 12:35 - 2011-04-20 12:35 - 0000000 ____D C:\Users\Miguel\AppData\Local\{6411406B-5EB7-4A01-AD02-146773BE1698}
2011-04-19 13:05 - 2011-04-19 13:06 - 14759021 ____A ( ) C:\Users\Miguel\Downloads\K-Lite_Codec_Pack_710_Full.exe
2011-04-19 12:18 - 2011-04-19 12:18 - 0000000 ____D C:\Program Files (x86)\Ligos
2011-04-19 12:18 - 2000-06-23 04:05 - 0136704 ____A (Ligos Corporation) C:\Windows\SysWOW64\iacenc.dll
2011-04-19 12:18 - 2000-06-22 03:09 - 0056320 ____N C:\Windows\SysWOW64\iyvu9_32.dll
2011-04-19 12:16 - 1998-10-29 09:45 - 0306688 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2011-04-19 12:12 - 2011-04-19 12:12 - 1963127 ____A C:\Users\Miguel\Downloads\Indeo_Codecs_Legacy_Package_IV31_IV32_IV41_IV50.zip
2011-04-19 12:06 - 2011-04-19 12:06 - 2068266 ____A (Ligos Technology) C:\Users\Miguel\Downloads\iv5setup.exe
2011-04-19 11:54 - 2011-04-19 11:55 - 0000000 ____D C:\Users\Miguel\AppData\Local\{8E96F258-4BC3-40AE-AA79-B7C97DE5F8FB}
2011-04-19 03:48 - 2011-04-19 03:48 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2011-04-19 03:48 - 2009-08-11 11:22 - 0580096 ____A C:\Windows\System32\ac3filter64.acm
2011-04-19 03:48 - 2009-08-11 11:18 - 0497664 ____A C:\Windows\SysWOW64\ac3filter.acm
2011-04-19 03:47 - 2011-04-19 03:47 - 2661254 ____A (Alexander Vigovsky ) C:\Users\Miguel\Downloads\ac3filter_1_63b.exe
2011-04-19 03:41 - 2011-04-19 03:41 - 0000000 ____D C:\Program Files (x86)\GSpot
2011-04-19 03:40 - 2011-04-19 03:40 - 0217329 ____A C:\Users\Miguel\Downloads\gspot.exe
2011-04-18 02:05 - 2011-04-18 02:05 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3BD85690-3062-464A-B05B-7FB3233085F0}
2011-04-17 11:03 - 2011-04-17 11:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{CCCF71EC-4285-473E-A211-2B273DECCE7F}
2011-04-16 08:54 - 2011-04-16 08:54 - 0000000 ____D C:\Users\Miguel\AppData\Local\{2767898F-CAB0-43B5-B0C1-1E93E81DFE74}
2011-04-16 07:37 - 2011-04-16 07:37 - 0001676 ____A C:\Users\Miguel\Desktop\Mafia 2.lnk
2011-04-16 07:11 - 2011-04-16 07:11 - 0000000 ____D C:\Users\Miguel\AppData\Local\2K Games
2011-04-16 07:02 - 2011-04-29 07:01 - 0000380 ____A C:\Windows\Tasks\At1.job
2011-04-15 08:21 - 2011-04-15 08:21 - 0000000 ____D C:\Users\Miguel\AppData\Local\Ironclad Games
2011-04-15 08:12 - 2011-04-15 08:12 - 0000136 ____A C:\Users\Miguel\Desktop\Football Manager 2011 - Shortcut.lnk
2011-04-15 07:52 - 2011-04-15 07:52 - 0000000 ____D C:\Users\Miguel\Documents\4A Games
2011-04-15 07:50 - 2011-04-15 07:50 - 0000000 ____D C:\Users\Miguel\AppData\Local\4A Games
2011-04-15 04:35 - 2011-04-15 04:35 - 0000000 ____D C:\Users\Miguel\AppData\Local\{6F3D26C6-2DB6-4E42-91DC-C4075FC3F4E0}
2011-04-14 01:34 - 2011-04-14 01:34 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\XRay Engine
2011-04-13 23:34 - 2011-04-13 23:35 - 0000000 ____D C:\Users\Miguel\AppData\Local\{AB3CF632-AA8B-4BF1-A17B-B2DC05AF813C}
2011-04-13 10:50 - 2011-04-13 10:50 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\CDisplayEx
2011-04-13 10:49 - 2011-04-13 10:49 - 0000000 ____D C:\Program Files (x86)\CDisplayEx
2011-04-12 23:43 - 2011-04-12 23:44 - 0000000 ____D C:\Users\Miguel\AppData\Local\{29B5774E-9EDD-496C-BB9C-E48F402B63FB}
2011-04-11 14:29 - 2011-04-11 14:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{BA4BBFD3-8609-4DBA-9590-5F5E33D92E88}
2011-04-11 02:29 - 2011-04-11 02:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{37873BE4-1CE9-4ACF-A43F-DC6883D686F9}
2011-04-10 07:39 - 2011-04-10 07:40 - 0000000 ____D C:\Users\Miguel\AppData\Local\{A8B74492-393E-4BE7-867C-5A6254661F94}
2011-04-09 09:53 - 2011-04-09 09:54 - 0000000 ____D C:\Users\Miguel\AppData\Local\{32F6AC80-B90A-4F70-B75F-7C8E930C0854}
2011-04-08 20:02 - 2011-04-08 20:02 - 0000031 ____A C:\Windows\progress
2011-04-08 12:40 - 2011-04-08 12:40 - 0000000 ____D C:\Users\Miguel\AppData\Local\{01B3779C-789A-4E31-A07C-F9D6781360DE}
2011-04-08 11:06 - 2011-04-14 11:00 - 0000000 ____D C:\Users\Public\Documents\STALKER-STCS
2011-04-08 11:02 - 2011-04-08 11:02 - 0000000 ____D C:\Program Files (x86)\Deep Silver
2011-04-07 15:39 - 2011-04-07 15:39 - 0000000 ____D C:\Users\Miguel\AppData\Local\{120006A1-F78A-4250-B12E-3804E0B5DD4C}
2011-04-06 18:03 - 2011-04-06 18:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{ABC64FA5-7811-468F-8475-C94DEB7AAF59}
2011-04-06 06:02 - 2011-04-06 06:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{11C5EB61-24C1-4C88-90DA-0DF0095CE646}
2011-04-05 10:04 - 2011-04-05 10:04 - 0000000 ____D C:\Users\Miguel\AppData\Local\{9264062E-E289-4DE3-8DA5-9C3C6E9DEBA9}
2011-04-04 07:16 - 2011-04-04 07:16 - 0000000 ____D C:\Users\Miguel\AppData\Local\{713E8EB3-6694-4EB4-8F83-3DF4420D999E}
2011-04-03 10:57 - 2011-04-03 10:58 - 0000000 ____D C:\Users\Miguel\AppData\Local\{39C6911B-7B9C-4241-ABFE-67940600DAD1}
2011-04-03 04:16 - 2011-04-03 04:16 - 0064368 ____A C:\Users\Miguel\Downloads\Stand_Up_Comedy_Collecction.torrent


