Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having BSOD probs


  • This topic is locked This topic is locked
25 replies to this topic

#1 davis7457

davis7457

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 11 May 2011 - 01:34 PM

Ill post the Hijackthis log, also the minidump if needed. heres the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:21:46 PM, on 5/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\User\AppData\Local\Temp\Rar$EX94.752\BlueScreenView.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetOp Helper ver. 9.51 (2010216) (NetOp Host for NT Service) - Netop Business Solutions A/S - C:\Program Files (x86)\Netop\Netop School\Teacher\NHOSTSVC.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7274 bytes

Ok aparently I can't upload .rar files

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Edited by Animal, 11 May 2011 - 02:05 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 21 May 2011 - 08:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 26 May 2011 - 06:51 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 02 June 2011 - 06:44 PM

Reopened at user's request

-----------------------------------------

Please carry out the instructions above. Thanks :)
Posted Image
m0le is a proud member of UNITE

#5 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 02 June 2011 - 10:50 PM

OTL logfile created on: 6/2/2011 10:45:23 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\User\Downloads\Programs
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 46.90% Memory free
3.50 Gb Paging File | 1.38 Gb Available in Paging File | 39.56% Paging File free
Paging file location(s): c:\pagefile.sys 1791 2686 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 8.65 Gb Free Space | 11.60% Space Free | Partition Type: NTFS

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Users\User\Desktop\Icons\Minecraft Serv stuff\MCForge\MCForge.exe (MCForge Development Team)
PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Downloads\Progs\JDownloader\JDownloaderPortable\JDownloaderPortable.exe (PortableAppZ.blogspot.com)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Program Files (x86)\Netop\Netop School\Teacher\NHOSTSVC.EXE (Netop Business Solutions A/S)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centurylink.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 9B FF FF A3 FA CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 14:02:14 | 000,000,000 | ---D | M]

