Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Rootkit.Win32.TDSS.rr


  • This topic is locked This topic is locked
18 replies to this topic

#1 KDenning

KDenning

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 04 June 2011 - 01:51 PM

I have an ACER Inspire 5532-5535 running Windows 7 64 bit Home Edition.

Two days ago I went to KeyGenGuru.com and downloaded a file. I extracted the file, and when I opened it, my computer immediately shut off. When I tried to start it back up, instead of booting normally, Startup Repair opened. It said it could not repair the problem. I tried to boot in Safe mode but could not.

I can get to the command prompt. It shows X:\. I do not see any of my personal files.
On a different PC, I created a Kaspersky rescue disc and ran it on the sick PC. I was not able to update the virus files, the version I used was from March, 2011. It found a virus called Rootkit.Win32.TDSS.rr. I disinfected the file – it said it was successful.
I ran Kapersky on boot and system files, and started to run it on the entire C:\ drive, and while doing that – I did see many of the files I had installed and used on my working PC - flash on the screen as they were checked. The C:\ drive scan was extremely slow and I decided to try to boot without completing the C:\ drive scan to see if the problem was already fixed.

When I re-boot, the way my computer booted up had changed slightly. Now it flashes a blue screen very quickly – too fast to look at, and then again restarts the computer and I am asked if I want to start windows normally or launch Startup Repair. I tried both and neither worked, and I still cannot boot up the computer in Safe Mode.

Any help would be greatly appreciated.

Thank you.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 05 June 2011 - 02:58 PM

Hi KDenning,

Welcome to Bleeping Computer. I will be assisting you.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 June 2011 - 07:51 PM

Hi farbar,

Thank you very much for helping me with this I really appreciate it. I did the scan. Here's the log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.8
Ran by SYSTEM at 2011-06-05 20:32:53
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [301056 2009-06-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-08-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [419112 2010-08-12] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [181480 2010-08-13] (Acer Corp.)
HKLM-x32\...\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2334560 2011-04-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Keith\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-21] (Google Inc.)
HKU\Keith\...\Run: [AdobeBridge]
HKU\Keith\...\Run: [Google Update] "C:\Users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-05-29] (Google Inc.)
HKU\Keith\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Keith\...\Run: [EADM] "C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1 65.32.5.111 65.32.5.112


==================== Services ====================

3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [203264 2009-07-29] (AMD)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2010-11-20] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [37664 2011-02-18] (Apple Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7398752 2011-04-18] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [183560 2011-02-28] (Microsoft Corporation.)
3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [349472 2011-04-06] (Apple Inc.)
3 Browser; C:\Windows\System32\browser.dll [136192 2010-11-20] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [177152 2010-11-20] (Microsoft Corporation)
2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [821664 2010-02-27] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
2 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-03-30] (Acresso Software Inc.)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2010-12-15] ()
2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2010-12-15] ()
2 FontCache; C:\Windows\System32\FntCache.dll [1139200 2011-02-19] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [1493352 2010-09-22] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe" [238328 2010-01-04] (WildTangent, Inc.)
2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
2 Greg_Service; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [136176 2010-10-19] (Google Inc.)
3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc [136176 2010-10-19] (Google Inc.)
3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [182768 2009-08-21] (Google)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-04] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2010-11-20] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [934176 2011-04-14] (Apple Inc.)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [128000 2010-11-20] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4925184 2010-01-09] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2010-11-20] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [209920 2010-11-20] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-02-25] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [483688 2010-04-23] (Microsoft Corporation)
3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [209768 2010-04-23] (Microsoft Corporation)
4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2010-11-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-03-31] (Logitech Inc.)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2010-03-26] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1504256 2010-11-20] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [57184 2010-09-22] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2010-11-20] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2420736 2010-11-20] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [78848 2010-11-20] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)
2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers ====================