============ 3 Months Modified Files and folders =============

2011-05-03 03:19 - 2011-05-03 03:19 - 0000000 ____D C:\FRST
2011-04-30 07:49 - 2011-05-01 05:28 - 7130944 ____A (SurfRight B.V.) C:\HitmanPro35_x64.exe
2011-04-29 18:00 - 2011-03-10 02:27 - 1377112 ____A (Kaspersky Lab ZAO) C:\TDSSKiller.exe
2011-04-29 17:19 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-04-29 15:57 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-04-29 07:18 - 2011-04-29 07:00 - 0000252 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2011-04-29 07:18 - 2011-01-26 08:35 - 11239824 ___AH C:\Users\Miguel\AppData\Local\IconCache.db
2011-04-29 07:18 - 2011-01-26 08:21 - 1502034 ____A C:\Windows\WindowsUpdate.log
2011-04-29 07:15 - 2011-04-29 07:00 - 0000252 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2011-04-29 07:15 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-04-29 07:14 - 2011-01-28 04:24 - 43802056 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-04-29 07:10 - 2009-07-13 20:45 - 0013424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-04-29 07:10 - 2009-07-13 20:45 - 0013424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-04-29 07:06 - 2011-04-29 07:00 - 0000252 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2011-04-29 07:06 - 2011-01-27 02:20 - 0000000 ____D C:\Program Files (x86)\Steam
2011-04-29 07:06 - 2011-01-26 09:24 - 0000448 ____A C:\Users\Miguel\AppData\Roaming\SamsungLiveUpdateConfig.ini
2011-04-29 07:06 - 2009-07-13 20:51 - 0268724 ____A C:\Windows\setupact.log
2011-04-29 07:05 - 2011-04-29 07:05 - 0285384 ____A C:\Windows\Minidump\042911-25038-01.dmp
2011-04-29 07:05 - 2011-04-29 07:04 - 372956399 ____A C:\Windows\MEMORY.DMP
2011-04-29 07:05 - 2011-04-29 07:04 - 0000000 ____D C:\Windows\Minidump
2011-04-29 07:05 - 2011-01-26 16:10 - 2146050048 __ASH C:\hiberfil.sys
2011-04-29 07:05 - 2011-01-26 09:13 - 0043292 ____A C:\Windows\PFRO.log
2011-04-29 07:05 - 2011-01-26 09:11 - 0000000 ____D C:\Users\All Users\NVIDIA
2011-04-29 07:05 - 2011-01-26 09:11 - 0000000 ____D C:\ProgramData\NVIDIA
2011-04-29 07:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-04-29 07:04 - 2011-04-29 07:04 - 0286704 ____A C:\Windows\Minidump\042911-25786-01.dmp
2011-04-29 07:01 - 2011-04-16 07:02 - 0000380 ____A C:\Windows\Tasks\At1.job
2011-04-29 06:03 - 2011-01-26 08:49 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900603755-155355906-3389376055-1000UA.job
2011-04-29 05:07 - 2011-04-29 05:07 - 0004588 ____A C:\Users\Miguel\Downloads\Eset_nod32_Antivirus_V_4_2_64_12.torrent
2011-04-29 05:07 - 2011-01-28 11:15 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\uTorrent
2011-04-29 01:42 - 2011-04-29 01:42 - 0511928 ____A C:\Users\Miguel\Downloads\tumblr_lizg84LSax1qcawg9o1_500.gif
2011-04-28 16:54 - 2011-01-28 04:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\CrashDumps
2011-04-28 14:44 - 2011-04-28 14:44 - 0007490 ____A C:\Users\Miguel\Downloads\South.Park.S15E01.Human.CentiPad.HDTV.XviD-FQM.[eztv].torrent
2011-04-28 14:17 - 2011-01-31 01:00 - 0091136 ____A C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-28 13:12 - 2011-01-28 11:17 - 0000000 ____D C:\Users\Miguel\Documents\Games
2011-04-28 12:55 - 2011-04-28 12:55 - 0074838 ____A C:\Users\Miguel\Downloads\Red.Faction.Guerrilla-RELOADED.torrent
2011-04-28 09:29 - 2011-04-28 09:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{7007B117-2641-4B44-863B-5C96BDC011C7}
2011-04-28 09:28 - 2011-01-27 01:40 - 0000000 ____D C:\Users\Miguel\Tracing
2011-04-28 08:03 - 2011-01-26 08:49 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900603755-155355906-3389376055-1000Core.job
2011-04-28 02:48 - 2011-04-28 02:48 - 0036789 ____A C:\Users\Miguel\Downloads\1984___Yngwie_Malmsteen___Rising_Force.torrent
2011-04-27 12:54 - 2011-04-27 12:54 - 0197933 ____A C:\Users\Miguel\Downloads\jNN3t.png
2011-04-27 11:10 - 2011-04-27 11:09 - 0000000 ____D C:\Users\Miguel\AppData\Local\{C40B158B-CE8B-4814-B10C-CABFF98D06C1}
2011-04-26 17:29 - 2011-04-26 17:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{35584707-C287-4902-83D6-17A6FE9F6D0F}
2011-04-26 16:38 - 2011-04-26 16:38 - 0055514 ____A C:\Users\Miguel\Downloads\tumblr_lka4z9dmoB1qj01sgo1_500.jpg
2011-04-26 00:12 - 2011-04-25 23:45 - 0001379 ____A C:\Users\Miguel\Desktop\Carta Telenor.rtf
2011-04-26 00:12 - 2011-01-29 12:02 - 0662358 ____A C:\Users\Miguel\danid.log
2011-04-25 07:44 - 2011-04-25 05:32 - 0000000 ____D C:\Program Files (x86)\Total War Shogun 2
2011-04-25 07:42 - 2011-04-25 07:42 - 0001529 ____A C:\Users\Miguel\Desktop\Shogun 2.lnk
2011-04-25 07:40 - 2011-01-27 01:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-04-25 06:20 - 2011-04-25 06:20 - 0000000 ____D C:\Users\Miguel\AppData\Local\Chromium
2011-04-25 05:46 - 2011-01-27 08:16 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\The Creative Assembly
2011-04-25 05:41 - 2011-01-27 02:19 - 0190357 ____A C:\Windows\DirectX.log
2011-04-25 05:32 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-04-25 04:28 - 2011-04-25 04:28 - 0000000 ____D C:\Users\Miguel\AppData\Local\{E31FD7E2-81A6-4D74-AC37-DD7628409C53}
2011-04-24 13:57 - 2011-04-24 13:57 - 0000000 ____D C:\Users\Miguel\AppData\Local\{A4191EF8-1F35-4712-8102-FC5ADBEA13DE}
2011-04-23 15:04 - 2011-04-23 15:04 - 0038528 ____A C:\Users\Miguel\Downloads\Muppets_Tonight___Complete_Series.torrent
2011-04-23 14:39 - 2011-03-04 17:12 - 0000198 ____A C:\Users\Miguel\Desktop\the rasmus - dead letters.txt
2011-04-23 13:15 - 2011-04-23 13:15 - 0000000 ____D C:\Users\Miguel\AppData\Local\{84F95068-A216-43E5-AE6B-8618AB636A14}
2011-04-23 13:12 - 2011-04-23 13:12 - 0001953 ____A C:\Users\Miguel\Desktop\Empire Total War.lnk
2011-04-22 14:04 - 2011-04-22 14:04 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3349B5AE-41FC-4CB1-9A81-D7C45C4AF4D2}
2011-04-21 09:01 - 2011-04-21 09:01 - 0183047 ____A C:\Users\Miguel\Downloads\Seinfeld_-_Complete_Collection.3645074.TPB.torrent
2011-04-20 12:35 - 2011-04-20 12:35 - 0000000 ____D C:\Users\Miguel\AppData\Local\{6411406B-5EB7-4A01-AD02-146773BE1698}
2011-04-19 13:06 - 2011-04-19 13:05 - 14759021 ____A ( ) C:\Users\Miguel\Downloads\K-Lite_Codec_Pack_710_Full.exe
2011-04-19 12:18 - 2011-04-19 12:18 - 0000000 ____D C:\Program Files (x86)\Ligos
2011-04-19 12:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2011-04-19 12:12 - 2011-04-19 12:12 - 1963127 ____A C:\Users\Miguel\Downloads\Indeo_Codecs_Legacy_Package_IV31_IV32_IV41_IV50.zip
2011-04-19 12:06 - 2011-04-19 12:06 - 2068266 ____A (Ligos Technology) C:\Users\Miguel\Downloads\iv5setup.exe
2011-04-19 11:55 - 2011-04-19 11:54 - 0000000 ____D C:\Users\Miguel\AppData\Local\{8E96F258-4BC3-40AE-AA79-B7C97DE5F8FB}
2011-04-19 03:52 - 2011-01-28 04:13 - 0000000 ____D C:\Users\Miguel\Documents\Comedy
2011-04-19 03:48 - 2011-04-19 03:48 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2011-04-19 03:47 - 2011-04-19 03:47 - 2661254 ____A (Alexander Vigovsky ) C:\Users\Miguel\Downloads\ac3filter_1_63b.exe
2011-04-19 03:41 - 2011-04-19 03:41 - 0000000 ____D C:\Program Files (x86)\GSpot