[2011/04/14 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011/06/02 13:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions
[2011/05/18 12:36:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\LogMeInClient@logmein.com
[2011/05/17 22:45:44 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\TechnicianConsole@logmeinrescue.com
[2011/04/14 15:36:35 | 000,002,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\loagxidj.default\searchplugins\daemon-search.xml
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/09 14:02:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/13 22:49:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/13 23:08:04 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\USER\APPDATA\ROAMING\IDM\IDMMZCC3
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\RAMBACK@PAVLOV.NET.XPI
[2011/05/09 14:02:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/12/08 15:43:26 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 151
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Awesomeness
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Just be awesome
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Server
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Client
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandwidth Controller Enterprise
[2011/06/02 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2011/06/02 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Award Keylogger
[2011/06/02 16:11:25 | 000,544,833 | ---- | C] (Stardock) -- C:\Windows\SysWow64\wbocx.ocx
[2011/06/02 16:11:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\KAward
[2011/06/02 16:09:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\AKLogData64
[2011/06/02 16:08:07 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/06/02 16:08:07 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2011/06/02 16:08:07 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2011/06/02 16:08:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\KAward64
[2011/06/02 13:57:17 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2011/06/02 13:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2011/06/02 13:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2011/06/02 12:52:12 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/02 12:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/02 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XN Resource Editor
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XN Resource Editor
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2011/06/02 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sprint_Activation
[2011/06/02 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/06/02 11:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation
[2011/06/02 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2011/06/02 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/06/01 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/05/31 18:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/05/31 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Winamp
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/05/31 14:57:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/31 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamehouse
[2011/05/31 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Text files
[2011/05/31 10:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/05/31 10:31:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVS4YOU
[2011/05/31 10:29:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2011/05/31 10:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/05/31 10:26:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011/05/31 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/05/31 09:35:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG
[2011/05/31 09:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/05/31 09:22:01 | 000,000,000 | ---D | C] -- C:\Users\User\Datos de programa
[2011/05/31 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/31 09:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/05/30 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2011/05/30 19:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2011/05/30 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Starcraft
[2011/05/30 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft
[2011/05/30 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\CivCity Rome
[2011/05/29 16:09:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PopCap Games
[2011/05/29 16:03:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PopCapv1003
[2011/05/29 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SpinTop Games
[2011/05/29 13:55:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LucasArts
[2011/05/29 13:55:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LucasArts
[2011/05/29 13:54:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2011/05/29 12:29:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/05/29 12:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2011/05/29 12:16:04 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011/05/29 12:14:07 | 000,000,000 | RH-D | C] -- C:\Users\User\AppData\Roaming\SecuROM
[2011/05/29 12:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2011/05/29 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/05/29 09:52:36 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/05/29 09:52:36 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/05/28 22:43:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2011/05/28 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/05/28 22:40:27 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/05/28 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/05/28 22:20:33 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/05/28 22:20:33 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/05/28 22:19:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/05/28 22:19:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/05/28 22:19:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/05/28 22:19:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/05/28 22:19:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/05/28 22:19:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/05/28 22:19:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/05/28 22:19:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/05/28 22:19:44 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/05/28 22:19:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/05/28 22:19:42 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/05/28 22:19:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/05/28 22:19:41 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/05/28 22:19:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/05/28 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2011/05/28 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2011/05/28 21:28:56 | 000,000,000 | ---D | C] -- C:\Models
[2011/05/28 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/05/28 21:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/05/27 17:08:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Kirby - Squeak Squad
[2011/05/27 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Controller Profiles
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Flood Light Games
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2011/05/26 16:19:47 | 000,000,000 | ---D | C] -- C:\Scenario
[2011/05/26 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/05/25 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Daoisoft
[2011/05/25 21:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTweak
[2011/05/25 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\DTweak
[2011/05/25 12:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2011/05/25 12:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2011/05/25 11:06:47 | 000,000,000 | ---D | C] -- C:\New folder
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2011/05/25 10:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney PRO
[2011/05/25 10:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArtMoney
[2011/05/25 10:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHex
[2011/05/22 17:05:19 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Dao350.dll
[2011/05/20 12:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\syntevo
[2011/05/20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartGit 2
[2011/05/20 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\User\.ssh
[2011/05/20 12:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartGit 2
[2011/05/20 12:27:28 | 022,406,774 | ---- | C] (SyntEvo GmbH ) -- C:\Users\User\Desktop\setup-2_0_4-jre.exe
[2011/05/20 12:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2011/05/20 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Help
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Help
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2011/05/20 08:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnH Solutions
[2011/05/20 07:10:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cygnus
[2011/05/18 23:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/18 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/05/18 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2011/05/18 20:05:02 | 000,000,000 | ---D | C] -- C:\Breakcore Samples 1&2
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2011/05/18 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn
[2011/05/18 12:31:30 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/05/18 12:31:27 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/05/18 12:31:27 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2011/05/18 12:31:17 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/05/18 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/05/18 12:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2011/05/18 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/05/18 12:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wad.io
[2011/05/18 09:45:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Syberia Saves
[2011/05/18 09:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011/05/18 09:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2011/05/17 22:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue
[2011/05/17 22:01:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2011/05/17 22:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/17 22:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/05/17 19:49:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2011/05/16 19:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLine TV
[2011/05/16 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OnLine TV
[2011/05/16 19:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLine TV
[2011/05/16 13:59:14 | 000,000,000 | ---D | C] -- C:\Lesson plans
[2011/05/16 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Navicat
[2011/05/16 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2011/05/16 12:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2011/05/15 18:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PSpad
[2011/05/15 18:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
[2011/05/15 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPad editor
[2011/05/15 18:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Media
[2011/05/15 14:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Smith Micro
[2011/05/15 14:22:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Smith Micro
[2011/05/15 14:18:45 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/15 14:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/05/15 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Smith Micro
[2011/05/15 14:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/05/15 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.8.6-p398
[2011/05/15 13:50:17 | 000,000,000 | ---D | C] -- C:\Ruby186
[2011/05/15 10:14:40 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/15 10:14:40 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/15 10:14:40 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/15 10:14:40 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/15 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/14 20:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/05/14 20:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/14 20:23:51 | 000,000,000 | ---D | C] -- C:\c0119c3d3d8a5453ce
[2011/05/14 17:46:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Corporation
[2011/05/14 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2011/05/14 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EIDOS
[2011/05/14 13:29:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/05/14 13:28:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/05/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/05/14 12:48:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/05/14 12:48:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/05/14 12:44:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
[2011/05/14 12:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow
[2011/05/14 12:42:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/05/12 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2011/05/12 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/05/11 15:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
[2011/05/11 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverFinder
[2011/05/11 15:26:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DriverFinder
[2011/05/11 13:43:35 | 020,700,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/05/11 13:43:35 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/05/11 13:43:35 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/05/11 13:43:35 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/05/11 13:43:34 | 006,974,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/05/11 13:43:34 | 005,183,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/05/11 13:43:34 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/05/11 13:43:34 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/05/11 13:43:34 | 002,204,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/05/11 13:43:34 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/05/11 13:43:34 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll
[2011/05/11 13:43:34 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll
[2011/05/11 13:43:33 | 018,578,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/05/11 13:43:33 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/05/11 13:43:33 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/05/11 13:43:33 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/05/11 13:33:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/11 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/11 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/11 13:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/11 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/11 12:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/05/11 12:51:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2011/05/09 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Icons
[2011/05/09 19:03:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Netop
[2011/05/08 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Sprit samples
[2011/05/08 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\RPGVX
[2011/05/08 10:06:36 | 000,446,976 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8187B.sys
[2011/05/08 10:06:35 | 000,446,976 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System\rtl8187B.sys
[2011/05/08 10:06:35 | 000,000,000 | ---D | C] -- C:\Windows\OPTIONS
[2011/05/08 10:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/05/08 08:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diamondville temp
[2011/05/07 18:38:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2011/05/05 22:09:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Artist Colony
[2011/05/05 22:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/05 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Hmm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 22:15:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 20:27:58 | 000,001,803 | ---- | M] () -- C:\Users\User\Desktop\1964.exe - Shortcut.lnk
[2011/06/02 20:20:20 | 000,001,244 | ---- | M] () -- C:\Users\User\Desktop\Bandwidth Controller Enterprise.lnk
[2011/06/02 17:26:43 | 000,001,014 | ---- | M] () -- C:\Users\User\Desktop\Cactus Bruce and the Corporate Monkeys.lnk
[2011/06/02 16:46:34 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 16:46:34 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 16:41:50 | 000,007,609 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2011/06/02 16:21:00 | 000,000,060 | ---- | M] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/06/02 16:00:31 | 000,001,767 | ---- | M] () -- C:\Users\User\Desktop\Star.rtf
[2011/06/02 15:14:36 | 000,001,245 | ---- | M] () -- C:\Users\User\Desktop\knifeback.cfg
[2011/06/02 15:06:32 | 000,000,876 | ---- | M] () -- C:\Users\User\Desktop\c.html
[2011/06/02 15:05:30 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/02 15:02:25 | 000,005,928 | ---- | M] () -- C:\Users\User\Desktop\login.jsp
[2011/06/02 13:56:48 | 000,000,793 | ---- | M] () -- C:\Users\User\Desktop\HTTrack Website Copier.lnk
[2011/06/02 13:50:49 | 000,092,412 | ---- | M] () -- C:\Users\User\Desktop\useragentswitcher.xml
[2011/06/02 13:47:06 | 000,030,261 | ---- | M] () -- C:\Users\User\Desktop\allagents.xml
[2011/06/02 13:43:02 | 000,018,015 | ---- | M] () -- C:\Users\User\Desktop\AgentStrings20070517.xml
[2011/06/02 13:27:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/02 13:12:28 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 13:09:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 13:08:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 13:08:22 | 1408,626,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 12:56:07 | 000,078,128 | ---- | M] () -- C:\Users\User\Desktop\lolz.htm
[2011/06/02 12:11:14 | 000,001,046 | ---- | M] () -- C:\Users\User\Desktop\XN Resource Editor.lnk
[2011/06/01 11:50:50 | 000,000,632 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2011/05/31 23:19:16 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/31 21:24:03 | 000,291,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/31 21:05:17 | 000,116,224 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSJPEGDecompressionPlugin.dll
[2011/05/31 21:05:17 | 000,095,744 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSJPEGCompressionPlugin.dll
[2011/05/31 21:05:17 | 000,064,512 | -H-- | M] () -- C:\Users\User\AppData\Roaming\rbap450.dll
[2011/05/31 21:05:17 | 000,027,648 | -H-- | M] () -- C:\Users\User\AppData\Roaming\rbselectfolder450.dll
[2011/05/31 21:05:17 | 000,026,112 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSRegistrationPlugin.dll
[2011/05/31 18:56:19 | 000,001,016 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/31 18:56:19 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/05/31 16:38:43 | 000,001,159 | ---- | M] () -- C:\Users\User\Desktop\Powder toy mod with v 45 code.exe - Shortcut.lnk
[2011/05/31 14:57:28 | 000,000,575 | ---- | M] () -- C:\Users\User\Desktop\Fraps.lnk
[2011/05/31 10:28:26 | 000,001,262 | ---- | M] () -- C:\Users\User\Desktop\AVS Audio Converter6.lnk
[2011/05/31 09:17:28 | 000,001,214 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/05/31 09:17:28 | 000,001,190 | ---- | M] () -- C:\Users\User\Desktop\AVG PC Tuneup 2011.lnk
[2011/05/30 14:36:44 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/30 14:30:04 | 000,001,682 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/05/29 12:16:04 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011/05/29 10:14:08 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 21:32:21 | 000,794,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/28 21:32:21 | 000,671,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/28 21:32:21 | 000,124,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/26 18:01:04 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Thrones and Patriots.lnk
[2011/05/26 15:38:29 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Rise Of Nations.lnk
[2011/05/25 22:07:11 | 000,001,627 | ---- | M] () -- C:\Users\User\Desktop\BlueScreenView.exe - Shortcut.lnk
[2011/05/25 21:31:34 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\DTweak.lnk
[2011/05/25 12:28:22 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\AudioConverter.lnk
[2011/05/25 10:18:42 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney PRO v7.33.lnk
[2011/05/25 10:14:45 | 000,002,558 | ---- | M] () -- C:\Users\User\Documents\Hmm.pfx
[2011/05/20 19:02:12 | 000,001,136 | ---- | M] () -- C:\Users\User\Desktop\Install Microsoft Visual C++ 2010 Express.lnk
[2011/05/20 16:40:33 | 000,012,556 | ---- | M] () -- C:\Users\User\Documents\Powder .html
[2011/05/20 16:12:25 | 000,000,124 | ---- | M] () -- C:\Users\User\.gitconfig
[2011/05/20 12:25:37 | 000,001,887 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/05/20 11:40:33 | 001,219,072 | ---- | M] () -- C:\Users\User\AppData\Local\Powder.exe
[2011/05/20 11:23:03 | 000,001,397 | ---- | M] () -- C:\Users\User\Desktop\Powder.exe - Shortcut.lnk
[2011/05/20 06:47:52 | 000,000,458 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/05/20 06:43:17 | 000,002,168 | ---- | M] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/05/18 20:07:39 | 027,429,632 | ---- | M] () -- C:\Users\User\Documents\01 - Rush.flac
[2011/05/17 23:28:01 | 000,001,051 | ---- | M] () -- C:\Users\User\Desktop\wom.exe - Shortcut.lnk
[2011/05/15 18:59:36 | 000,000,981 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2011/05/15 14:37:56 | 000,001,374 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/05/15 14:18:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/15 10:39:02 | 000,005,120 | ---- | M] () -- C:\Windows\SysWow64\SystemV.dll
[2011/05/15 10:13:50 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/15 10:13:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/15 10:13:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/15 10:13:49 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/14 20:10:10 | 000,788,530 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/14 13:28:43 | 000,062,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/05/14 13:28:43 | 000,062,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/05/12 17:13:32 | 000,001,397 | ---- | M] () -- C:\Users\User\Documents\Re.rtf
[2011/05/12 13:43:13 | 000,001,407 | ---- | M] () -- C:\Users\User\Documents\gjuyur.rtf
[2011/05/11 20:49:04 | 000,008,269 | ---- | M] () -- C:\Users\User\Documents\Save menue script (needs work done).rtf
[2011/05/11 20:30:31 | 000,015,462 | ---- | M] () -- C:\Users\User\Documents\SEL_SCENE_SKILL_MENU.rtf
[2011/05/11 14:33:00 | 000,001,513 | ---- | M] () -- C:\Users\User\Desktop\firefox.exe - Shortcut.lnk
[2011/05/09 22:38:19 | 000,001,564 | ---- | M] () -- C:\Users\User\Desktop\RPGVX.exe - Shortcut.lnk
[2011/05/09 14:19:21 | 000,001,760 | ---- | M] () -- C:\Users\User\Desktop\ntchw32.exe - Shortcut.lnk
[2011/05/09 14:18:41 | 000,000,233 | ---- | M] () -- C:\Windows\Netop.INI
[2011/05/09 14:02:12 | 001,892,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2011/05/08 16:56:43 | 000,000,088 | RHS- | M] () -- C:\ProgramData\1F84DD9D4D.sys
[2011/05/08 14:12:13 | 000,001,411 | ---- | M] () -- C:\Users\User\Desktop\PhotoshopPortable.exe - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 20:27:58 | 000,001,803 | ---- | C] () -- C:\Users\User\Desktop\1964.exe - Shortcut.lnk
[2011/06/02 18:49:33 | 000,001,244 | ---- | C] () -- C:\Users\User\Desktop\Bandwidth Controller Enterprise.lnk
[2011/06/02 17:26:43 | 000,001,014 | ---- | C] () -- C:\Users\User\Desktop\Cactus Bruce and the Corporate Monkeys.lnk
[2011/06/02 16:09:56 | 000,000,060 | ---- | C] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/06/02 16:00:31 | 000,001,767 | ---- | C] () -- C:\Users\User\Desktop\Star.rtf
[2011/06/02 15:14:36 | 000,001,245 | ---- | C] () -- C:\Users\User\Desktop\knifeback.cfg
[2011/06/02 15:06:31 | 000,000,876 | ---- | C] () -- C:\Users\User\Desktop\c.html
[2011/06/02 15:05:30 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/02 15:00:12 | 000,005,928 | ---- | C] () -- C:\Users\User\Desktop\login.jsp
[2011/06/02 13:56:48 | 000,000,793 | ---- | C] () -- C:\Users\User\Desktop\HTTrack Website Copier.lnk
[2011/06/02 13:50:49 | 000,092,412 | ---- | C] () -- C:\Users\User\Desktop\useragentswitcher.xml
[2011/06/02 13:47:06 | 000,030,261 | ---- | C] () -- C:\Users\User\Desktop\allagents.xml
[2011/06/02 13:43:02 | 000,018,015 | ---- | C] () -- C:\Users\User\Desktop\AgentStrings20070517.xml
[2011/06/02 13:27:22 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/02 12:55:57 | 000,078,128 | ---- | C] () -- C:\Users\User\Desktop\lolz.htm
[2011/06/02 12:52:12 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 12:11:14 | 000,001,046 | ---- | C] () -- C:\Users\User\Desktop\XN Resource Editor.lnk
[2011/05/31 18:56:19 | 000,001,016 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/31 18:56:19 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/05/31 14:57:28 | 000,000,575 | ---- | C] () -- C:\Users\User\Desktop\Fraps.lnk
[2011/05/31 12:41:06 | 028,191,015 | ---- | C] () -- C:\Users\User\Desktop\John Cleese and Rowan Atkinson - Beekeeping.flv
[2011/05/31 12:36:09 | 012,873,523 | ---- | C] () -- C:\Users\User\Desktop\Rowan Atkinson - Invisible Drum Kit.flv
[2011/05/31 12:23:35 | 045,471,121 | ---- | C] () -- C:\Users\User\Desktop\MAD TV - Termanator & Jesus.mp4
[2011/05/31 10:28:26 | 000,001,262 | ---- | C] () -- C:\Users\User\Desktop\AVS Audio Converter6.lnk
[2011/05/31 09:17:28 | 000,001,214 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/05/31 09:17:28 | 000,001,190 | ---- | C] () -- C:\Users\User\Desktop\AVG PC Tuneup 2011.lnk
[2011/05/30 21:51:40 | 003,931,033 | ---- | C] () -- C:\Users\User\Desktop\one hit wonders - Pump Up The Volume.mp3
[2011/05/30 21:51:39 | 003,988,498 | ---- | C] () -- C:\Users\User\Desktop\14 - Shaggy - Boombastic (Album version).mp3
[2011/05/30 14:36:44 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/29 10:14:08 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/26 15:51:11 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Thrones and Patriots.lnk
[2011/05/26 15:38:29 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Rise Of Nations.lnk
[2011/05/25 22:07:11 | 000,001,627 | ---- | C] () -- C:\Users\User\Desktop\BlueScreenView.exe - Shortcut.lnk
[2011/05/25 21:31:34 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\DTweak.lnk
[2011/05/25 12:28:22 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\AudioConverter.lnk
[2011/05/25 10:18:42 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney PRO v7.33.lnk
[2011/05/25 10:14:45 | 000,002,558 | ---- | C] () -- C:\Users\User\Documents\Hmm.pfx
[2011/05/25 10:06:00 | 000,001,022 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk
[2011/05/24 18:30:25 | 000,007,609 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2011/05/20 16:23:05 | 000,012,556 | ---- | C] () -- C:\Users\User\Documents\Powder .html
[2011/05/20 15:50:04 | 000,001,136 | ---- | C] () -- C:\Users\User\Desktop\Install Microsoft Visual C++ 2010 Express.lnk
[2011/05/20 13:03:34 | 000,001,159 | ---- | C] () -- C:\Users\User\Desktop\Powder toy mod with v 45 code.exe - Shortcut.lnk
[2011/05/20 12:34:22 | 000,000,124 | ---- | C] () -- C:\Users\User\.gitconfig
[2011/05/20 12:25:37 | 000,001,887 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/05/20 11:40:33 | 001,219,072 | ---- | C] () -- C:\Users\User\AppData\Local\Powder.exe
[2011/05/20 11:22:48 | 000,001,397 | ---- | C] () -- C:\Users\User\Desktop\Powder.exe - Shortcut.lnk
[2011/05/18 23:10:31 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 23:10:27 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 20:06:18 | 027,429,632 | ---- | C] () -- C:\Users\User\Documents\01 - Rush.flac
[2011/05/18 12:30:37 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/05/18 12:29:08 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wadio.lnk
[2011/05/17 23:28:01 | 000,001,051 | ---- | C] () -- C:\Users\User\Desktop\wom.exe - Shortcut.lnk
[2011/05/16 12:00:21 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2011/05/15 18:59:36 | 000,000,981 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2011/05/15 14:37:55 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/05/15 14:37:55 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/05/14 21:10:21 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\SystemV.dll
[2011/05/14 20:10:08 | 000,788,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/14 17:45:10 | 000,002,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/12 17:13:32 | 000,001,397 | ---- | C] () -- C:\Users\User\Documents\Re.rtf
[2011/05/12 13:43:13 | 000,001,407 | ---- | C] () -- C:\Users\User\Documents\gjuyur.rtf
[2011/05/11 20:49:04 | 000,008,269 | ---- | C] () -- C:\Users\User\Documents\Save menue script (needs work done).rtf
[2011/05/11 20:30:31 | 000,015,462 | ---- | C] () -- C:\Users\User\Documents\SEL_SCENE_SKILL_MENU.rtf
[2011/05/11 14:33:00 | 000,001,513 | ---- | C] () -- C:\Users\User\Desktop\firefox.exe - Shortcut.lnk
[2011/05/09 22:38:19 | 000,001,564 | ---- | C] () -- C:\Users\User\Desktop\RPGVX.exe - Shortcut.lnk
[2011/05/09 14:19:21 | 000,001,760 | ---- | C] () -- C:\Users\User\Desktop\ntchw32.exe - Shortcut.lnk
[2011/05/08 16:56:34 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/08 16:56:34 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1F84DD9D4D.sys
[2011/05/08 16:55:30 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX.lnk
[2011/05/08 14:12:13 | 000,001,411 | ---- | C] () -- C:\Users\User\Desktop\PhotoshopPortable.exe - Shortcut.lnk
[2011/05/08 10:06:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/20 12:43:35 | 000,000,032 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/04/19 21:53:34 | 000,006,100 | ---- | C] () -- C:\ProgramData\InternetSettingsHistory.xml
[2011/04/17 22:37:14 | 000,002,168 | ---- | C] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/04/17 22:34:26 | 000,000,458 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/04/17 04:14:15 | 000,116,224 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSJPEGDecompressionPlugin.dll
[2011/04/17 04:14:15 | 000,095,744 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSJPEGCompressionPlugin.dll
[2011/04/17 04:14:15 | 000,064,512 | -H-- | C] () -- C:\Users\User\AppData\Roaming\rbap450.dll
[2011/04/17 04:14:15 | 000,027,648 | -H-- | C] () -- C:\Users\User\AppData\Roaming\rbselectfolder450.dll
[2011/04/17 04:14:15 | 000,026,112 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSRegistrationPlugin.dll
[2011/04/15 10:04:26 | 000,000,233 | ---- | C] () -- C:\Windows\Netop.INI
[2011/04/14 04:42:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 09:23:08 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\E4D3A5BAEC.sys
[2011/04/09 09:23:01 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