3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\System32\drivers\afd.sys [499712 2010-11-20] (Microsoft Corporation)
3 agp440; C:\Windows\System32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
3 amdide; C:\Windows\System32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [245296 2009-06-15] (Alps Electric Co., Ltd.)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1542656 2009-10-05] (Atheros Communications, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6038016 2009-07-29] (ATI Technologies Inc.)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-04-14] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Brserid; C:\Windows\System32\DRIVERS\BrSerId.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\DRIVERS\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [459248 2010-11-20] (Microsoft Corporation)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
3 DKbFltr; C:\Windows\SysWow64\drivers\DKbFltr.sys [25608 2009-03-25] (Dritek System Inc.)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2010-11-20] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\System32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [48488 2010-09-22] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
3 iaStorV; C:\Windows\System32\drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [1966624 2009-07-28] (Realtek Semiconductor Corp.)
3 intelide; C:\Windows\System32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95616 2010-11-20] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152960 2010-11-20] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [67072 2009-11-13] (Atheros Communications, Inc.)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
3 lvpopf64; C:\Windows\System32\DRIVERS\lvpopf64.sys [271640 2009-04-30] (Logitech Inc.)
3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 LVRS64; C:\Windows\System32\DRIVERS\lvrs64.sys [341856 2011-03-31] (Logitech Inc.)
3 LVUVC64; C:\Windows\System32\DRIVERS\lvuvc64.sys [4184672 2011-03-31] (Logitech Inc.)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
3 mpio; C:\Windows\System32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2010-11-20] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-02-22] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2011-02-22] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-02-22] (Microsoft Corporation)
0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nvraid; C:\Windows\System32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-20] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
3 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [54480 2008-02-05] (Sonic Solutions)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2010-11-20] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [222208 2009-08-09] (Realtek Semiconductor Corp.)
3 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [721768 2010-04-23] (Microsoft Corporation)
3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [269672 2010-04-23] (Microsoft Corporation)
3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [25960 2010-04-23] (Microsoft Corporation)
3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [22376 2010-04-23] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-02-22] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [411648 2011-02-22] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [167936 2011-02-22] (Microsoft Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
3 swenum; C:\Windows\System32\drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\drivers\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2009-09-03] (Texas Instruments)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] (Microsoft Corporation)
3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109696 2010-11-20] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\drivers\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-24] (Microsoft Corporation)
3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-24] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2009-07-13] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
3 viaide; C:\Windows\System32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)
3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] (Microsoft Corporation)
3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
1 nnfwdk; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [x]
3 NPF; C:\Windows\System32\drivers\NPF.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================= NetSvcs ============================