2011-04-19 03:40 - 2011-04-19 03:40 - 0217329 ____A C:\Users\Miguel\Downloads\gspot.exe
2011-04-19 03:35 - 2011-03-30 03:12 - 0000007 ____A C:\Windows\treeskp.sys
2011-04-19 03:35 - 2011-03-30 03:12 - 0000007 ____A C:\Windows\sbacknt.bin
2011-04-18 06:10 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2011-04-18 06:10 - 2009-07-13 18:36 - 0619206 ____A C:\Windows\System32\perfh009.dat
2011-04-18 06:10 - 2009-07-13 18:36 - 0107388 ____A C:\Windows\System32\perfc009.dat
2011-04-18 02:05 - 2011-04-18 02:05 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3BD85690-3062-464A-B05B-7FB3233085F0}
2011-04-17 11:03 - 2011-04-17 11:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{CCCF71EC-4285-473E-A211-2B273DECCE7F}
2011-04-16 17:54 - 2011-01-26 08:49 - 0002403 ____A C:\Users\Miguel\Desktop\Google Chrome.lnk
2011-04-16 08:54 - 2011-04-16 08:54 - 0000000 ____D C:\Users\Miguel\AppData\Local\{2767898F-CAB0-43B5-B0C1-1E93E81DFE74}
2011-04-16 07:37 - 2011-04-16 07:37 - 0001676 ____A C:\Users\Miguel\Desktop\Mafia 2.lnk
2011-04-16 07:11 - 2011-04-16 07:11 - 0000000 ____D C:\Users\Miguel\AppData\Local\2K Games
2011-04-15 08:21 - 2011-04-15 08:21 - 0000000 ____D C:\Users\Miguel\AppData\Local\Ironclad Games
2011-04-15 08:12 - 2011-04-15 08:12 - 0000136 ____A C:\Users\Miguel\Desktop\Football Manager 2011 - Shortcut.lnk
2011-04-15 07:57 - 2009-07-13 21:08 - 0032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-04-15 07:52 - 2011-04-15 07:52 - 0000000 ____D C:\Users\Miguel\Documents\4A Games
2011-04-15 07:50 - 2011-04-15 07:50 - 0000000 ____D C:\Users\Miguel\AppData\Local\4A Games
2011-04-15 04:35 - 2011-04-15 04:35 - 0000000 ____D C:\Users\Miguel\AppData\Local\{6F3D26C6-2DB6-4E42-91DC-C4075FC3F4E0}
2011-04-14 11:00 - 2011-04-08 11:06 - 0000000 ____D C:\Users\Public\Documents\STALKER-STCS
2011-04-14 01:34 - 2011-04-14 01:34 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\XRay Engine
2011-04-13 23:35 - 2011-04-13 23:34 - 0000000 ____D C:\Users\Miguel\AppData\Local\{AB3CF632-AA8B-4BF1-A17B-B2DC05AF813C}
2011-04-13 10:50 - 2011-04-13 10:50 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\CDisplayEx
2011-04-13 10:49 - 2011-04-13 10:49 - 0000000 ____D C:\Program Files (x86)\CDisplayEx
2011-04-13 00:03 - 2011-01-29 13:58 - 0000000 ____D C:\Users\Miguel\Documents\My Received Files
2011-04-12 23:44 - 2011-04-12 23:43 - 0000000 ____D C:\Users\Miguel\AppData\Local\{29B5774E-9EDD-496C-BB9C-E48F402B63FB}
2011-04-11 14:29 - 2011-04-11 14:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{BA4BBFD3-8609-4DBA-9590-5F5E33D92E88}
2011-04-11 13:38 - 2011-01-26 08:29 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-04-11 02:29 - 2011-04-11 02:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{37873BE4-1CE9-4ACF-A43F-DC6883D686F9}
2011-04-10 07:40 - 2011-04-10 07:39 - 0000000 ____D C:\Users\Miguel\AppData\Local\{A8B74492-393E-4BE7-867C-5A6254661F94}
2011-04-09 09:54 - 2011-04-09 09:53 - 0000000 ____D C:\Users\Miguel\AppData\Local\{32F6AC80-B90A-4F70-B75F-7C8E930C0854}
2011-04-08 20:02 - 2011-04-08 20:02 - 0000031 ____A C:\Windows\progress
2011-04-08 12:40 - 2011-04-08 12:40 - 0000000 ____D C:\Users\Miguel\AppData\Local\{01B3779C-789A-4E31-A07C-F9D6781360DE}
2011-04-08 11:02 - 2011-04-08 11:02 - 0000000 ____D C:\Program Files (x86)\Deep Silver
2011-04-07 15:39 - 2011-04-07 15:39 - 0000000 ____D C:\Users\Miguel\AppData\Local\{120006A1-F78A-4250-B12E-3804E0B5DD4C}
2011-04-06 18:03 - 2011-04-06 18:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{ABC64FA5-7811-468F-8475-C94DEB7AAF59}
2011-04-06 06:03 - 2011-04-06 06:02 - 0000000 ____D C:\Users\Miguel\AppData\Local\{11C5EB61-24C1-4C88-90DA-0DF0095CE646}
2011-04-05 10:04 - 2011-04-05 10:04 - 0000000 ____D C:\Users\Miguel\AppData\Local\{9264062E-E289-4DE3-8DA5-9C3C6E9DEBA9}
2011-04-04 07:16 - 2011-04-04 07:16 - 0000000 ____D C:\Users\Miguel\AppData\Local\{713E8EB3-6694-4EB4-8F83-3DF4420D999E}
2011-04-03 10:58 - 2011-04-03 10:57 - 0000000 ____D C:\Users\Miguel\AppData\Local\{39C6911B-7B9C-4241-ABFE-67940600DAD1}
2011-04-03 04:16 - 2011-04-03 04:16 - 0064368 ____A C:\Users\Miguel\Downloads\Stand_Up_Comedy_Collecction.torrent
2011-04-01 00:12 - 2011-04-01 00:12 - 0000000 ____D C:\Users\Miguel\AppData\Local\{39C3B621-6EC2-4929-9DE1-1425CB80486E}
2011-03-31 10:23 - 2011-03-31 10:23 - 0000136 ____A C:\Users\Miguel\Desktop\Mass Effect - Shortcut.lnk
2011-03-31 03:59 - 2011-03-31 03:59 - 0000000 ____D C:\Users\Miguel\AppData\Local\Microsoft Games
2011-03-31 03:26 - 2011-03-31 03:26 - 0000000 ____D C:\Users\Miguel\AppData\Local\{35F564B2-9D1A-4C41-9F05-22B8C5699A10}
2011-03-30 01:00 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-03-30 00:04 - 2011-03-19 04:17 - 0000000 ____D C:\Program Files (x86)\Logitech
2011-03-29 23:18 - 2011-03-19 04:18 - 0000233 ____A C:\Windows\SysWOW64\Installer.log
2011-03-29 07:28 - 2011-03-29 07:28 - 0000000 ____D C:\Users\Miguel\AppData\Local\{4E9D0E21-61CF-4FCF-86B7-9F5EC8D874BA}
2011-03-29 00:48 - 2011-03-29 00:48 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-03-29 00:43 - 2011-01-28 11:16 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-03-28 00:10 - 2011-03-28 00:09 - 0000000 ____D C:\Users\Miguel\AppData\Local\{6088C2FC-E005-4A20-B925-5E4E9E545F2C}
2011-03-26 03:10 - 2011-03-26 03:10 - 0000000 ____D C:\Users\Miguel\AppData\Local\{72442416-03C9-41B2-A69F-867433A0048B}
2011-03-25 21:29 - 2011-02-05 08:57 - 0000000 ____D C:\Users\Miguel\AppData\Local\FalloutNV
2011-03-25 02:24 - 2011-03-25 02:24 - 0000000 ____D C:\Users\Miguel\AppData\Local\{570DD6CD-A235-4FFD-80BE-1AA9B7B5D1BA}
2011-03-23 18:00 - 2011-03-23 18:00 - 0000000 ____D C:\Users\Miguel\AppData\Local\{BD0F97EF-C0B3-46E5-9BED-4837CC71324F}
2011-03-23 06:00 - 2011-03-23 05:59 - 0000000 ____D C:\Users\Miguel\AppData\Local\{34288BA2-099F-4BCE-8538-66D0C63F9841}
2011-03-23 05:32 - 2011-03-23 05:32 - 0000000 ____D C:\Users\Miguel\AppData\Local\{9602D5D6-4849-4491-8F85-BEC55F6F88F3}
2011-03-22 17:31 - 2011-03-22 17:31 - 0000000 ____D C:\Users\Miguel\AppData\Local\{96F2F534-6A67-4E47-8EFB-A71C9875CD2C}
2011-03-22 01:11 - 2011-03-22 01:11 - 0000000 ____D C:\Users\Miguel\AppData\Local\{B5D94DB8-1CC1-4C21-AB66-672AD02572F4}
2011-03-21 18:16 - 2011-03-21 18:16 - 4032339 ____A C:\Users\Miguel\Documents\F-15E_391st_USAF_081215-F-7823A-931.jpg
2011-03-21 11:10 - 2011-03-21 11:10 - 0000000 ____D C:\Users\Miguel\AppData\Local\{E61D1C5E-E8CD-46F4-9ECD-668476CB2B2D}
2011-03-21 10:16 - 2011-03-21 10:16 - 0000000 ____D C:\Users\Public\Documents\Sports Interactive
2011-03-21 10:16 - 2011-03-21 10:16 - 0000000 ____D C:\Users\Miguel\Documents\Sports Interactive
2011-03-21 10:16 - 2011-03-21 10:16 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\Sports Interactive
2011-03-21 10:16 - 2011-03-21 10:16 - 0000000 ____D C:\Users\Miguel\AppData\Local\Sports Interactive
2011-03-20 17:43 - 2011-03-20 17:41 - 0000000 ___HD C:\Program Files (x86)\Zero G Registry
2011-03-20 17:41 - 2011-03-20 17:41 - 0000000 ___HD C:\Users\Miguel\InstallAnywhere