========== LOP Check ==========

[2011/05/18 12:24:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011/05/31 11:02:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG
[2011/04/14 19:46:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011/04/15 10:04:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Danware Data
[2011/05/25 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Daoisoft
[2011/06/02 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DMCache
[2011/05/11 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverFinder
[2011/04/30 17:03:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\fishinator2extreme
[2011/05/27 09:49:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Flood Light Games
[2011/05/20 20:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IDM
[2011/04/14 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JAM Software
[2011/04/14 02:48:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MySQL
[2011/05/16 19:47:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OnLine TV
[2011/04/17 00:42:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenClonk
[2011/04/19 23:00:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011/05/29 16:03:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PopCapv1003
[2011/05/15 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Smith Micro
[2011/04/09 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Softplicity
[2011/05/29 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SpinTop Games
[2011/04/14 00:21:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Subversion
[2011/05/20 12:35:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\syntevo
[2011/05/11 12:51:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2011/04/17 01:06:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2011/04/14 19:51:07 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Virtual CD v10
[2011/05/27 17:54:54 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

and heres the other:

OTL Extras logfile created on: 6/2/2011 10:45:23 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\User\Downloads\Programs
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 46.90% Memory free
3.50 Gb Paging File | 1.38 Gb Available in Paging File | 39.56% Paging File free
Paging file location(s): c:\pagefile.sys 1791 2686 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 8.65 Gb Free Space | 11.60% Space Free | Partition Type: NTFS

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [zTakeOwnership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Directory [zTakeOwnership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = C:\Program Files (x86)\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files (x86)\Java\jre6\bin\javaw.exe" = C:\Program Files (x86)\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java™ 6 Update 25 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java™ SE Development Kit 6 Update 25 (64-bit)
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A176F28C-AC0D-4790-8911-997DC7F69A7F}" = MySQL Server 5.5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DTweak_is1" = DTweak
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000008-9FF0-11DF-8612-0417A1A01290}" = Netop School Teacher
"{0007F050-D3D5-4431-9E20-9C4543B0DDCA}" = Google Earth Plus 6.0.0.1735
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{14F2D357-C272-04D7-B051-EC2918C2B3B5}" = Wadio Player
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFA1C07-525F-4691-B986-E570C4B659E9}" = VZAccess Manager
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3AE325C5-5B0F-48E5-BAC9-B55C64467681}" = GameShadow
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52937564-8312-4B49-BB13-F7EDBB67EB34}" = MySQL Workbench 5.2 CE
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111262647}" = Zoo Tycoon 2 - Dino Danger Pack Installer
"{83B2A1BD-E740-4DB8-879E-139C4D0EC1DE}" = Pharaoh - Including Cleopatra Expansion
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}" = Gogglebox TV
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}" = SAMSUNG USB Driver for Mobile Phones V5.16.0.0
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Driver
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alchemy Deluxe 1.6" = Alchemy Deluxe 1.6
"ArtMoney PRO_is1" = ArtMoney PRO v7.33
"ASP700_is1" = Anime Studio Pro 7.0
"AstroPop Deluxe 1.1" = AstroPop Deluxe 1.1
"Atomica Deluxe Full" = Atomica Deluxe Full 1.0
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Award Keylogger_is1" = Award Keylogger 2.5
"Banana Bugs" = Banana Bugs
"Bejeweled 3" = Bejeweled 3
"Bejeweled Blitz" = Bejeweled Blitz
"Bejeweled Twist" = Bejeweled Twist
"BFGC" = Big Fish Games: Game Manager
"Big Money Deluxe 1.3" = Big Money Deluxe 1.3
"Cactus Bruce and the Corporate Monkeys_is1" = Cactus Bruce and the Corporate Monkeys
"Card Collector Game Maker" = Card Collector Game Maker
"Chuzzle Deluxe" = Chuzzle Deluxe
"Cosmic Bugs 1.05" = Cosmic Bugs 1.05
"Cultures2" = Cultures2 - The Gates Of Asgard
"Cygnus Hex Editor" = Cygnus Hex Editor 2.50
"DriverFinder" = DriverFinder
"Dynomite Deluxe" = Dynomite Deluxe
"Escape Rosecliff Island" = Escape Rosecliff Island
"Europa 1400 - The Guild" = Europa 1400 - The Guild
"Feeding Frenzy 2 Deluxe 1.0" = Feeding Frenzy 2 Deluxe 1.0
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"Git_is1" = Git version 1.7.4-preview20110204
"Heavy Weapon Deluxe" = Heavy Weapon Deluxe
"Iggle Pop Deluxe 1.0" = Iggle Pop Deluxe 1.0
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"Internet Download Manager" = Internet Download Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mad Caps" = Mad Caps
"Mahjong Escape: Ancient China 1.0.0.5" = Mahjong Escape: Ancient China 1.0.0.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OnLine TV" = OnLine TV
"OpenAL" = OpenAL
"OpenClonk" = OpenClonk
"Opera 11.10.2092" = Opera 11.10
"pedrosland.wadio.withspec" = Wadio Player
"Pixelus Deluxe 1.0" = Pixelus Deluxe 1.0
"Plants Vs Zombies" = Plants Vs Zombies
"Plants vs. Zombies" = Plants vs. Zombies
"Poser 8_is1" = Poser 8 (8.0.0.10157)
"PremiumSoft Navicat for MySQL_is1" = PremiumSoft Navicat 9.1 for MySQL
"PSPad editor_is1" = PSPad editor
"RegInOut System Utilities3.0.0.2000" = RegInOut System Utilities
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseofNationsExpansion 1.0" = Rise of Nations Thrones and Patriots
"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood
"Rocket Mania Deluxe 1.01" = Rocket Mania Deluxe 1.01
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"SmartGit 2_is1" = SmartGit 2.0.4
"Starcraft" = Starcraft
"Storm 3.0 demo" = Storm 3.0 demo
"Syberia_is1" = Syberia
"SystemRequirementsLab" = System Requirements Lab
"Talismania Deluxe 1.1" = Talismania Deluxe 1.1
"Torque Game Builder 1.1.3" = Torque Game Builder
"Total Audio Converter_is1" = TotalAudioConverter
"TreeSize Professional_is1" = TreeSize Professional 5.3.4
"UnityWebPlayer" = Unity Web Player
"Vacation Quest - The Hawaiian Islands" = Vacation Quest - The Hawaiian Islands
"Venice Deluxe 1.0" = Venice Deluxe 1.0
"VLC media player" = VLC media player 1.1.9
"Water Bugs 1.15" = Water Bugs 1.15
"Winamp" = Winamp
"WinHex" = WinHex
"Winrar 3.93" = Winrar 3.93
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CE65B110-8786-47EA-A4A0-05742F29C221}_is1" = Ruby 1.8.6-p398
"7f5999269a4f794e" = Habitus Launcher
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2011 3:03:32 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SWTFU2.exe, version: 1.0.0.0, time stamp:
0x4ca183e1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xffffffff Faulting process id: 0xa84 Faulting application
start time: 0x01cc1e31ee3efd30 Faulting application path: C:\Users\User\Desktop\New
folder\SWTFU2.exe Faulting module path: unknown Report Id: 583e1990-8a26-11e0-9a7a-ad71b9afbec9

Error - 5/29/2011 3:16:36 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bd212 Faulting module name: ESENT.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdf7c Exception code: 0xc0000096 Fault offset: 0x000000000005ab10
Faulting
process id: 0x94 Faulting application start time: 0x01cc1e198b57e230 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\ESENT.dll
Report
Id: 2b558a10-8a28-11e0-9a7a-ad71b9afbec9

Error - 5/29/2011 3:16:36 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Microsoft Windows Search Indexer because of this error. Program:
Microsoft Windows Search Indexer File: The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.