============ One Month Created Files and folders =============

2011-06-05 20:32 - 2011-06-05 20:32 - 0000000 ____D C:\FRST
2011-06-02 18:02 - 2011-06-04 10:48 - 0000000 ____A C:\Recovery.txt
2011-06-02 13:33 - 2011-06-02 13:33 - 0151280 ____A C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip
2011-06-02 13:33 - 2011-06-02 13:33 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno
2011-06-02 13:29 - 2011-06-02 13:29 - 11193664 ____A (DT Soft Ltd.) C:\Users\Keith\Downloads\DTLite4402-0131 (1).exe
2011-06-01 14:06 - 2011-06-01 14:06 - 0287008 ____A C:\Users\Keith\Downloads\SoftonicDownloader_for_daemon-tools.exe
2011-06-01 14:02 - 2011-06-01 14:03 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version
2011-06-01 13:58 - 2011-06-01 13:58 - 7759263 ____A C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version.rar
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\Users\Keith\AppData\Roaming\DAEMON Tools Lite
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-06-01 13:41 - 2011-06-01 13:42 - 11193664 ____A (DT Soft Ltd.) C:\Users\Keith\Downloads\DTLite4402-0131.exe
2011-05-31 12:04 - 2011-05-31 12:04 - 0001115 ____A C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
2011-05-31 12:04 - 2011-05-31 12:04 - 0000000 ____D C:\Users\Keith\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-05-31 12:04 - 2011-05-31 12:04 - 0000000 ____D C:\Program Files (x86)\Adobe Photoshop Express Uploader
2011-05-30 11:54 - 2011-06-01 16:19 - 0000000 ____D C:\Users\Keith\Documents\Black Ops
2011-05-30 11:53 - 2011-05-30 11:53 - 0034659 ____A C:\Users\Keith\Downloads\Portal_2-SKIDROW.6330132.TPB.torrent
2011-05-30 11:53 - 2010-11-02 10:03 - 0040960 ____A (Zhorn Software) C:\Users\Keith\Downloads\caffeine.exe
2011-05-30 11:53 - 2010-11-02 10:03 - 0002067 ____A C:\Users\Keith\Downloads\readme.txt
2011-05-30 11:52 - 2011-05-30 11:52 - 0013831 ____A C:\Users\Keith\Downloads\caffeine.zip
2011-05-28 08:38 - 2011-05-28 08:38 - 0087040 ____A C:\Users\Keith\Downloads\Vocab_Lists (6).doc
2011-05-25 14:42 - 2011-05-25 14:42 - 0013400 ____A C:\Users\Keith\Documents\Confirmation Speech.docx
2011-05-25 12:37 - 2011-05-25 12:37 - 2253802 ____A C:\Users\Keith\Downloads\photo (13) (1).JPG
2011-05-25 12:35 - 2011-05-25 12:35 - 2253802 ____A C:\Users\Keith\Downloads\photo (13).JPG
2011-05-25 12:35 - 2011-05-25 12:35 - 2253802 ____A C:\Users\Keith\Downloads\photo (12).JPG
2011-05-24 10:23 - 2011-04-22 14:15 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-05-23 19:40 - 2011-06-01 18:11 - 5543916 ___AH C:\Users\Keith\AppData\Local\IconCache.db
2011-05-23 16:33 - 2011-05-23 16:33 - 0803754 ____A C:\Users\Keith\Downloads\Biomes.pptx
2011-05-23 16:08 - 2011-05-23 19:33 - 0016422 ____A C:\Users\Keith\Downloads\Terrestrial Biomes Study Guide.docx
2011-05-23 16:07 - 2011-05-23 16:07 - 0039277 ___SH C:\Users\Keith\Downloads\AlbumArt_{301390D6-70E3-4440-9F23-D1BF65B7A055}_Large.jpg
2011-05-23 16:07 - 2011-05-23 16:07 - 0008658 ___SH C:\Users\Keith\Downloads\AlbumArt_{301390D6-70E3-4440-9F23-D1BF65B7A055}_Small.jpg