2011-03-20 17:41 - 2011-03-20 17:41 - 0000000 ____D C:\Program Files (x86)\Sports Interactive
2011-03-20 17:41 - 2011-01-26 08:22 - 0000000 ____D C:\users\Miguel
2011-03-20 14:03 - 2011-03-20 14:03 - 0000000 ____D C:\Users\Miguel\AppData\Local\{5F700537-894B-4C3C-B897-9BAA0D41AE84}
2011-03-20 01:58 - 2011-03-20 01:57 - 0000000 ____D C:\Users\Miguel\AppData\Local\{8F519967-4636-41CD-8A33-997D95C6CE15}
2011-03-19 10:52 - 2011-03-19 10:52 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\NVIDIA
2011-03-19 10:50 - 2011-02-05 08:57 - 0000000 ____D C:\Users\Miguel\Documents\My Games
2011-03-19 07:33 - 2011-03-19 07:33 - 0000000 ____D C:\Users\Miguel\AppData\Local\{950063C4-C848-4046-BEBB-BF8336E66909}
2011-03-19 04:21 - 2011-03-19 04:21 - 0000000 ____D C:\Users\Miguel\AppData\Local\Logitech-LS
2011-03-18 14:40 - 2011-03-18 14:39 - 0003122 ____A C:\Windows\SysWOW64\jupdate-1.6.0_24-b07.log
2011-03-18 14:40 - 2011-01-28 09:26 - 0000000 ____D C:\Program Files (x86)\Java
2011-03-18 14:39 - 2011-03-18 14:39 - 0000000 ____D C:\Users\All Users\McAfee
2011-03-18 14:39 - 2011-03-18 14:39 - 0000000 ____D C:\ProgramData\McAfee
2011-03-18 14:31 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\debug
2011-03-18 14:12 - 2011-03-18 14:12 - 0000000 ____D C:\Users\Miguel\AppData\Local\{B4767183-DF09-4E3C-9AB4-166F190838D5}
2011-03-18 10:37 - 2011-02-03 01:21 - 0000000 ____D C:\Users\Miguel\AppData\Local\ElevatedDiagnostics
2011-03-10 22:19 - 2011-04-29 07:14 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-03-10 22:19 - 2011-04-29 07:14 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-03-10 21:40 - 2011-04-29 07:14 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-03-10 21:40 - 2011-04-29 07:14 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-03-07 22:14 - 2011-04-29 07:13 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-03-07 21:38 - 2011-04-29 07:13 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-03-02 22:17 - 2011-04-29 07:13 - 0356352 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2011-03-02 22:17 - 2011-04-29 07:13 - 0182272 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2011-03-02 22:14 - 2011-04-29 07:13 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2011-03-02 21:29 - 2011-04-29 07:13 - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2011-03-02 21:27 - 2011-04-29 07:13 - 0028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2011-03-02 19:58 - 2011-04-29 07:14 - 3133440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-02-26 02:16 - 2011-02-21 02:35 - 0000000 ____D C:\Program Files (x86)\thriXXX
2011-02-26 02:11 - 2011-02-26 02:10 - 0000000 ____D C:\Users\Miguel\AppData\Local\{C08D1593-9C22-427B-B400-79CC8303EDCA}
2011-02-25 17:55 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-02-25 17:54 - 2011-02-01 08:47 - 0000000 ____D C:\Program Files (x86)\Mass Effect
2011-02-25 17:54 - 2011-01-29 15:11 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2011-02-25 17:54 - 2011-01-27 06:19 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\Winamp
2011-02-25 17:54 - 2011-01-27 06:19 - 0000000 ____D C:\Program Files (x86)\Winamp
2011-02-25 17:54 - 2011-01-26 08:34 - 0000000 ____D C:\Users\All Users\Norton
2011-02-25 17:54 - 2011-01-26 08:34 - 0000000 ____D C:\ProgramData\Norton
2011-02-25 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wfp
2011-02-25 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-02-25 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-02-25 17:54 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-02-25 17:51 - 2011-02-25 17:51 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\Tific
2011-02-25 17:51 - 2011-02-25 17:51 - 0000000 ____D C:\Users\Miguel\AppData\Local\Symantec
2011-02-25 17:48 - 2009-07-13 23:45 - 0000000 __RHD C:\Users\Public\Recorded TV
2011-02-25 01:46 - 2011-02-25 01:46 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3D113791-BF78-4569-829C-8A5EF4160111}
2011-02-24 03:47 - 2011-02-24 03:47 - 0000000 ____D C:\Users\Miguel\AppData\Local\{F2A9DAE7-5496-4BE8-A9AC-A4892B29E130}
2011-02-23 22:29 - 2011-04-29 07:14 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-02-23 22:28 - 2011-04-29 07:14 - 1499136 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-02-23 22:25 - 2011-04-29 07:14 - 9311744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-02-23 22:25 - 2011-04-29 07:14 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-02-23 22:25 - 2011-04-29 07:14 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-02-23 22:25 - 2011-04-29 07:14 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-02-23 22:25 - 2011-04-29 07:14 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 2447872 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 12369408 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-02-23 22:24 - 2011-04-29 07:14 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-02-23 22:21 - 2011-04-29 07:14 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-02-23 21:32 - 2011-04-29 07:14 - 1228800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-02-23 21:32 - 2011-04-29 07:14 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 5981696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0599040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-02-23 21:30 - 2011-04-29 07:14 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-02-23 21:29 - 2011-04-29 07:14 - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-02-23 21:29 - 2011-04-29 07:14 - 10989056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-02-23 21:29 - 2011-04-29 07:14 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-02-23 21:29 - 2011-04-29 07:14 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-02-23 21:29 - 2011-04-29 07:14 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-02-23 21:27 - 2011-04-29 07:14 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-02-23 21:05 - 2011-04-29 07:14 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-02-23 20:24 - 2011-04-29 07:14 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-02-23 20:23 - 2011-04-29 07:14 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-02-23 19:50 - 2011-04-29 07:14 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-02-23 15:20 - 2011-02-23 15:19 - 0000000 ____D C:\Users\Miguel\AppData\Local\{5C81C168-ECA4-43EC-8DB1-33DC0F33D51A}
2011-02-23 13:18 - 2011-02-23 13:18 - 0007605 ____A C:\Users\Miguel\AppData\Local\Resmon.ResmonCfg
2011-02-23 01:38 - 2011-02-23 01:37 - 0000000 ____D C:\Users\Miguel\AppData\Local\{F4FB2530-65B5-4F4A-98AA-44D57E01E184}
2011-02-22 21:16 - 2011-04-29 07:14 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-02-22 21:16 - 2011-04-29 07:14 - 0401920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-02-22 21:15 - 2011-04-29 07:14 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-02-22 21:15 - 2011-04-29 07:12 - 0286720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-02-22 21:15 - 2011-04-29 07:12 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-02-22 21:15 - 2011-04-29 07:12 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-02-22 21:15 - 2011-04-29 07:12 - 0090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2011-02-22 16:19 - 2011-02-18 12:09 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2011-02-22 16:19 - 2011-02-18 12:09 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2011-02-22 02:21 - 2011-02-22 02:21 - 0000000 ____D C:\Program Files (x86)\Matroska Pack