Additional
Data Error value: 00000000 Disk type: 0

Error - 5/29/2011 5:44:07 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc541 Faulting module name: dwmcore.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdf28 Exception code: 0xc0000005 Fault offset: 0x0000000000002793 Faulting
process id: 0x5cc Faulting application start time: 0x01cc1e1934c7ba30 Faulting application
path: C:\Windows\system32\Dwm.exe Faulting module path: C:\Windows\system32\dwmcore.dll
Report
Id: c7092110-8a3c-11e0-9a7a-ad71b9afbec9

Error - 5/31/2011 1:42:53 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Dwm.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc541 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x0000000000051e02 Faulting
process id: 0x720 Faulting application start time: 0x01cc1f9a61d43e90 Faulting application
path: C:\Windows\system32\Dwm.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 68de8ef0-8bad-11e0-9881-e9bde3de61c8

Error - 5/31/2011 5:46:35 PM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Powder toy mod with v 45 code.exe, version:
0.0.0.0, time stamp: 0x4d8f24c3 Faulting module name: Powder toy mod with v 45 code.exe,
version: 0.0.0.0, time stamp: 0x4d8f24c3 Exception code: 0xc0000005 Fault offset:
0x000227e2 Faulting process id: 0x2b8 Faulting application start time: 0x01cc1fdb1e48eb80
Faulting
application path: C:\Users\User\Downloads\Compressed\mod v 6.2\Powder toy mod with
v 45 code.exe Faulting module path: C:\Users\User\Downloads\Compressed\mod v 6.2\Powder
toy mod with v 45 code.exe Report Id: 7431a2c0-8bcf-11e0-9881-e9bde3de61c8

Error - 6/1/2011 12:02:52 AM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Project64.exe, version: 0.0.0.0, time stamp:
0x424c7e6e Faulting module name: Project64.exe, version: 0.0.0.0, time stamp: 0x424c7e6e
Exception
code: 0xc0000005 Fault offset: 0x00020723 Faulting process id: 0xab8 Faulting application
start time: 0x01cc20109ab65560 Faulting application path: C:\Program Files (x86)\Project64
1.6\Project64.exe Faulting module path: C:\Program Files (x86)\Project64 1.6\Project64.exe
Report
Id: 05427490-8c04-11e0-a24b-8dcd090ee6c8

Error - 6/1/2011 12:03:59 AM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Project64.exe, version: 0.0.0.0, time stamp:
0x424c7e6e Faulting module name: Project64.exe, version: 0.0.0.0, time stamp: 0x424c7e6e
Exception
code: 0xc0000005 Fault offset: 0x00020723 Faulting process id: 0x480 Faulting application
start time: 0x01cc2010cc734e00 Faulting application path: C:\Program Files (x86)\Project64
1.6\Project64.exe Faulting module path: C:\Program Files (x86)\Project64 1.6\Project64.exe
Report
Id: 2d419f20-8c04-11e0-a24b-8dcd090ee6c8

Error - 6/1/2011 12:10:54 AM | Computer Name = DAVIS-PC | Source = Application Hang | ID = 1002
Description = The program Project64.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c0 Start
Time: 01cc2011ce03cc30 Termination Time: 5 Application Path: C:\Program Files (x86)\Project64
1.6\Project64.exe Report Id: 233751e1-8c05-11e0-a24b-8dcd090ee6c8

Error - 6/1/2011 12:17:08 AM | Computer Name = DAVIS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Project64.exe, version: 0.0.0.0, time stamp:
0x424c7e6e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7bdc88d4 Faulting process id: 0xa58 Faulting application
start time: 0x01cc2011e2f825a0 Faulting application path: C:\Program Files (x86)\Project64
1.6\Project64.exe Faulting module path: unknown Report Id: 03439500-8c06-11e0-a24b-8dcd090ee6c8

[ System Events ]
Error - 5/31/2011 10:22:39 PM | Computer Name = DAVIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 6/1/2011 12:53:37 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

Error - 6/2/2011 12:37:40 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7000
Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 6/2/2011 12:37:40 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7000
Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 6/2/2011 12:37:40 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7000
Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 6/2/2011 12:37:40 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7000
Description = The MRESP50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 6/2/2011 1:44:58 PM | Computer Name = DAVIS-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:42:45 PM on ?6/?2/?2011 was unexpected.

Error - 6/2/2011 2:09:02 PM | Computer Name = DAVIS-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:07:31 PM on ?6/?2/?2011 was unexpected.

Error - 6/2/2011 5:09:57 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7030
Description = The SKLService64 service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/2/2011 5:21:00 PM | Computer Name = DAVIS-PC | Source = Service Control Manager | ID = 7030
Description = The SKLService64 service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 03 June 2011 - 07:02 PM

There's nothing on the logs that shows anything malicious, the event viewer shows something definitely system-related though.

Download/install BlueScreenView - http://www.nirsoft.net/utils/blue_screen_view.html.

Double-click BlueScreenView.exe file to run the program.

When scanning is done, Edit/Select All...then File/Save Selected Items. Save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
Posted Image
m0le is a proud member of UNITE

#7 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 03 June 2011 - 07:16 PM

Heres ALL of the BSOD's, sadly it just keeps happening. Just recently iv'e gotten 3 so far just in the past hour, I think 3. Always usually has something to do with ntoskrnl.exe Iv'e noticed. Also i already had this prog, but didn't quite know how to use it.

==================================================
Dump File : 053111-77797-01.dmp
Crash Time : 5/31/2011 9:22:39 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`0345dac8
Parameter 3 : fffff880`0353ed90
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\053111-77797-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,400
==================================================

==================================================
Dump File : 052911-31403-01.dmp
Crash Time : 5/29/2011 10:58:05 AM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`0187482c
Parameter 3 : fffff880`02fce838
Parameter 4 : fffff880`02fce090
Caused By Driver : cdrom.sys
Caused By Address : cdrom.sys+5647
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052911-31403-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 282,872
==================================================

==================================================
Dump File : 052711-26317-01.dmp
Crash Time : 5/27/2011 4:58:46 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+c1e7d
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052711-26317-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 281,944
==================================================

==================================================
Dump File : 052511-21918-01.dmp
Crash Time : 5/25/2011 10:04:13 PM
Bug Check String : DRIVER_VERIFIER_DETECTED_VIOLATION
Bug Check Code : 0x000000c4
Parameter 1 : 00000000`00000091
Parameter 2 : 00000000`00000002
Parameter 3 : fffffa80`01e12b60
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052511-21918-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 283,240
==================================================

==================================================
Dump File : 052411-24039-01.dmp
Crash Time : 5/24/2011 7:07:39 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`04b72980
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052411-24039-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 281,096
==================================================

==================================================
Dump File : 052111-21824-01.dmp
Crash Time : 5/21/2011 9:55:46 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff880`0fda3897
Parameter 3 : fffff880`028798c0
Parameter 4 : 00000000`00000000
Caused By Driver : dxgmms1.sys
Caused By Address : dxgmms1.sys+3a897
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052111-21824-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 283,176
==================================================

==================================================
Dump File : 052111-23478-01.dmp
Crash Time : 5/21/2011 1:55:04 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff880`0fd85102
Caused By Driver : dxgmms1.sys
Caused By Address : dxgmms1.sys+10102
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052111-23478-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 281,576
==================================================

==================================================
Dump File : 052111-21949-01.dmp
Crash Time : 5/21/2011 1:28:54 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000008
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+71f00
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052111-21949-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 283,448
==================================================

==================================================
Dump File : 052011-29172-01.dmp
Crash Time : 5/20/2011 9:22:26 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff880`011c482c
Parameter 3 : fffff880`02fc0838
Parameter 4 : fffff880`02fc0090
Caused By Driver : cdrom.sys
Caused By Address : cdrom.sys+5647
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052011-29172-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 290,040
==================================================

==================================================
Dump File : 052011-24819-01.dmp
Crash Time : 5/20/2011 12:43:32 PM
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : fffff880`0f8e7518
Parameter 2 : 80000000`6bd9c121
Parameter 3 : fffff880`04892050
Parameter 4 : 00000000`0000000a
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+7f3518
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\052011-24819-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 285,152
==================================================

==================================================
Dump File : 051911-42291-01.dmp
Crash Time : 5/19/2011 6:15:43 PM
Bug Check String : ATTEMPTED_WRITE_TO_READONLY_MEMORY
Bug Check Code : 0x000000be
Parameter 1 : fffff800`03486056
Parameter 2 : 00000000`03486121
Parameter 3 : fffff880`04ce48b0
Parameter 4 : 00000000`0000000a
Caused By Driver : hal.dll
Caused By Address : hal.dll+7ae7
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\051911-42291-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,384
==================================================

==================================================
Dump File : 051711-32651-01.dmp
Crash Time : 5/17/2011 11:25:55 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : nvmf6264.sys
Caused By Address : nvmf6264.sys+6e6a
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\051711-32651-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 291,432
==================================================

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 03 June 2011 - 07:29 PM

These BSODs seem to be linked to access violations which makes a rootkit the most likely option - though it could also still be a system failure.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

and then

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Please copy the following into the Custom Scans box at the bottom