2011-05-23 16:02 - 2011-05-23 16:02 - 3517576 ____A C:\Users\Keith\Downloads\Look At Me Now (Clean)- Chris Brown [Feat. Busta Rhymes & Lil Wayne] (Lyrics).mp3
2011-05-23 12:03 - 2011-05-23 12:03 - 0530197 ____A C:\Users\Keith\Downloads\OldPhotoPRO.png
2011-05-23 12:03 - 2011-05-23 12:03 - 0060119 ____A C:\Users\Keith\Downloads\photo (11).jpg
2011-05-23 11:06 - 2011-05-23 11:24 - 0001762 ____A C:\Windows\IE9_main.log
2011-05-23 10:54 - 2011-05-23 10:51 - 0002461 ____A C:\Users\Keith\Desktop\Microsoft PowerPoint 2010.lnk
2011-05-23 10:54 - 2011-05-23 10:51 - 0002449 ____A C:\Users\Keith\Desktop\Microsoft Word 2010.lnk
2011-05-23 10:54 - 2011-05-23 10:50 - 0002451 ____A C:\Users\Keith\Desktop\Microsoft Excel 2010.lnk
2011-05-23 10:48 - 2011-05-24 13:30 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-05-23 10:48 - 2011-05-23 10:48 - 0000000 ____D C:\Program Files\Microsoft Office
2011-05-23 10:47 - 2011-05-23 10:47 - 1628560 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\X16-42918_TRQC8-CPYDV-6HWH2-XKJ96-6JDVX.exe
2011-05-23 10:39 - 2011-05-24 13:27 - 0000000 ____D C:\Program Files (x86)\Gamevance Games
2011-05-23 10:38 - 2011-05-23 10:38 - 0010423 ____A C:\Users\Keith\Downloads\download.htm
2011-05-22 17:11 - 2011-05-22 17:11 - 6485379 ____A C:\Users\Keith\Downloads\beach_party_volleyball_pop-art.jpg
2011-05-22 13:58 - 2011-05-22 15:53 - 0000316 ___AH C:\Users\Keith\Downloads\.picasa.ini
2011-05-22 13:56 - 2011-05-22 13:56 - 0338564 ____A C:\Users\Keith\Downloads\244351_1908369623845_1079956398_2103252_436327_o.jpg
2011-05-22 06:14 - 2011-05-22 06:14 - 0001114 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2011-05-22 06:12 - 2011-05-22 06:12 - 14276088 ____A (Google Inc.) C:\Users\Keith\Downloads\picasa38-setup.exe
2011-05-22 05:59 - 2011-04-08 22:58 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-05-22 05:59 - 2011-04-08 21:56 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-05-21 07:56 - 2011-05-21 07:56 - 0568648 ____A (Google Inc.) C:\Users\Keith\Downloads\GoogleEarthSetup.exe
2011-05-18 15:08 - 2011-05-18 15:08 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Logitech
2011-05-17 14:02 - 2011-05-17 14:09 - 0000000 ____D C:\Windows\rescache
2011-05-16 19:32 - 2011-05-16 19:33 - 5244634 ____A C:\Users\Keith\Downloads\Wiz Khalifa - Top Floor.mp3
2011-05-16 18:51 - 2011-05-16 18:54 - 5675931 ____A C:\Users\Keith\Downloads\Adele - Rolling In The Deep.mp3
2011-05-16 18:34 - 2011-05-16 18:58 - 5093341 ____A C:\Users\Keith\Downloads\Bruno Mars - The Lazy Song [Official Video].mp3
2011-05-16 16:55 - 2011-05-16 19:00 - 6818832 ____A C:\Users\Keith\Downloads\wiz-khalifa-on-my-level.mp3
2011-05-16 16:54 - 2011-05-16 19:00 - 3981817 ____A C:\Users\Keith\Downloads\When I'm Gone - Wiz Khalifa.mp3
2011-05-16 14:19 - 2011-05-16 19:00 - 6898121 ____A C:\Users\Keith\Downloads\Cameras.mp3
2011-05-13 13:23 - 2011-05-13 13:25 - 5580251 ____A C:\Users\Keith\Downloads\Rebecca Black-Friday.mp3
2011-05-12 14:50 - 2011-05-12 16:50 - 4663282 ____A C:\Users\Keith\Downloads\Jeremih (ft. 50 Cent) - Down On Me - CurrentHipHop.com.mp3
2011-05-12 12:19 - 2011-05-12 12:22 - 4580386 ____A C:\Users\Keith\Downloads\preview (1).mp3