2011-02-22 02:18 - 2011-02-07 09:48 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2011-02-21 14:06 - 2011-02-21 14:06 - 0000000 ____D C:\Users\Miguel\AppData\Local\{3CB96B11-635E-4CE0-87BE-79680D5ED44F}
2011-02-21 02:35 - 2011-02-21 02:35 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\thriXXX
2011-02-21 02:06 - 2011-02-21 02:06 - 0000000 ____D C:\Users\Miguel\AppData\Local\{894EB885-9BAA-4F20-B0A6-A7252B4ED6D8}
2011-02-20 02:49 - 2011-02-20 02:49 - 0000000 ____D C:\Users\Miguel\AppData\Local\{E3809ECF-F81D-4D8E-804F-9823291639C8}
2011-02-19 10:32 - 2011-02-19 10:32 - 0000000 ____D C:\Users\Miguel\AppData\Local\{61CA2983-CB1A-4D34-AC15-4B0A6BC7F798}
2011-02-18 22:36 - 2011-04-29 07:13 - 0046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2011-02-18 21:32 - 2011-04-29 07:13 - 0034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2011-02-18 20:13 - 2011-04-29 07:13 - 0367104 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2011-02-18 19:37 - 2011-04-29 07:13 - 0294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2011-02-18 05:56 - 2011-02-18 05:56 - 0000000 ____D C:\Users\Miguel\AppData\Local\{FEA743E9-2280-41B6-8EFE-EF09853FB975}
2011-02-17 22:37 - 2011-04-29 07:14 - 0612352 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-02-17 22:36 - 2011-04-29 07:14 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-02-17 21:36 - 2011-04-29 07:14 - 0428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-02-17 21:35 - 2011-04-29 07:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-02-17 17:55 - 2011-02-17 17:55 - 0000000 ____D C:\Users\Miguel\AppData\Local\{CCCF5F08-DA71-494F-B1EE-173CFD095CB0}
2011-02-17 05:40 - 2011-02-17 05:40 - 0000000 ____D C:\Program Files (x86)\2K Games
2011-02-17 04:01 - 2011-02-17 04:01 - 0000000 ____D C:\Users\Miguel\AppData\Local\{A1671AC2-674C-4887-A1FF-D4A99B53A297}
2011-02-16 18:46 - 2011-02-16 18:46 - 0026048 ____A C:\Users\Miguel\Downloads\jgfkg.jpg
2011-02-16 18:26 - 2011-02-16 18:26 - 0039351 ____A C:\Users\Miguel\Documents\tumblr_kw6m4pFPqt1qaw0y6o1_400.jpg
2011-02-16 18:04 - 2011-02-16 18:04 - 0078395 ____A C:\Users\Miguel\Documents\tumblr_l4198tgmrM1qzga6no1_500.jpg
2011-02-16 08:02 - 2011-02-16 08:02 - 0000000 ____D C:\Users\Miguel\AppData\Local\{79C49785-16BF-4F88-90B1-199E13CA0CD5}
2011-02-15 06:51 - 2011-02-15 06:51 - 0000000 ____D C:\Users\Miguel\AppData\Local\{66FE1B0F-6E9D-45DB-8449-D9F095C04C23}
2011-02-14 18:21 - 2011-02-14 18:21 - 0032964 ____A C:\Users\Miguel\Documents\tumblr_lcaqvidfHI1qcm9foo1_500.jpg
2011-02-14 18:04 - 2009-07-13 20:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2011-02-14 17:51 - 2011-02-14 17:51 - 0000000 ___HD C:\Users\All Users\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2011-02-14 17:51 - 2011-02-14 17:51 - 0000000 ___HD C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2011-02-14 17:51 - 2011-01-31 00:21 - 0000000 ____D C:\Program Files (x86)\Creative
2011-02-14 17:50 - 2011-02-14 17:50 - 0001129 ____A C:\Users\Public\Desktop\Creative Centrale.lnk
2011-02-14 17:50 - 2011-02-14 17:50 - 0000000 ___HD C:\Users\All Users\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2011-02-14 17:50 - 2011-02-14 17:50 - 0000000 ___HD C:\ProgramData\{B7FA0661-862B-4AE4-A12A-F08D226ED546}
2011-02-14 05:37 - 2011-02-14 05:37 - 0000000 ____D C:\Users\Miguel\AppData\Local\{BD282B8B-A440-441D-BEED-18ABC78CFE0A}
2011-02-13 11:05 - 2011-02-13 11:05 - 0025378 ____A C:\Users\Miguel\Documents\tumblr_leewpu5tnW1qemdfvo1_500.jpg
2011-02-13 10:50 - 2011-02-13 10:50 - 0051815 ____A C:\Users\Miguel\Documents\tumblr_lel04oLP9q1qemdfvo1_500.jpg
2011-02-13 10:48 - 2011-02-13 10:48 - 0029412 ____A C:\Users\Miguel\Documents\tumblr_le5nrtkQl41qapfr2o1_500.jpg
2011-02-13 04:29 - 2011-02-13 04:29 - 0000000 ____D C:\Users\Miguel\AppData\Local\{13A00001-F27D-4BF8-9A17-069F54A6FECC}
2011-02-13 03:17 - 2011-02-05 14:47 - 0000000 ____D C:\Users\Miguel\Documents\Imagenes
2011-02-12 06:41 - 2011-02-12 06:41 - 0000000 ____D C:\Users\Miguel\AppData\Local\{CD088065-EA8E-450C-B888-B49740802063}
2011-02-11 22:14 - 2011-04-29 07:13 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2011-02-11 03:13 - 2011-02-11 03:13 - 0000000 ____D C:\Users\Miguel\AppData\Local\{B34025F5-B9FA-48EF-B1D1-5CCB35DAE19B}
2011-02-10 04:27 - 2011-02-10 04:27 - 0000000 ____D C:\Users\Miguel\AppData\Local\{215954BA-1E3F-4DA3-8281-808A28B310BF}
2011-02-09 02:40 - 2011-02-09 02:40 - 0000000 ____D C:\Users\Miguel\AppData\Local\{845CF00A-6C07-48AC-838B-A6D949E1DDB0}
2011-02-08 00:59 - 2011-02-08 00:59 - 0000000 ____D C:\Users\Miguel\AppData\Local\{1CD3215C-CDAC-40FD-ABA4-9939BAB33350}
2011-02-07 09:48 - 2011-02-07 09:48 - 0000000 ____D C:\Users\Miguel\AppData\Roaming\Media Player Classic
2011-02-07 03:49 - 2011-02-07 03:49 - 0000000 ____D C:\Users\Miguel\AppData\Local\{C558DF0B-44FE-4A22-84E2-F48E7E4EF6B4}
2011-02-06 15:49 - 2011-02-06 15:48 - 0000000 ____D C:\Users\Miguel\AppData\Local\{96762688-EF87-42FF-B398-84CE682B1540}
2011-02-06 03:26 - 2011-02-06 03:25 - 0000000 ____D C:\Users\Miguel\AppData\Local\{25D4BBD4-2F4F-4AF1-8A22-E8F5D6459036}
2011-02-05 15:35 - 2010-02-17 20:36 - 0000000 ____D C:\Users\Miguel\Documents\Mis documentos Antiguo
2011-02-05 15:25 - 2011-02-05 15:25 - 0000000 ____D C:\Users\Miguel\AppData\Local\{1BC798D8-9FBD-4908-9295-78D9A78A9A86}
2011-02-05 14:48 - 2010-06-13 07:57 - 0000000 ____D C:\Users\Miguel\Documents\Fotos coche
2011-02-05 14:45 - 2010-06-15 14:43 - 0000000 ____D C:\Users\Miguel\Documents\Audio Books
2011-02-05 08:50 - 2011-02-05 08:50 - 0000000 ____D C:\Program Files (x86)\Bethesda Softworks
2011-02-05 04:41 - 2011-04-29 07:14 - 0640896 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2011-02-05 04:41 - 2011-04-29 07:14 - 0556928 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2011-02-05 04:41 - 2011-04-29 07:14 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2011-02-05 04:41 - 2011-04-29 07:14 - 0019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2011-02-05 04:41 - 2011-04-29 07:14 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2011-02-05 04:39 - 2011-04-29 07:14 - 0603976 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2011-02-05 04:39 - 2011-04-29 07:14 - 0518160 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2011-02-05 03:25 - 2011-02-05 03:25 - 0000000 ____D C:\Users\Miguel\AppData\Local\{2FCE8AC0-56C5-467C-ACBF-49C165908B7F}
2011-02-03 14:39 - 2011-02-03 14:39 - 0000000 ____D C:\Users\Miguel\AppData\Local\{385D90C6-DD45-4F39-ABEA-6282BBDCA6D3}
2011-02-03 02:39 - 2011-02-03 02:39 - 0000000 ____D C:\Users\Miguel\AppData\Local\{1C1D0784-659A-44B8-A49D-BDF2A6CD201F}
2011-02-03 01:21 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF

============ Known DLLs ============

[2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-07-13 16:20] - [2009-07-13 17:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2009-07-13 15:55] - [2009-07-13 17:40] - 0595456 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2009-07-13 15:39] - [2009-07-13 17:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2009-07-13 15:39] - [2009-07-13 17:40] - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0310784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2011-04-29 07:14] - [2011-02-23 22:24] - 2447872 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2011-04-29 07:14] - [2011-02-23 21:29] - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2009-07-13 16:13] - [2009-07-13 17:41] - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2009-07-13 15:57] - [2009-07-13 17:15] - 0154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2009-07-13 15:28] - [2009-07-13 17:41] - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2009-07-13 15:16] - [2009-07-13 17:11] - 0836608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2009-07-13 15:19] - [2009-07-13 17:41] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:12] - [2009-07-13 17:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2011-01-28 04:08] - [2010-06-28 21:39] - 2085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-01-28 04:08] - [2010-06-28 21:02] - 1413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2011-01-28 04:08] - [2010-04-06 23:37] - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2011-01-28 04:08] - [2010-04-06 23:10] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
[2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2009-07-13 15:23] - [2009-07-13 17:41] - 1221632 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-07-13 15:12] - [2009-07-13 17:11] - 0662528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2009-07-13 15:27] - [2009-07-13 17:41] - 1899520 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2009-07-13 15:16] - [2009-07-13 17:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2011-01-28 04:08] - [2010-07-27 06:59] - 14162944 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2011-01-28 04:08] - [2010-07-27 06:03] - 12867584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
[2009-07-13 15:55] - [2009-07-13 17:41] - 0449536 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2009-07-13 15:39] - [2009-07-13 17:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2011-04-29 07:14] - [2011-02-23 22:28] - 1499136 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2011-04-29 07:14] - [2011-02-23 21:32] - 1228800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0801280 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2009-07-13 15:25] - [2009-07-13 17:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2009-07-13 15:57] - [2009-07-13 17:41] - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2009-07-13 15:41] - [2009-07-13 17:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
[2011-04-29 07:14] - [2011-02-23 22:29] - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2011-04-29 07:14] - [2011-02-23 21:32] - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
[2009-07-13 15:54] - [2009-07-13 17:41] - 0311808 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2009-07-13 15:38] - [2009-07-13 17:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0296448 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

========================= Memory info ========================

Percentage of memory in use: 9%
Total physical RAM: 8190.18 MB
Available physical RAM: 7428.87 MB
Total Pagefile: 8188.33 MB
Available Pagefile: 7427.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions ===========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:439.6 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
3 Drive f: (MY ZEN) (Removable) (Total:14.63 GB) (Free:10.96 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 03 May 2011 - 03:21 AM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Policies\Explorer\Run: [ETLPVRATT] C:\Windows\SysWOW64\dhcpcore7.exe
C:\Windows\SysWOW64\dhcpcore7.exe
2011-04-29 07:01 - 2011-04-16 07:02 - 0000380 ____A C:\Windows\Tasks\At1.job
2011-04-29 07:00 - 2011-04-29 07:18 - 0000252 ___AH C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
2011-04-29 07:00 - 2011-04-29 07:15 - 0000252 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2011-04-29 07:00 - 2011-04-29 07:06 - 0000252 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2011-04-29 05:07 - 2011-04-29 05:07 - 0004588 ____A C:\Users\Miguel\Downloads\Eset_nod32_Antivirus_V_4_2_64_12.torrent
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST x64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Also reboot and tell me how it went.

Edited by farbar, 03 May 2011 - 03:21 AM.


#5 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 03 May 2011 - 03:23 PM

Woah, the computer's working! That was amazing! :D
What was it, damage done by a virus? Is the PC reliable now or should i still consider a format and reinstall?
Thx so much Farbar, that was above and beyond the call of duty :)

Here's the fixlog:


Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.0.6)
Ran by SYSTEM at 2011-05-03 22:15:11 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ETLPVRATT Value deleted successfully.
C:\Windows\SysWOW64\dhcpcore7.exe not found.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Users\Miguel\Downloads\Eset_nod32_Antivirus_V_4_2_64_12.torrent moved successfully.

========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bcdedit /set {default} winpe no =========

The operation completed successfully.

========= End of CMD: =========

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 03 May 2011 - 04:10 PM

Great. :thumbsup:

Yes that was the damage done by the virus. We have taken care of the main infection and need to check the leftovers. No need for reformat reinstal.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 03 May 2011 - 05:55 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04/05/2011 00:53:42
mbam-log-2011-05-04 (00-53-42).txt

Scan type: Quick scan
Objects scanned: 154259
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 03 May 2011 - 10:10 PM

Looks the MBAM found nothing.

To have a through checkup please do the following:

  • Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats and the option Scan archives are checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan![/list]

#9 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 03 May 2011 - 11:50 PM

This is OTL.txt:


OTL logfile created on: 04/05/2011 06:42:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Miguel\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 466.14 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Computer Name: MIGUEL-PC | User Name: Miguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 06:32:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
PRC - [2011/01/27 12:21:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010/08/29 02:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/04 15:55:36 | 000,692,317 | ---- | M] ( ) -- C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe
PRC - [2010/07/15 19:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/07/07 11:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 08:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/04/27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008/08/13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 06:32:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
MOD - [2011/04/29 17:17:14 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
MOD - [2011/04/29 17:17:14 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
MOD - [2010/08/27 11:34:08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/08/27 11:33:58 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\AK\icsak.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/27 11:34:22 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/27 12:22:01 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/24 08:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/04/02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/30 01:11:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/08/27 11:33:56 | 000,044,784 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2010/08/27 11:33:56 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/06/09 19:16:08 | 000,456,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/05/31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/07 13:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2010/03/02 13:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/12 18:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/12 18:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/02/15 17:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 28 B8 7E 78 BD CB 01 [binary data]
IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-900603755-155355906-3389376055-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/05/03 22:30:36 | 000,000,000 | ---D | M]