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    
  • Now click the Run Scan button on the toolbar.
  • Let it run until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it

Post the log in the next reply.
Posted Image
m0le is a proud member of UNITE

#9 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 03 June 2011 - 08:08 PM

Sorry I didn't mean to PM it to u. But reres the logs in the post now





aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-03 19:31:43
-----------------------------
19:31:43.236 OS Version: Windows x64 6.1.7600
19:31:43.237 Number of processors: 2 586 0x602
19:31:43.238 ComputerName: DAVIS-PC UserName: Davis
19:31:48.624 Initialize success
19:31:56.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
19:31:56.314 Disk 0 Vendor: WDC_WD800BB-22JHC0 05.01C05 Size: 76319MB BusType: 3
19:31:58.360 Disk 0 MBR read successfully
19:31:58.362 Disk 0 MBR scan
19:31:58.363 Disk 0 Windows 7 default MBR code
19:31:58.365 Service scanning
19:32:05.232 Disk 0 trace - called modules:
19:32:05.249 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
19:32:05.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026e5060]
19:32:05.254 3 CLASSPNP.SYS[fffff880018cb43f] -> nt!IofCallDriver -> [0xfffffa8001f8d520]
19:32:05.257 5 ACPI.sys[fffff88000f70781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-3[0xfffffa8001f87680]
19:32:05.259 Scan finished successfully
19:32:19.419 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:32:19.419 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


And here's the other part(s):

OTL logfile created on: 6/3/2011 7:33:05 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\User\Downloads\Programs
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 30.90% Memory free
3.50 Gb Paging File | 1.97 Gb Available in Paging File | 56.41% Paging File free
Paging file location(s): c:\pagefile.sys 1791 2686 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 12.83 Gb Free Space | 17.22% Space Free | Partition Type: NTFS

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Users\User\Downloads\Compressed\bluescreenview\BlueScreenView.exe (NirSoft)
PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Program Files (x86)\Netop\Netop School\Teacher\NHOSTSVC.EXE (Netop Business Solutions A/S)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\A224.tmp (Sophos Plc)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centurylink.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 9B FF FF A3 FA CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 14:02:14 | 000,000,000 | ---D | M]

[2011/04/14 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011/06/02 13:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions
[2011/05/18 12:36:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\LogMeInClient@logmein.com
[2011/05/17 22:45:44 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\TechnicianConsole@logmeinrescue.com
[2011/04/14 15:36:35 | 000,002,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\loagxidj.default\searchplugins\daemon-search.xml
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/09 14:02:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/13 22:49:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/13 23:08:04 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\USER\APPDATA\ROAMING\IDM\IDMMZCC3
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\RAMBACK@PAVLOV.NET.XPI
[2011/05/09 14:02:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/12/08 15:43:26 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 151
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Awesomeness
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Just be awesome
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\TSpkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\TSpkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/03 13:01:21 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/06/03 13:01:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/06/03 13:01:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/06/03 13:01:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/06/03 13:01:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/06/03 10:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/06/03 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/03 10:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/06/03 10:41:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeraCopy
[2011/06/03 10:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2011/06/03 10:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2011/06/02 22:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Server
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Client
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandwidth Controller Enterprise
[2011/06/02 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2011/06/02 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Award Keylogger
[2011/06/02 16:11:25 | 000,544,833 | ---- | C] (Stardock) -- C:\Windows\SysWow64\wbocx.ocx
[2011/06/02 16:11:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\KAward
[2011/06/02 16:09:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\AKLogData64
[2011/06/02 16:08:07 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/06/02 16:08:07 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2011/06/02 16:08:07 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2011/06/02 16:08:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\KAward64
[2011/06/02 13:57:17 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2011/06/02 13:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2011/06/02 13:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2011/06/02 12:52:12 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/02 12:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/02 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XN Resource Editor
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XN Resource Editor
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2011/06/02 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sprint_Activation
[2011/06/02 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/06/02 11:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation
[2011/06/02 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2011/06/02 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/06/01 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/05/31 18:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/05/31 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Winamp
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/05/31 14:57:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/31 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamehouse
[2011/05/31 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Text files
[2011/05/31 10:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/05/31 10:31:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVS4YOU
[2011/05/31 10:29:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2011/05/31 10:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/05/31 10:26:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011/05/31 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/05/31 09:35:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG
[2011/05/31 09:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/05/31 09:22:01 | 000,000,000 | ---D | C] -- C:\Users\User\Datos de programa
[2011/05/31 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/31 09:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/05/30 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2011/05/30 19:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2011/05/30 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Starcraft
[2011/05/30 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft
[2011/05/30 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\CivCity Rome
[2011/05/29 16:09:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PopCap Games
[2011/05/29 16:03:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PopCapv1003
[2011/05/29 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SpinTop Games
[2011/05/29 13:55:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LucasArts
[2011/05/29 13:55:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LucasArts
[2011/05/29 13:54:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2011/05/29 12:29:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/05/29 12:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2011/05/29 12:16:04 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011/05/29 12:14:07 | 000,000,000 | RH-D | C] -- C:\Users\User\AppData\Roaming\SecuROM
[2011/05/29 12:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2011/05/29 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/05/29 09:52:36 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/05/29 09:52:36 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2011/05/28 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/05/28 22:40:27 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/05/28 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/05/28 22:20:33 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/05/28 22:20:33 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/05/28 22:19:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/05/28 22:19:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/05/28 22:19:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/05/28 22:19:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/05/28 22:19:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/05/28 22:19:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/05/28 22:19:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/05/28 22:19:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/05/28 22:19:44 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/05/28 22:19:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/05/28 22:19:42 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/05/28 22:19:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/05/28 22:19:41 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/05/28 22:19:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/05/28 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2011/05/28 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2011/05/28 21:28:56 | 000,000,000 | ---D | C] -- C:\Models
[2011/05/28 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/05/28 21:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/05/27 17:08:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Kirby - Squeak Squad
[2011/05/27 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Controller Profiles
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Flood Light Games
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2011/05/26 16:19:47 | 000,000,000 | ---D | C] -- C:\Scenario
[2011/05/26 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/05/25 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Daoisoft
[2011/05/25 21:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTweak
[2011/05/25 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\DTweak
[2011/05/25 12:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2011/05/25 12:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2011/05/25 11:06:47 | 000,000,000 | ---D | C] -- C:\New folder
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2011/05/25 10:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney PRO
[2011/05/25 10:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArtMoney
[2011/05/25 10:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHex
[2011/05/22 17:05:19 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Dao350.dll
[2011/05/20 12:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\syntevo
[2011/05/20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartGit 2
[2011/05/20 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\User\.ssh
[2011/05/20 12:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartGit 2
[2011/05/20 12:27:28 | 022,406,774 | ---- | C] (SyntEvo GmbH ) -- C:\Users\User\Desktop\setup-2_0_4-jre.exe
[2011/05/20 12:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2011/05/20 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Help
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Help
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2011/05/20 08:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnH Solutions
[2011/05/20 07:10:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cygnus
[2011/05/18 23:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/18 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/05/18 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2011/05/18 20:05:02 | 000,000,000 | ---D | C] -- C:\Breakcore Samples 1&2
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2011/05/18 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn
[2011/05/18 12:31:30 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/05/18 12:31:27 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/05/18 12:31:27 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2011/05/18 12:31:17 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/05/18 12:31:05 | 000,000,00

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 04 June 2011 - 07:00 AM

A few things to go here, and a few others to clear off the system

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
[2011/04/14 15:36:35 | 000,002,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\loagxidj.default\searchplugins\daemon-search.xml
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Reboot, and then run OTL as a Scan and post the new log.
Posted Image
m0le is a proud member of UNITE

#11 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 04 June 2011 - 12:16 PM

Here's from the fix:

========== OTL ==========
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\loagxidj.default\searchplugins\daemon-search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.23.0 log created on 06042011_120231

Here's from the scan:

OTL logfile created on: 6/4/2011 12:11:51 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\User\Downloads\Programs
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 51.40% Memory free
3.50 Gb Paging File | 2.51 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): c:\pagefile.sys 1791 2686 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 12.69 Gb Free Space | 17.03% Space Free | Partition Type: NTFS

Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\User\Downloads\Programs\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (NetOp Host for NT Service) NetOp Helper ver. 9.51 (2010216) -- C:\Program Files (x86)\Netop\Netop School\Teacher\NHOSTSVC.EXE (Netop Business Solutions A/S)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\A224.tmp (Sophos Plc)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.centurylink.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 9B FF FF A3 FA CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 14:02:14 | 000,000,000 | ---D | M]