2011-05-11 12:53 - 2011-05-11 12:55 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-05-11 12:53 - 2011-05-11 12:55 - 0000000 ____D C:\ProgramData\Skype Extras
2011-05-11 12:52 - 2011-05-11 12:53 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-05-11 12:52 - 2011-05-11 12:52 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-05-11 12:43 - 2011-05-11 12:44 - 1029512 ____A (Skype Technologies S.A.) C:\Users\Keith\Downloads\SkypeSetup.exe
2011-05-11 11:43 - 2011-04-08 23:02 - 5562240 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-05-11 11:43 - 2011-04-08 22:02 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-05-11 11:43 - 2011-04-08 22:02 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-05-11 11:43 - 2011-03-24 19:29 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2011-05-11 11:43 - 2011-03-24 19:29 - 0325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2011-05-11 11:43 - 2011-03-24 19:29 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2011-05-11 11:43 - 2011-03-24 19:29 - 0052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2011-05-11 11:43 - 2011-03-24 19:29 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2011-05-11 11:43 - 2011-03-24 19:28 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2011-05-10 13:09 - 2011-05-10 13:09 - 4877888 ____A (Adobe Systems Inc.) C:\Users\Keith\Downloads\Shockwave_Installer_Slim (1).exe
2011-05-10 13:08 - 2011-05-10 13:08 - 4877888 ____A (Adobe Systems Inc.) C:\Users\Keith\Downloads\Shockwave_Installer_Slim.exe
2011-05-08 19:01 - 2011-05-08 19:00 - 0000168 ____A C:\Users\Keith\Downloads\out.php
2011-05-08 11:08 - 2011-05-08 11:08 - 15132107 ____A C:\Users\Keith\Downloads\Noisia - Gutterpump (Pixel Fist Remix) (dubstep-remixes.com).mp3
2011-05-08 11:08 - 2011-05-08 11:08 - 10487406 ____A C:\Users\Keith\Downloads\Drumsound & Bassline Smith - Freak (Dubstep Mix) (daftwho.com).mp3
2011-05-07 13:37 - 2011-05-07 13:37 - 3278085 ____A C:\Users\Keith\Downloads\Rej3ctz - Cat Daddy CleanVery Hot Cat Daddy Song.mp3
2011-05-06 18:49 - 2011-05-06 18:53 - 2477903 ____A C:\Users\Keith\Downloads\mac-miller-donald-trump.mp3
2011-05-06 15:35 - 2011-05-07 13:47 - 0000000 ____D C:\Users\Keith\AppData\Local\BearShare
2011-05-06 15:35 - 2011-05-06 15:35 - 0000000 ____D C:\Users\Keith\Documents\My Received Files
2011-05-06 15:33 - 2011-05-06 15:35 - 0000000 __HDC C:\Users\All Users\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-06 15:33 - 2011-05-06 15:35 - 0000000 __HDC C:\ProgramData\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-06 15:33 - 2011-05-06 15:33 - 0001112 ____A C:\Users\Public\Desktop\BearShare.lnk
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\Users\All Users\BearShare
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\ProgramData\BearShare
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\Program Files (x86)\BearShare Applications
2011-05-06 15:32 - 2011-05-06 15:32 - 2296704 ____A (Musiclab, LLC ) C:\Users\Keith\Downloads\BearShareV9.exe
2011-05-06 15:09 - 2011-05-06 15:09 - 0000015 ____A C:\Users\Keith\Documents\TEST.txt