Hosts file not found
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [GHWAUC6NNZ] File not found
O4 - HKU\S-1-5-18..\Run: [GHWAUC6NNZ] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-900603755-155355906-3389376055-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-900603755-155355906-3389376055-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-900603755-155355906-3389376055-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.4.16.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 06:32:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
[2011/05/04 00:51:21 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\Malwarebytes
[2011/05/04 00:51:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/04 00:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 00:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 00:51:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/04 00:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/03 22:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2011/05/03 22:37:33 | 000,000,000 | ---D | C] -- C:\Users\Miguel\Documents\ForceField Shared Files
[2011/05/03 22:37:30 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\MailFrontier
[2011/05/03 22:37:30 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\CheckPoint
[2011/05/03 22:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/05/03 22:30:28 | 000,072,704 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\zllsputility.exe
[2011/05/03 22:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/05/03 22:30:23 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
[2011/05/03 22:30:20 | 000,351,248 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/05/03 22:30:07 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/05/03 22:30:02 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/05/03 22:29:58 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/05/03 22:29:58 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/05/03 22:29:55 | 000,043,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/05/03 22:29:54 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/05/03 22:29:54 | 000,300,544 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/05/03 22:29:54 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/05/03 22:29:54 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/05/03 22:29:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/05/03 22:29:53 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/05/03 22:29:51 | 000,456,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011/05/03 22:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/05/03 22:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/05/03 22:29:02 | 000,686,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/05/03 22:29:02 | 000,229,376 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/05/03 22:29:02 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/03 13:19:31 | 000,000,000 | ---D | C] -- C:\FRST
[2011/05/01 15:28:34 | 007,130,944 | ---- | C] (SurfRight B.V.) -- C:\HitmanPro35_x64.exe
[2011/04/29 17:14:26 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 17:14:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 17:14:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 17:14:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 17:14:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 17:14:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 17:14:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 17:14:25 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 17:14:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 17:14:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 17:14:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 17:14:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 17:14:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 17:14:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/29 17:14:10 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 17:14:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 17:14:10 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/29 17:14:08 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/29 17:14:08 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/29 17:14:08 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/29 17:14:08 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/29 17:14:02 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/29 17:14:02 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/29 17:14:02 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/29 17:14:02 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/29 17:14:02 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/29 17:14:01 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/29 17:14:01 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/29 17:13:39 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/29 17:13:39 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/29 17:13:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/29 17:13:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/29 17:13:36 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/29 17:13:36 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/29 17:13:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/29 17:13:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/29 17:04:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/28 19:29:11 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{7007B117-2641-4B44-863B-5C96BDC011C7}
[2011/04/27 21:09:57 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{C40B158B-CE8B-4814-B10C-CABFF98D06C1}
[2011/04/27 03:29:29 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{35584707-C287-4902-83D6-17A6FE9F6D0F}
[2011/04/25 16:20:52 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\Chromium
[2011/04/25 15:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War Shogun 2
[2011/04/25 14:28:16 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{E31FD7E2-81A6-4D74-AC37-DD7628409C53}
[2011/04/24 23:57:36 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{A4191EF8-1F35-4712-8102-FC5ADBEA13DE}
[2011/04/23 23:15:16 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{84F95068-A216-43E5-AE6B-8618AB636A14}
[2011/04/23 00:04:47 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{3349B5AE-41FC-4CB1-9A81-D7C45C4AF4D2}
[2011/04/20 22:35:42 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{6411406B-5EB7-4A01-AD02-146773BE1698}
[2011/04/19 22:18:21 | 000,136,704 | ---- | C] (Ligos Corporation) -- C:\Windows\SysWow64\iacenc.dll
[2011/04/19 22:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ligos
[2011/04/19 22:16:13 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/04/19 21:54:52 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{8E96F258-4BC3-40AE-AA79-B7C97DE5F8FB}
[2011/04/19 13:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2011/04/19 13:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2011/04/19 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
[2011/04/19 13:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
[2011/04/19 13:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GSpot
[2011/04/18 12:05:01 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{3BD85690-3062-464A-B05B-7FB3233085F0}
[2011/04/17 21:03:38 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{CCCF71EC-4285-473E-A211-2B273DECCE7F}
[2011/04/16 18:54:26 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{2767898F-CAB0-43B5-B0C1-1E93E81DFE74}
[2011/04/16 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\2K Games
[2011/04/16 17:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2011/04/15 18:21:59 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\Ironclad Games
[2011/04/15 17:50:49 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\4A Games
[2011/04/15 17:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/04/15 14:35:56 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{6F3D26C6-2DB6-4E42-91DC-C4075FC3F4E0}
[2011/04/14 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\XRay Engine
[2011/04/14 09:34:54 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{AB3CF632-AA8B-4BF1-A17B-B2DC05AF813C}
[2011/04/13 20:50:02 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Roaming\CDisplayEx
[2011/04/13 20:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
[2011/04/13 20:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplayEx
[2011/04/13 09:43:58 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{29B5774E-9EDD-496C-BB9C-E48F402B63FB}
[2011/04/12 00:29:34 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{BA4BBFD3-8609-4DBA-9590-5F5E33D92E88}
[2011/04/11 12:29:10 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{37873BE4-1CE9-4ACF-A43F-DC6883D686F9}
[2011/04/10 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{A8B74492-393E-4BE7-867C-5A6254661F94}
[2011/04/09 19:53:58 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{32F6AC80-B90A-4F70-B75F-7C8E930C0854}
[2011/04/08 22:40:28 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{01B3779C-789A-4E31-A07C-F9D6781360DE}
[2011/04/08 21:06:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-STCS
[2011/04/08 21:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2011/04/08 01:39:08 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{120006A1-F78A-4250-B12E-3804E0B5DD4C}
[2011/04/07 04:03:20 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{ABC64FA5-7811-468F-8475-C94DEB7AAF59}
[2011/04/06 16:02:55 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{11C5EB61-24C1-4C88-90DA-0DF0095CE646}
[2011/04/05 20:04:28 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{9264062E-E289-4DE3-8DA5-9C3C6E9DEBA9}
[2011/04/04 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\Miguel\AppData\Local\{713E8EB3-6694-4EB4-8F83-3DF4420D999E}
[2011/01/26 19:26:37 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Miguel\AppData\Roaming\tsdnwin.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 06:38:17 | 000,013,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 06:38:17 | 000,013,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 06:32:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Miguel\Desktop\OTL.exe
[2011/05/04 06:03:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900603755-155355906-3389376055-1000UA.job
[2011/05/04 01:10:45 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2011/05/04 01:09:01 | 000,000,448 | ---- | M] () -- C:\Users\Miguel\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/05/04 01:08:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 01:07:59 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 01:03:12 | 000,098,816 | ---- | M] () -- C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 00:51:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 23:03:41 | 000,002,403 | ---- | M] () -- C:\Users\Miguel\Desktop\Google Chrome.lnk
[2011/05/03 22:30:53 | 000,425,083 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/05/03 22:30:34 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2011/05/03 22:30:34 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2011/05/03 22:30:30 | 000,001,066 | ---- | M] () -- C:\Users\Miguel\Desktop\ZoneAlarm Security.lnk
[2011/05/03 22:16:29 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/30 17:49:55 | 007,130,944 | ---- | M] (SurfRight B.V.) -- C:\HitmanPro35_x64.exe
[2011/04/30 04:00:40 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/04/29 17:05:41 | 372,956,399 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:03:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900603755-155355906-3389376055-1000Core.job
[2011/04/26 10:12:46 | 000,001,379 | ---- | M] () -- C:\Users\Miguel\Desktop\Carta Telenor.rtf
[2011/04/25 17:42:38 | 000,001,529 | ---- | M] () -- C:\Users\Miguel\Desktop\Shogun 2.lnk
[2011/04/23 23:12:34 | 000,001,953 | ---- | M] () -- C:\Users\Miguel\Desktop\Empire Total War.lnk
[2011/04/19 13:35:43 | 000,000,007 | ---- | M] () -- C:\Windows\treeskp.sys
[2011/04/19 13:35:43 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin
[2011/04/18 16:10:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/18 16:10:20 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/18 16:10:20 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/16 17:37:23 | 000,001,676 | ---- | M] () -- C:\Users\Miguel\Desktop\Mafia 2.lnk
[2011/04/15 18:12:56 | 000,000,136 | ---- | M] () -- C:\Users\Miguel\Desktop\Football Manager 2011 - Shortcut.lnk
[2011/04/09 06:02:48 | 000,000,031 | ---- | M] () -- C:\Windows\progress
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 00:51:07 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 22:30:34 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2011/05/03 22:30:34 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2011/05/03 22:30:34 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2011/05/03 22:30:29 | 000,001,066 | ---- | C] () -- C:\Users\Miguel\Desktop\ZoneAlarm Security.lnk
[2011/05/03 22:29:53 | 000,425,083 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/04/29 17:04:02 | 372,956,399 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/26 09:45:42 | 000,001,379 | ---- | C] () -- C:\Users\Miguel\Desktop\Carta Telenor.rtf
[2011/04/25 17:42:38 | 000,001,529 | ---- | C] () -- C:\Users\Miguel\Desktop\Shogun 2.lnk
[2011/04/23 23:12:34 | 000,001,953 | ---- | C] () -- C:\Users\Miguel\Desktop\Empire Total War.lnk
[2011/04/19 22:18:21 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/04/19 13:48:33 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2011/04/19 13:48:33 | 000,497,664 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2011/04/16 17:37:23 | 000,001,676 | ---- | C] () -- C:\Users\Miguel\Desktop\Mafia 2.lnk
[2011/04/15 18:12:56 | 000,000,136 | ---- | C] () -- C:\Users\Miguel\Desktop\Football Manager 2011 - Shortcut.lnk
[2011/04/09 06:02:42 | 000,000,031 | ---- | C] () -- C:\Windows\progress
[2011/03/30 13:12:31 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/03/30 13:12:31 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/02/23 23:18:41 | 000,007,605 | ---- | C] () -- C:\Users\Miguel\AppData\Local\Resmon.ResmonCfg
[2011/02/07 19:48:13 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/07 19:48:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/07 19:48:11 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/07 19:48:11 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/07 19:48:11 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/31 11:00:51 | 000,098,816 | ---- | C] () -- C:\Users\Miguel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 19:24:40 | 000,000,448 | ---- | C] () -- C:\Users\Miguel\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011/01/26 18:31:48 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/01/26 18:31:48 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/01/26 18:31:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/01/26 18:31:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/01/26 18:27:36 | 000,041,381 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/01/26 18:26:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/26 18:26:07 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 08:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