[2011/04/14 10:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011/06/02 13:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions
[2011/05/18 12:36:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\LogMeInClient@logmein.com
[2011/05/17 22:45:44 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\loagxidj.default\extensions\TechnicianConsole@logmeinrescue.com
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 04:41:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/13 22:49:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/13 23:08:04 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\USER\APPDATA\ROAMING\IDM\IDMMZCC3
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOAGXIDJ.DEFAULT\EXTENSIONS\RAMBACK@PAVLOV.NET.XPI
[2011/05/09 14:02:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/12/08 15:43:26 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 151
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{1ef67f6b-6853-11e0-a3fc-bcaec58556ed}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7183ba06-66ca-11e0-a07f-bcaec58556ed}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 12:02:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/03 13:01:21 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/06/03 13:01:21 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/06/03 13:01:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/06/03 13:01:19 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/06/03 13:01:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/06/03 10:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011/06/03 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/03 10:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011/06/03 10:41:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeraCopy
[2011/06/03 10:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2011/06/03 10:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2011/06/02 22:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/02 22:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Server
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandwidth Controller Enterprise Client
[2011/06/02 18:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandwidth Controller Enterprise
[2011/06/02 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cactus Bruce and the Corporate Monkeys
[2011/06/02 17:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2011/06/02 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Award Keylogger
[2011/06/02 16:11:25 | 000,544,833 | ---- | C] (Stardock) -- C:\Windows\SysWow64\wbocx.ocx
[2011/06/02 16:11:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\KAward
[2011/06/02 16:09:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\AKLogData64
[2011/06/02 16:08:07 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/06/02 16:08:07 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\SysWow64\wbhelp2.dll
[2011/06/02 16:08:07 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\SysWow64\anim.dll
[2011/06/02 16:08:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\KAward64
[2011/06/02 13:57:17 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2011/06/02 13:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2011/06/02 13:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2011/06/02 12:52:12 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/02 12:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/02 12:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XN Resource Editor
[2011/06/02 12:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XN Resource Editor
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2011/06/02 12:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2011/06/02 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sprint_Activation
[2011/06/02 11:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2011/06/02 11:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint_Activation
[2011/06/02 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2011/06/02 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2011/06/01 16:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2011/05/31 21:06:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/05/31 18:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/05/31 18:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/05/31 18:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Winamp
[2011/05/31 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/05/31 14:57:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/31 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamehouse
[2011/05/31 10:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Text files
[2011/05/31 10:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/05/31 10:31:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVS4YOU
[2011/05/31 10:29:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/05/31 10:28:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2011/05/31 10:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/05/31 10:26:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011/05/31 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/05/31 09:35:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG
[2011/05/31 09:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/05/31 09:22:01 | 000,000,000 | ---D | C] -- C:\Users\User\Datos de programa
[2011/05/31 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/05/31 09:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/05/30 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder (2)
[2011/05/30 19:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2011/05/30 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Starcraft
[2011/05/30 19:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Starcraft
[2011/05/30 19:45:17 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\CivCity Rome
[2011/05/29 16:09:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PopCap Games
[2011/05/29 16:03:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PopCapv1003
[2011/05/29 16:02:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SpinTop Games
[2011/05/29 13:55:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\LucasArts
[2011/05/29 13:55:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LucasArts
[2011/05/29 13:54:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2011/05/29 12:29:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2011/05/29 12:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2011/05/29 12:16:04 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011/05/29 12:14:07 | 000,000,000 | RH-D | C] -- C:\Users\User\AppData\Roaming\SecuROM
[2011/05/29 12:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2011/05/29 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2011/05/29 09:52:36 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/05/29 09:52:36 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011/05/28 22:41:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2011/05/28 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/05/28 22:40:27 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/05/28 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/05/28 22:20:33 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/05/28 22:20:33 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/05/28 22:19:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/05/28 22:19:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/05/28 22:19:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/05/28 22:19:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/05/28 22:19:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/05/28 22:19:51 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/05/28 22:19:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/05/28 22:19:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/05/28 22:19:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/05/28 22:19:44 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/05/28 22:19:44 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/05/28 22:19:42 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/05/28 22:19:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/05/28 22:19:41 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/05/28 22:19:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/05/28 22:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2011/05/28 22:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2011/05/28 21:28:56 | 000,000,000 | ---D | C] -- C:\Models
[2011/05/28 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/05/28 21:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/05/28 06:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/05/27 17:08:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Kirby - Squeak Squad
[2011/05/27 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Controller Profiles
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Flood Light Games
[2011/05/27 09:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Flood Light Games
[2011/05/26 16:19:47 | 000,000,000 | ---D | C] -- C:\Scenario
[2011/05/26 15:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/05/25 21:32:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Daoisoft
[2011/05/25 21:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTweak
[2011/05/25 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\DTweak
[2011/05/25 12:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
[2011/05/25 12:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arturia
[2011/05/25 11:06:47 | 000,000,000 | ---D | C] -- C:\New folder
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 10:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2011/05/25 10:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney PRO
[2011/05/25 10:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArtMoney
[2011/05/25 10:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHex
[2011/05/22 17:05:19 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Dao350.dll
[2011/05/20 12:35:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\syntevo
[2011/05/20 12:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartGit 2
[2011/05/20 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\User\.ssh
[2011/05/20 12:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartGit 2
[2011/05/20 12:27:28 | 022,406,774 | ---- | C] (SyntEvo GmbH ) -- C:\Users\User\Desktop\setup-2_0_4-jre.exe
[2011/05/20 12:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2011/05/20 12:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Help
[2011/05/20 09:02:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Help
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2011/05/20 08:56:49 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2011/05/20 08:56:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2011/05/20 08:56:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2011/05/20 08:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnH Solutions
[2011/05/20 07:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnH Solutions
[2011/05/20 07:10:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygnus Hex Editor
[2011/05/19 14:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cygnus
[2011/05/18 23:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/18 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/05/18 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2011/05/18 20:05:02 | 000,000,000 | ---D | C] -- C:\Breakcore Samples 1&2
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strategy First
[2011/05/18 15:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strategy First
[2011/05/18 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn
[2011/05/18 12:31:30 | 000,033,152 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/05/18 12:31:27 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/05/18 12:31:27 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2011/05/18 12:31:17 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/05/18 12:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/05/18 12:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2011/05/18 12:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/05/18 12:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wad.io
[2011/05/18 09:45:15 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Syberia Saves
[2011/05/18 09:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011/05/18 09:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2011/05/17 22:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Rescue
[2011/05/17 22:01:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\LogMeIn Hamachi
[2011/05/17 22:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/17 22:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/05/17 19:49:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2011/05/16 19:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLine TV
[2011/05/16 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OnLine TV
[2011/05/16 19:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLine TV
[2011/05/16 13:59:14 | 000,000,000 | ---D | C] -- C:\Lesson plans
[2011/05/16 12:01:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Navicat
[2011/05/16 12:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2011/05/16 12:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2011/05/15 18:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PSpad
[2011/05/15 18:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
[2011/05/15 18:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSPad editor
[2011/05/15 18:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Media
[2011/05/15 14:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Smith Micro
[2011/05/15 14:22:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Smith Micro
[2011/05/15 14:18:45 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/15 14:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
[2011/05/15 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Smith Micro
[2011/05/15 14:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011/05/15 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.8.6-p398
[2011/05/15 13:50:17 | 000,000,000 | ---D | C] -- C:\Ruby186
[2011/05/15 10:14:40 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/15 10:14:40 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/15 10:14:40 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/15 10:14:40 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/15 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/14 20:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/05/14 20:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/14 20:23:51 | 000,000,000 | ---D | C] -- C:\c0119c3d3d8a5453ce
[2011/05/14 17:46:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Corporation
[2011/05/14 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2011/05/14 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EIDOS
[2011/05/14 13:29:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/05/14 13:28:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/05/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/05/14 12:48:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/05/14 12:48:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/05/14 12:44:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
[2011/05/14 12:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow
[2011/05/14 12:42:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/05/12 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2011/05/12 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/05/11 15:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
[2011/05/11 15:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverFinder
[2011/05/11 15:26:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DriverFinder
[2011/05/11 13:43:35 | 020,700,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/05/11 13:43:35 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/05/11 13:43:35 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/05/11 13:43:35 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/05/11 13:43:34 | 006,974,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/05/11 13:43:34 | 005,183,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/05/11 13:43:34 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/05/11 13:43:34 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/05/11 13:43:34 | 002,204,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/05/11 13:43:34 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/05/11 13:43:34 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll
[2011/05/11 13:43:34 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll
[2011/05/11 13:43:33 | 018,578,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/05/11 13:43:33 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/05/11 13:43:33 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/05/11 13:43:33 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/05/11 13:33:50 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/11 13:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/05/11 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/11 13:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/11 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/11 12:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/05/11 12:51:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2011/05/09 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Icons