============ 3 Months Modified Files and folders =============

2011-06-05 20:32 - 2011-06-05 20:32 - 0000000 ____D C:\FRST
2011-06-04 10:48 - 2011-06-02 18:02 - 0000000 ____A C:\Recovery.txt
2011-06-02 18:02 - 2009-12-11 18:09 - 0000000 __SHD C:\Recovery
2011-06-02 17:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-06-02 13:33 - 2011-06-02 13:33 - 0151280 ____A C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip
2011-06-02 13:33 - 2011-06-02 13:33 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno
2011-06-02 13:29 - 2011-06-02 13:29 - 11193664 ____A (DT Soft Ltd.) C:\Users\Keith\Downloads\DTLite4402-0131 (1).exe
2011-06-02 13:12 - 2010-12-01 12:40 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-06-02 13:09 - 2010-05-29 05:43 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
2011-06-02 10:24 - 2010-10-18 11:00 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-06-02 10:23 - 2009-07-13 19:20 - 0000000 ___RD C:\Program Files (x86)
2011-06-02 10:22 - 2010-12-01 12:40 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-06-02 10:22 - 2010-10-18 11:02 - 0000957 ____A C:\Users\Public\Desktop\AVG 2011.lnk
2011-06-02 10:22 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-02 10:22 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-02 10:13 - 2010-12-06 11:32 - 0019586 ____A C:\Windows\setupact.log
2011-06-02 10:13 - 2009-10-15 09:29 - 2211483648 __ASH C:\hiberfil.sys
2011-06-02 10:13 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-01 18:11 - 2011-05-23 19:40 - 5543916 ___AH C:\Users\Keith\AppData\Local\IconCache.db
2011-06-01 18:11 - 2011-02-20 13:04 - 0000000 ____D C:\Users\Keith\AppData\Roaming\uTorrent
2011-06-01 18:11 - 2009-10-15 09:32 - 2092175 ____A C:\Windows\WindowsUpdate.log
2011-06-01 18:09 - 2011-02-17 16:37 - 0000000 ____D C:\Users\Keith\Black Ops
2011-06-01 17:09 - 2010-05-29 05:43 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
2011-06-01 16:19 - 2011-05-30 11:54 - 0000000 ____D C:\Users\Keith\Documents\Black Ops
2011-06-01 14:15 - 2010-04-04 14:13 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-06-01 14:15 - 2010-04-04 14:13 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-01 14:06 - 2011-06-01 14:06 - 0287008 ____A C:\Users\Keith\Downloads\SoftonicDownloader_for_daemon-tools.exe
2011-06-01 14:04 - 2011-02-20 14:48 - 0000000 ____D C:\Users\Public\Documents\DAEMON Tools
2011-06-01 14:03 - 2011-06-01 14:02 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version
2011-06-01 13:58 - 2011-06-01 13:58 - 7759263 ____A C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version.rar
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\Users\Keith\AppData\Roaming\DAEMON Tools Lite
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-06-01 13:42 - 2011-06-01 13:42 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-06-01 13:42 - 2011-06-01 13:41 - 11193664 ____A (DT Soft Ltd.) C:\Users\Keith\Downloads\DTLite4402-0131.exe
2011-05-31 18:58 - 2010-06-12 11:45 - 0003109 ____A C:\Users\Keith\Downloads\psx.ini
2011-05-31 18:04 - 2010-01-31 10:55 - 0000000 ____D C:\install
2011-05-31 17:33 - 2009-08-21 17:50 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-05-31 17:30 - 2011-04-01 07:12 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Atari
2011-05-31 13:11 - 2010-12-06 20:18 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2011-05-31 13:09 - 2009-12-12 10:22 - 0000000 ____D C:\Users\Keith\Documents\My Games
2011-05-31 13:07 - 2010-03-30 19:35 - 0000000 ____D C:\Users\Keith\Documents\Adobe
2011-05-31 12:58 - 2009-08-21 18:16 - 0000000 ____D C:\Program Files (x86)\Google
2011-05-31 12:09 - 2009-12-13 14:18 - 0000000 ____D C:\Users\Keith\AppData\Local\Adobe
2011-05-31 12:09 - 2009-08-21 18:29 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-05-31 12:04 - 2011-05-31 12:04 - 0001115 ____A C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