< End of report >

Here's Extras.txt:


OTL Extras logfile created on: 04/05/2011 06:42:03 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Miguel\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 77.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 466.14 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Computer Name: MIGUEL-PC | User Name: Miguel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8F996E1A-AC6B-480B-BB99-C7470C3BAAD2}" = System Requirements Lab CYRI (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C245F926-664E-40B6-ADC6-D5CD4922EA30}" = ASUS RT-G31 Wireless Card
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afterburner" = MSI Afterburner 2.0.0 Beta 6
"CDisplayEx_is1" = CDisplayEx 1.8
"Creative Centrale" = Creative Centrale
"DAEMON Tools Lite" = DAEMON Tools Lite
"Football Manager 2011" = Football Manager 2011
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"Indeo® Software" = Indeo® Software
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Liveupdate4_is1" = Liveupdate4
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matroska Pack" = Matroska Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 10500" = Empire: Total War
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZENMXUG" = Creative ZEN MX Documentation
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-900603755-155355906-3389376055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2011 10:33:24 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Shogun2.exe, version: 1.0.0.0, time stamp:
0x4d836e9f Faulting module name: Shogun2.dll, version: 1.0.0.0, time stamp: 0x21544c46
Exception
code: 0xc0000005 Fault offset: 0x00603bd3 Faulting process id: 0xd88 Faulting application
start time: 0x01cc034f221b48e8 Faulting application path: C:\Program Files (x86)\Total
War Shogun 2\Shogun2.exe Faulting module path: C:\Program Files (x86)\Total War
Shogun 2\Shogun2.dll Report Id: f93e0a4a-6f48-11e0-92f0-20cf30e4686a

Error - 25/04/2011 10:33:28 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Shogun2.exe, version: 1.0.0.0, time stamp:
0x4d836e9f Faulting module name: Shogun2.dll, version: 1.0.0.0, time stamp: 0x21544c46
Exception
code: 0xc0000005 Fault offset: 0x00603bd3 Faulting process id: 0xd88 Faulting application
start time: 0x01cc034f221b48e8 Faulting application path: C:\Program Files (x86)\Total
War Shogun 2\Shogun2.exe Faulting module path: C:\Program Files (x86)\Total War
Shogun 2\Shogun2.dll Report Id: fc196f90-6f48-11e0-92f0-20cf30e4686a

Error - 25/04/2011 11:45:54 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Shogun2.exe, version: 1.0.0.0, time stamp:
0x4d836e9f Faulting module name: Shogun2.dll, version: 1.0.0.0, time stamp: 0x21544c46
Exception
code: 0xc0000005 Fault offset: 0x00603bd3 Faulting process id: 0xe40 Faulting application
start time: 0x01cc035f976483a5 Faulting application path: C:\Program Files (x86)\Total
War Shogun 2\Shogun2.exe Faulting module path: C:\Program Files (x86)\Total War
Shogun 2\Shogun2.dll Report Id: 1a5582b5-6f53-11e0-a833-20cf30e4686a

Error - 25/04/2011 11:45:59 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Shogun2.exe, version: 1.0.0.0, time stamp:
0x4d836e9f Faulting module name: Shogun2.dll, version: 1.0.0.0, time stamp: 0x21544c46
Exception
code: 0xc0000005 Fault offset: 0x00603bd3 Faulting process id: 0xe40 Faulting application
start time: 0x01cc035f976483a5 Faulting application path: C:\Program Files (x86)\Total
War Shogun 2\Shogun2.exe Faulting module path: C:\Program Files (x86)\Total War
Shogun 2\Shogun2.dll Report Id: 1d3331f3-6f53-11e0-a833-20cf30e4686a

Error - 26/04/2011 21:57:20 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: steam.exe, version: 1.0.968.628, time stamp:
0x4cda0db5 Faulting module name: libcef.dll, version: 1.0.0.1, time stamp: 0x4da6436b
Exception
code: 0xc000000d Fault offset: 0x005d7bca Faulting process id: 0x9cc Faulting application
start time: 0x01cc047e49f18271 Faulting application path: C:\Program Files (x86)\Steam\steam.exe
Faulting
module path: C:\Program Files (x86)\Steam\bin\libcef.dll Report Id: af6bdbc3-7071-11e0-91ee-20cf30e4686a

Error - 26/04/2011 21:57:32 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: steam.exe, version: 1.0.968.628, time stamp:
0x4cda0db5 Faulting module name: libcef.dll, version: 1.0.0.1, time stamp: 0x4da6436b
Exception
code: 0xc000000d Fault offset: 0x005d7bca Faulting process id: 0x1058 Faulting application
start time: 0x01cc047e769c4091 Faulting application path: C:\Program Files (x86)\Steam\steam.exe
Faulting
module path: C:\Program Files (x86)\Steam\bin\libcef.dll Report Id: b68cb0d6-7071-11e0-91ee-20cf30e4686a

Error - 27/04/2011 18:14:58 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Empire.exe, version: 1.5.0.0, time stamp:
0x4b74239d Faulting module name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Exception
code: 0xc0000005 Fault offset: 0x0051c37a Faulting process id: 0x720 Faulting application
start time: 0x01cc0526afa843a0 Faulting application path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Faulting module path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Report Id: c93db218-711b-11e0-bc56-20cf30e4686a

Error - 27/04/2011 18:38:18 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Empire.exe, version: 1.5.0.0, time stamp:
0x4b74239d Faulting module name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Exception
code: 0xc0000005 Fault offset: 0x0051c37a Faulting process id: 0x588 Faulting application
start time: 0x01cc052ad36e53f5 Faulting application path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Faulting module path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Report Id: 0b698580-711f-11e0-a36c-20cf30e4686a

Error - 28/04/2011 20:54:50 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Empire.exe, version: 1.5.0.0, time stamp:
0x4b74239d Faulting module name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Exception
code: 0xc0000005 Fault offset: 0x0036ea99 Faulting process id: 0xe34 Faulting application
start time: 0x01cc0603e41da297 Faulting application path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Faulting module path: c:\program files (x86)\steam\steamapps\common\empire
total war\Empire.exe Report Id: 48a94b74-71fb-11e0-a36c-20cf30e4686a

Error - 03/05/2011 19:07:05 | Computer Name = Miguel-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0,
time stamp: 0x4c22f905 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x710 Faulting application start time: 0x01cc09d1b8348db1 Faulting application path:
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe Faulting
module path: unknown Report Id: 0f7cef84-75da-11e0-8601-20cf30e4686a

[ System Events ]
Error - 03/05/2011 19:08:12 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:14 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:15 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:15 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:19 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:33 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:08:34 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:09:10 | Computer Name = Miguel-PC | Source = DCOM | ID = 10010
Description =

Error - 03/05/2011 19:09:13 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 03/05/2011 19:09:42 | Computer Name = Miguel-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 04 May 2011 - 01:03 AM

Thanks for the logs. I'll wait for ESET scan.

#11 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 May 2011 - 01:14 AM

Here it is:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-04 05:58:37
# local_time=2011-05-04 07:58:37 (+0100, Romance Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 8427882 56935304 0 0
# compatibility_mode=8192 67108863 100 0 141 141 0 0
# compatibility_mode=9217 16776893 100 77 30479 21374439 0 0
# scanned=226548
# found=0
# cleaned=0
# scan_time=3546

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 04 May 2011 - 01:22 AM

It looks good Iropan. :thumbup2:

  • You may remove FRST64.exe from your computer. Also remove the folder it makes: C:\FRST. You may also remove OTL.
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
To remove the old restore points:
  • Go to Start > Run (alternatively you can press Windows key+R key) then type: Cleanmgr in the box and click "OK".
  • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
  • Click the "More Options" Tab.
  • Under "System Restore and Shadow copies" section click "Clean Up" to remove all previous restore points except the newly created one.
  • Click OK and Yes.

Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

If you don't have any question Happy Surfing Iropan.:)

#13 Iropan

Iropan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 May 2011 - 04:56 AM

Restore point created! Thx so much man! I had asked for help in some other forums but everyone was out of ideas, if it wasn't for you i'd still be trying to figure it out, you're a genius!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:55 AM

Posted 04 May 2011 - 01:25 PM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users