[2011/05/09 19:03:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Netop
[2011/05/08 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Sprit samples
[2011/05/08 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\RPGVX
[2011/05/08 10:06:36 | 000,446,976 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8187B.sys
[2011/05/08 10:06:35 | 000,446,976 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System\rtl8187B.sys
[2011/05/08 10:06:35 | 000,000,000 | ---D | C] -- C:\Windows\OPTIONS
[2011/05/08 10:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2011/05/08 08:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diamondville temp
[2011/05/07 18:38:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2011/05/05 22:09:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Artist Colony
[2011/05/05 22:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/05 22:08:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Hmm
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 12:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 12:09:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 12:08:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/04 12:07:50 | 1408,626,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/04 11:38:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 11:38:13 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 21:45:53 | 003,718,073 | ---- | M] () -- C:\Users\User\Documents\yhyt.SNA
[2011/06/03 19:32:19 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2011/06/03 18:57:52 | 000,000,970 | ---- | M] () -- C:\Users\User\Desktop\NDS2xGL2.exe - Shortcut.lnk
[2011/06/03 14:17:01 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat
[2011/06/03 13:11:42 | 000,001,215 | ---- | M] () -- C:\Users\User\Desktop\Terraria.exe - Shortcut.lnk
[2011/06/03 10:52:55 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/03 10:40:53 | 000,000,773 | ---- | M] () -- C:\Users\User\Desktop\TeraCopy.lnk
[2011/06/03 07:18:02 | 000,002,901 | ---- | M] () -- C:\Users\User\Desktop\Portal Cheats.rtf
[2011/06/02 20:27:58 | 000,001,803 | ---- | M] () -- C:\Users\User\Desktop\1964.exe - Shortcut.lnk
[2011/06/02 20:20:20 | 000,001,244 | ---- | M] () -- C:\Users\User\Desktop\Bandwidth Controller Enterprise.lnk
[2011/06/02 17:26:43 | 000,001,014 | ---- | M] () -- C:\Users\User\Desktop\Cactus Bruce and the Corporate Monkeys.lnk
[2011/06/02 16:41:50 | 000,007,609 | ---- | M] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2011/06/02 16:21:00 | 000,000,060 | ---- | M] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/06/02 16:00:31 | 000,001,767 | ---- | M] () -- C:\Users\User\Desktop\Star.rtf
[2011/06/02 15:14:36 | 000,001,245 | ---- | M] () -- C:\Users\User\Desktop\knifeback.cfg
[2011/06/02 15:06:32 | 000,000,876 | ---- | M] () -- C:\Users\User\Desktop\c.html
[2011/06/02 15:05:30 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/02 15:02:25 | 000,005,928 | ---- | M] () -- C:\Users\User\Desktop\login.jsp
[2011/06/02 13:56:48 | 000,000,793 | ---- | M] () -- C:\Users\User\Desktop\HTTrack Website Copier.lnk
[2011/06/02 13:50:49 | 000,092,412 | ---- | M] () -- C:\Users\User\Desktop\useragentswitcher.xml
[2011/06/02 13:47:06 | 000,030,261 | ---- | M] () -- C:\Users\User\Desktop\allagents.xml
[2011/06/02 13:43:02 | 000,018,015 | ---- | M] () -- C:\Users\User\Desktop\AgentStrings20070517.xml
[2011/06/02 13:27:22 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/02 13:12:28 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 12:56:07 | 000,078,128 | ---- | M] () -- C:\Users\User\Desktop\lolz.htm
[2011/06/02 12:11:14 | 000,001,046 | ---- | M] () -- C:\Users\User\Desktop\XN Resource Editor.lnk
[2011/06/01 11:50:50 | 000,000,632 | RHS- | M] () -- C:\Users\User\ntuser.pol
[2011/05/31 23:19:16 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/31 21:24:03 | 000,291,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/31 21:05:17 | 000,116,224 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSJPEGDecompressionPlugin.dll
[2011/05/31 21:05:17 | 000,095,744 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSJPEGCompressionPlugin.dll
[2011/05/31 21:05:17 | 000,064,512 | -H-- | M] () -- C:\Users\User\AppData\Roaming\rbap450.dll
[2011/05/31 21:05:17 | 000,027,648 | -H-- | M] () -- C:\Users\User\AppData\Roaming\rbselectfolder450.dll
[2011/05/31 21:05:17 | 000,026,112 | -H-- | M] () -- C:\Users\User\AppData\Roaming\MBSRegistrationPlugin.dll
[2011/05/31 18:56:19 | 000,001,016 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/31 18:56:19 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/05/31 16:38:43 | 000,001,159 | ---- | M] () -- C:\Users\User\Desktop\Powder toy mod with v 45 code.exe - Shortcut.lnk
[2011/05/31 14:57:28 | 000,000,575 | ---- | M] () -- C:\Users\User\Desktop\Fraps.lnk
[2011/05/31 10:28:26 | 000,001,262 | ---- | M] () -- C:\Users\User\Desktop\AVS Audio Converter6.lnk
[2011/05/31 09:17:28 | 000,001,214 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/05/31 09:17:28 | 000,001,190 | ---- | M] () -- C:\Users\User\Desktop\AVG PC Tuneup 2011.lnk
[2011/05/30 14:36:44 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/30 14:30:04 | 000,001,682 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/05/29 12:16:04 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011/05/29 10:14:08 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 21:32:21 | 000,794,718 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/28 21:32:21 | 000,671,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/28 21:32:21 | 000,124,526 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/26 18:01:04 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Rise of Nations Thrones and Patriots.lnk
[2011/05/26 15:38:29 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Rise Of Nations.lnk
[2011/05/25 22:07:11 | 000,001,627 | ---- | M] () -- C:\Users\User\Desktop\BlueScreenView.exe - Shortcut.lnk
[2011/05/25 21:31:34 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\DTweak.lnk
[2011/05/25 12:28:22 | 000,001,041 | ---- | M] () -- C:\Users\User\Desktop\AudioConverter.lnk
[2011/05/25 10:18:42 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney PRO v7.33.lnk
[2011/05/25 10:14:45 | 000,002,558 | ---- | M] () -- C:\Users\User\Documents\Hmm.pfx
[2011/05/20 19:02:12 | 000,001,136 | ---- | M] () -- C:\Users\User\Desktop\Install Microsoft Visual C++ 2010 Express.lnk
[2011/05/20 16:40:33 | 000,012,556 | ---- | M] () -- C:\Users\User\Documents\Powder .html
[2011/05/20 16:12:25 | 000,000,124 | ---- | M] () -- C:\Users\User\.gitconfig
[2011/05/20 12:25:37 | 000,001,887 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/05/20 11:40:33 | 001,219,072 | ---- | M] () -- C:\Users\User\AppData\Local\Powder.exe
[2011/05/20 11:23:03 | 000,001,397 | ---- | M] () -- C:\Users\User\Desktop\Powder.exe - Shortcut.lnk
[2011/05/20 06:47:52 | 000,000,458 | ---- | M] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/05/20 06:43:17 | 000,002,168 | ---- | M] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/05/18 20:07:39 | 027,429,632 | ---- | M] () -- C:\Users\User\Documents\01 - Rush.flac
[2011/05/17 23:28:01 | 000,001,051 | ---- | M] () -- C:\Users\User\Desktop\wom.exe - Shortcut.lnk
[2011/05/15 18:59:36 | 000,000,981 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2011/05/15 14:37:56 | 000,001,374 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/05/15 14:18:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/15 10:39:02 | 000,005,120 | ---- | M] () -- C:\Windows\SysWow64\SystemV.dll
[2011/05/15 10:13:50 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/05/15 10:13:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/05/15 10:13:50 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/05/15 10:13:49 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/05/14 20:10:10 | 000,788,530 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/14 13:28:43 | 000,062,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/05/14 13:28:43 | 000,062,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/05/12 17:13:32 | 000,001,397 | ---- | M] () -- C:\Users\User\Documents\Re.rtf
[2011/05/12 13:43:13 | 000,001,407 | ---- | M] () -- C:\Users\User\Documents\gjuyur.rtf
[2011/05/11 20:49:04 | 000,008,269 | ---- | M] () -- C:\Users\User\Documents\Save menue script (needs work done).rtf
[2011/05/11 20:30:31 | 000,015,462 | ---- | M] () -- C:\Users\User\Documents\SEL_SCENE_SKILL_MENU.rtf
[2011/05/11 14:33:00 | 000,001,513 | ---- | M] () -- C:\Users\User\Desktop\firefox.exe - Shortcut.lnk
[2011/05/09 22:38:19 | 000,001,564 | ---- | M] () -- C:\Users\User\Desktop\RPGVX.exe - Shortcut.lnk
[2011/05/09 14:19:21 | 000,001,760 | ---- | M] () -- C:\Users\User\Desktop\ntchw32.exe - Shortcut.lnk
[2011/05/09 14:18:41 | 000,000,233 | ---- | M] () -- C:\Windows\Netop.INI
[2011/05/09 14:02:12 | 001,892,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_42.dll
[2011/05/08 16:56:43 | 000,000,088 | RHS- | M] () -- C:\ProgramData\1F84DD9D4D.sys
[2011/05/08 14:12:13 | 000,001,411 | ---- | M] () -- C:\Users\User\Desktop\PhotoshopPortable.exe - Shortcut.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/03 21:45:53 | 003,718,073 | ---- | C] () -- C:\Users\User\Documents\yhyt.SNA
[2011/06/03 19:32:19 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2011/06/03 18:57:52 | 000,000,970 | ---- | C] () -- C:\Users\User\Desktop\NDS2xGL2.exe - Shortcut.lnk
[2011/06/03 14:17:01 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat
[2011/06/03 13:11:42 | 000,001,215 | ---- | C] () -- C:\Users\User\Desktop\Terraria.exe - Shortcut.lnk
[2011/06/03 10:52:55 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/03 10:40:53 | 000,000,773 | ---- | C] () -- C:\Users\User\Desktop\TeraCopy.lnk
[2011/06/03 07:18:02 | 000,002,901 | ---- | C] () -- C:\Users\User\Desktop\Portal Cheats.rtf
[2011/06/02 20:27:58 | 000,001,803 | ---- | C] () -- C:\Users\User\Desktop\1964.exe - Shortcut.lnk
[2011/06/02 18:49:33 | 000,001,244 | ---- | C] () -- C:\Users\User\Desktop\Bandwidth Controller Enterprise.lnk
[2011/06/02 17:26:43 | 000,001,014 | ---- | C] () -- C:\Users\User\Desktop\Cactus Bruce and the Corporate Monkeys.lnk
[2011/06/02 16:09:56 | 000,000,060 | ---- | C] () -- C:\Windows\SysNative\4E37A837910D.ini
[2011/06/02 16:00:31 | 000,001,767 | ---- | C] () -- C:\Users\User\Desktop\Star.rtf
[2011/06/02 15:14:36 | 000,001,245 | ---- | C] () -- C:\Users\User\Desktop\knifeback.cfg
[2011/06/02 15:06:31 | 000,000,876 | ---- | C] () -- C:\Users\User\Desktop\c.html
[2011/06/02 15:05:30 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/02 15:00:12 | 000,005,928 | ---- | C] () -- C:\Users\User\Desktop\login.jsp
[2011/06/02 13:56:48 | 000,000,793 | ---- | C] () -- C:\Users\User\Desktop\HTTrack Website Copier.lnk
[2011/06/02 13:50:49 | 000,092,412 | ---- | C] () -- C:\Users\User\Desktop\useragentswitcher.xml
[2011/06/02 13:47:06 | 000,030,261 | ---- | C] () -- C:\Users\User\Desktop\allagents.xml
[2011/06/02 13:43:02 | 000,018,015 | ---- | C] () -- C:\Users\User\Desktop\AgentStrings20070517.xml
[2011/06/02 13:27:22 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/02 12:55:57 | 000,078,128 | ---- | C] () -- C:\Users\User\Desktop\lolz.htm
[2011/06/02 12:52:12 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/02 12:11:14 | 000,001,046 | ---- | C] () -- C:\Users\User\Desktop\XN Resource Editor.lnk
[2011/05/31 18:56:19 | 000,001,016 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/05/31 18:56:19 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/05/31 14:57:28 | 000,000,575 | ---- | C] () -- C:\Users\User\Desktop\Fraps.lnk
[2011/05/31 12:41:06 | 028,191,015 | ---- | C] () -- C:\Users\User\Desktop\John Cleese and Rowan Atkinson - Beekeeping.flv
[2011/05/31 12:36:09 | 012,873,523 | ---- | C] () -- C:\Users\User\Desktop\Rowan Atkinson - Invisible Drum Kit.flv
[2011/05/31 12:23:35 | 045,471,121 | ---- | C] () -- C:\Users\User\Desktop\MAD TV - Termanator & Jesus.mp4
[2011/05/31 10:28:26 | 000,001,262 | ---- | C] () -- C:\Users\User\Desktop\AVS Audio Converter6.lnk
[2011/05/31 09:17:28 | 000,001,214 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/05/31 09:17:28 | 000,001,190 | ---- | C] () -- C:\Users\User\Desktop\AVG PC Tuneup 2011.lnk
[2011/05/30 21:51:40 | 003,931,033 | ---- | C] () -- C:\Users\User\Desktop\one hit wonders - Pump Up The Volume.mp3
[2011/05/30 21:51:39 | 003,988,498 | ---- | C] () -- C:\Users\User\Desktop\14 - Shaggy - Boombastic (Album version).mp3
[2011/05/30 14:36:44 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/29 10:14:08 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/26 15:51:11 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Rise of Nations Thrones and Patriots.lnk
[2011/05/26 15:38:29 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Rise Of Nations.lnk
[2011/05/25 22:07:11 | 000,001,627 | ---- | C] () -- C:\Users\User\Desktop\BlueScreenView.exe - Shortcut.lnk
[2011/05/25 21:31:34 | 000,000,749 | ---- | C] () -- C:\Users\Public\Desktop\DTweak.lnk
[2011/05/25 12:28:22 | 000,001,041 | ---- | C] () -- C:\Users\User\Desktop\AudioConverter.lnk
[2011/05/25 10:18:42 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney PRO v7.33.lnk
[2011/05/25 10:14:45 | 000,002,558 | ---- | C] () -- C:\Users\User\Documents\Hmm.pfx
[2011/05/25 10:06:00 | 000,001,022 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk
[2011/05/24 18:30:25 | 000,007,609 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2011/05/20 16:23:05 | 000,012,556 | ---- | C] () -- C:\Users\User\Documents\Powder .html
[2011/05/20 15:50:04 | 000,001,136 | ---- | C] () -- C:\Users\User\Desktop\Install Microsoft Visual C++ 2010 Express.lnk
[2011/05/20 13:03:34 | 000,001,159 | ---- | C] () -- C:\Users\User\Desktop\Powder toy mod with v 45 code.exe - Shortcut.lnk
[2011/05/20 12:34:22 | 000,000,124 | ---- | C] () -- C:\Users\User\.gitconfig
[2011/05/20 12:25:37 | 000,001,887 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Git Bash.lnk
[2011/05/20 11:40:33 | 001,219,072 | ---- | C] () -- C:\Users\User\AppData\Local\Powder.exe
[2011/05/20 11:22:48 | 000,001,397 | ---- | C] () -- C:\Users\User\Desktop\Powder.exe - Shortcut.lnk
[2011/05/18 23:10:31 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 23:10:27 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 20:06:18 | 027,429,632 | ---- | C] () -- C:\Users\User\Documents\01 - Rush.flac
[2011/05/18 12:30:37 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/05/18 12:29:08 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wadio.lnk
[2011/05/17 23:28:01 | 000,001,051 | ---- | C] () -- C:\Users\User\Desktop\wom.exe - Shortcut.lnk
[2011/05/16 12:00:21 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2011/05/15 18:59:36 | 000,000,981 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk
[2011/05/15 14:37:55 | 000,001,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/05/15 14:37:55 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/05/14 21:10:21 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\SystemV.dll
[2011/05/14 20:10:08 | 000,788,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/14 17:45:10 | 000,002,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/12 17:13:32 | 000,001,397 | ---- | C] () -- C:\Users\User\Documents\Re.rtf
[2011/05/12 13:43:13 | 000,001,407 | ---- | C] () -- C:\Users\User\Documents\gjuyur.rtf
[2011/05/11 20:49:04 | 000,008,269 | ---- | C] () -- C:\Users\User\Documents\Save menue script (needs work done).rtf
[2011/05/11 20:30:31 | 000,015,462 | ---- | C] () -- C:\Users\User\Documents\SEL_SCENE_SKILL_MENU.rtf
[2011/05/11 14:33:00 | 000,001,513 | ---- | C] () -- C:\Users\User\Desktop\firefox.exe - Shortcut.lnk
[2011/05/09 22:38:19 | 000,001,564 | ---- | C] () -- C:\Users\User\Desktop\RPGVX.exe - Shortcut.lnk
[2011/05/09 14:19:21 | 000,001,760 | ---- | C] () -- C:\Users\User\Desktop\ntchw32.exe - Shortcut.lnk
[2011/05/08 16:56:34 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/08 16:56:34 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1F84DD9D4D.sys
[2011/05/08 16:55:30 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX.lnk
[2011/05/08 14:12:13 | 000,001,411 | ---- | C] () -- C:\Users\User\Desktop\PhotoshopPortable.exe - Shortcut.lnk
[2011/05/08 10:06:33 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/20 12:43:35 | 000,000,032 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/04/19 21:53:34 | 000,006,100 | ---- | C] () -- C:\ProgramData\InternetSettingsHistory.xml
[2011/04/17 22:37:14 | 000,002,168 | ---- | C] () -- C:\ProgramData\SERVICES_HISTORY.xml
[2011/04/17 22:34:26 | 000,000,458 | ---- | C] () -- C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
[2011/04/17 04:14:15 | 000,116,224 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSJPEGDecompressionPlugin.dll
[2011/04/17 04:14:15 | 000,095,744 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSJPEGCompressionPlugin.dll
[2011/04/17 04:14:15 | 000,064,512 | -H-- | C] () -- C:\Users\User\AppData\Roaming\rbap450.dll
[2011/04/17 04:14:15 | 000,027,648 | -H-- | C] () -- C:\Users\User\AppData\Roaming\rbselectfolder450.dll
[2011/04/17 04:14:15 | 000,026,112 | -H-- | C] () -- C:\Users\User\AppData\Roaming\MBSRegistrationPlugin.dll
[2011/04/15 10:04:26 | 000,000,233 | ---- | C] () -- C:\Windows\Netop.INI
[2011/04/14 04:42:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 09:23:08 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\E4D3A5BAEC.sys
[2011/04/09 09:23:01 | 000,001,682 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 04 June 2011 - 06:19 PM

Please visit ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 04 June 2011 - 06:43 PM

Ok here it is Finally!!!!:


C:\D Programs\dtWEaK401pRO\patch.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined
C:\Downloads\ak2.5x86\Award.Keylogger.Patch-BBB.exe probably a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Downloads\ak2.5x86\klinstall.exe a variant of Win32/KeyLogger.AwardKeylogger.A application deleted - quarantined
C:\Downloads\Award_Keylogger\klinstall.exe a variant of Win32/KeyLogger.AwardKeylogger.A application deleted - quarantined
C:\Downloads\Award_Keylogger\Award Keylogger 1.xx Patch\Award Keylogger 1.36 and 1.xx Patch - [MART!K].exe probably a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Downloads\FlashProP\FlashProP\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
C:\Downloads\Supreme_technichs\Terraria Trainer 1.02.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Games\The Settlers 4 GE Portable\Trainer.exe a variant of Win32/GameHack.AD application cleaned by deleting - quarantined
C:\Games\The Settlers 4 GE Portable\Exe\s4t.exe probably a variant of Win32/Spy.Agent.JHEZJTH trojan cleaned by deleting - quarantined
C:\Games\The Settlers 4 GE Portable\New Folder\chapvzrstrn3.zip a variant of Win32/GameHack.F application deleted - quarantined
C:\Games\The Settlers 4 GE Portable\New Folder\weesettlers4trn1.zip probably a variant of Win32/Spy.Agent.JHEZJTH trojan deleted - quarantined
C:\Program Files (x86)\Plants Vs Zombies\Plants VS Zombies Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\Sierra\Pharaoh\Trainer.exe a variant of Win32/GameHack.AD application cleaned by deleting - quarantined
C:\Programs\DTweak Pro 4.0.1\DTweak Pro 4.0.1\patch.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined
C:\Programs\GW\keygen.exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined
C:\Programs\Ref\R.A.A-P.C.exe probably a variant of Win32/Agent.JFBGQAC trojan cleaned by deleting - quarantined
C:\Programs\ZenxEngine_LATEST\Project1.exe probably a variant of Win32/Agent.HMOYUXI trojan cleaned by deleting - quarantined
C:\Programs\ZenxEngine_LATEST\Systemcallretriever.exe probably a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined
C:\Programs\ZenxEngine_LATEST\zenx.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Programs\ZenxEngine_LATEST\zenxengine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\softonic-us-silent.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\User\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110531093529249.rsc Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Users\User\Downloads\Compressed\SpeedPowder.zip probably a variant of Win32/Agent.MDREWOH trojan deleted - quarantined
C:\Users\User\Downloads\Compressed\SpeedPowder\Powder(Script).exe probably a variant of Win32/Agent.MDREWOH trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\Compressed\unl-bhtrn\unl-bh.exe a variant of Win32/GameHack.D application cleaned by deleting - quarantined
C:\Windows\System32\SystemV.dll a variant of Win32/GameHack.D application cleaned by deleting - quarantined
C:\Windows\System32\KAward\aklservice.exe a variant of Win32/KeyLogger.AwardKeylogger.A application cleaned by deleting - quarantined
C:\Windows\System32\KAward\wak.exe a variant of Win32/KeyLogger.AwardKeylogger.A application cleaned by deleting - quarantined

Edited by davis7457, 04 June 2011 - 09:27 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:54 PM

Posted 06 June 2011 - 04:11 PM

That was a surprising amount of malware.

Can you next run MBAM and SAS so I know we got everything

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#15 davis7457

davis7457
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 07 June 2011 - 08:03 PM

Ok heres the rest:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6754

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/7/2011 9:19:27 PM
mbam-log-2011-06-07 (21-17-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 486407
Time elapsed: 1 hour(s), 14 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I know I kinda got that backwards but heres the SUPERAnti Spyware log, I'm waiting for malwarebytes to scan, but heres this one for now:


Heres the SUPErAnti Spyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2011 at 07:47 PM

Application Version : 4.53.1000

Core Rules Database Version : 7225
Trace Rules Database Version: 5037

Scan type : Complete Scan
Total Scan Time : 02:30:46

Memory items scanned : 581
Memory threats detected : 0
Registry items scanned : 14082
Registry threats detected : 12
File items scanned : 291597
File threats detected : 25

Adware.Tracking Cookie
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@imrworldwide[2].txt
convoad.technoratimedia.net [ C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JU8CCTSE ]
ia.media-imdb.com [ C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JU8CCTSE ]
spe.atdmt.com [ C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JU8CCTSE ]
us.media.blizzard.com [ C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JU8CCTSE ]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\davis@serving-sys[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@ad.wsod[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@advertising[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@atdmt[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@doubleclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@questionmarket[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@r1-ads.ace.advertising[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@synacor.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\davis@synacorembarq.112.2o7[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@server.cpmstar[1].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[2].txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificmedia[1].txt

Browser Hijacker.Tubby
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE#Debugger

Trojan.Agent/Gen
C:\DOWNLOADS\CACTUS BRUCE AND THE CORPORATE MONKEYS\CACTUS BRUCE AND THE CORPORATE MONKEYS\$CRACK\KEYGEN.EXE

Trojan.Agent/Gen-PEC
C:\PROGRAMS\REAL PLAYER 11.0.9.372 GOLD PREMIUM_SO_SA\ACTIVATOR.EXE

Trojan.Agent/Gen-Bancos
C:\PROGRAMS\ZENXENGINE_LATEST\CEHOOK.DLL

Trojan.Agent/Gen-Frauder
C:\PROGRAMS\ZENXENGINE_LATEST\EMPTYPROCESS.EXE

Trojan.Agent/Gen-FraudPack
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5FF3CD6-BD05-40D5-9F59-A5C54819FC1E}\RP102\A0072428.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5FF3CD6-BD05-40D5-9F59-A5C54819FC1E}\RP109\A0085561.EXE

Trojan.Agent/Gen-SVC[Fake]
C:\USERS\USER\DESKTOP\MISC\ICONS\MCFORGEPLUSRC2\SVN\SVNA.EXE

Edited by davis7457, 07 June 2011 - 09:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users