2011-05-31 12:04 - 2011-05-31 12:04 - 0000000 ____D C:\Users\Keith\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-05-31 12:04 - 2011-05-31 12:04 - 0000000 ____D C:\Program Files (x86)\Adobe Photoshop Express Uploader
2011-05-31 11:30 - 2011-02-20 13:05 - 0000000 ____D C:\Program Files (x86)\uTorrent
2011-05-30 11:53 - 2011-05-30 11:53 - 0034659 ____A C:\Users\Keith\Downloads\Portal_2-SKIDROW.6330132.TPB.torrent
2011-05-30 11:52 - 2011-05-30 11:52 - 0013831 ____A C:\Users\Keith\Downloads\caffeine.zip
2011-05-29 05:11 - 2010-04-04 14:13 - 0039984 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2011-05-29 05:11 - 2010-04-04 14:13 - 0025912 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-05-28 08:46 - 2010-04-22 18:02 - 0000000 ____D C:\Users\Keith\AppData\Roaming\SoftGrid Client
2011-05-28 08:38 - 2011-05-28 08:38 - 0087040 ____A C:\Users\Keith\Downloads\Vocab_Lists (6).doc
2011-05-28 08:26 - 2010-05-29 05:43 - 0002405 ____A C:\Users\Keith\Desktop\Google Chrome.lnk
2011-05-25 14:42 - 2011-05-25 14:42 - 0013400 ____A C:\Users\Keith\Documents\Confirmation Speech.docx
2011-05-25 12:37 - 2011-05-25 12:37 - 2253802 ____A C:\Users\Keith\Downloads\photo (13) (1).JPG
2011-05-25 12:35 - 2011-05-25 12:35 - 2253802 ____A C:\Users\Keith\Downloads\photo (13).JPG
2011-05-25 12:35 - 2011-05-25 12:35 - 2253802 ____A C:\Users\Keith\Downloads\photo (12).JPG
2011-05-25 11:21 - 2009-07-13 21:08 - 0032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-05-24 16:16 - 2009-12-14 05:35 - 0000000 ____D C:\Users\Keith\AppData\Local\ElevatedDiagnostics
2011-05-24 16:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-05-24 13:32 - 2009-08-21 18:31 - 0803050 ____A C:\Windows\PFRO.log
2011-05-24 13:30 - 2011-05-23 10:48 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-05-24 13:30 - 2010-01-31 11:15 - 0839374 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-05-24 13:30 - 2009-07-13 18:36 - 0692838 ____A C:\Windows\System32\perfh009.dat
2011-05-24 13:30 - 2009-07-13 18:36 - 0131954 ____A C:\Windows\System32\perfc009.dat
2011-05-24 13:27 - 2011-05-23 10:39 - 0000000 ____D C:\Program Files (x86)\Gamevance Games
2011-05-24 10:49 - 2009-12-11 18:11 - 0103280 ____A C:\Users\Keith\AppData\Local\GDIPFONTCACHEV1.DAT
2011-05-23 19:33 - 2011-05-23 16:08 - 0016422 ____A C:\Users\Keith\Downloads\Terrestrial Biomes Study Guide.docx
2011-05-23 16:33 - 2011-05-23 16:33 - 0803754 ____A C:\Users\Keith\Downloads\Biomes.pptx
2011-05-23 16:07 - 2011-05-23 16:07 - 0039277 ___SH C:\Users\Keith\Downloads\AlbumArt_{301390D6-70E3-4440-9F23-D1BF65B7A055}_Large.jpg
2011-05-23 16:07 - 2011-05-23 16:07 - 0008658 ___SH C:\Users\Keith\Downloads\AlbumArt_{301390D6-70E3-4440-9F23-D1BF65B7A055}_Small.jpg
2011-05-23 16:07 - 2011-01-15 15:42 - 0039277 ___SH C:\Users\Keith\Downloads\Folder.jpg
2011-05-23 16:07 - 2011-01-15 15:42 - 0008658 ___SH C:\Users\Keith\Downloads\AlbumArtSmall.jpg
2011-05-23 16:02 - 2011-05-23 16:02 - 3517576 ____A C:\Users\Keith\Downloads\Look At Me Now (Clean)- Chris Brown [Feat. Busta Rhymes & Lil Wayne] (Lyrics).mp3
2011-05-23 14:15 - 2009-10-15 09:45 - 0007712 ____A C:\Users\All Users\ArcadeDeluxe3.log
2011-05-23 14:15 - 2009-10-15 09:45 - 0007712 ____A C:\ProgramData\ArcadeDeluxe3.log
2011-05-23 14:10 - 2009-10-15 09:45 - 0000000 ____D C:\Users\All Users\CyberLink
2011-05-23 14:10 - 2009-10-15 09:45 - 0000000 ____D C:\ProgramData\CyberLink
2011-05-23 14:06 - 2009-12-13 17:21 - 0000000 ____D C:\Users\Keith\AppData\Roaming\SoftDMA
2011-05-23 12:03 - 2011-05-23 12:03 - 0530197 ____A C:\Users\Keith\Downloads\OldPhotoPRO.png
2011-05-23 12:03 - 2011-05-23 12:03 - 0060119 ____A C:\Users\Keith\Downloads\photo (11).jpg
2011-05-23 11:24 - 2011-05-23 11:06 - 0001762 ____A C:\Windows\IE9_main.log
2011-05-23 11:05 - 2009-08-21 18:03 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-05-23 11:05 - 2009-08-21 18:03 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-05-23 10:52 - 2010-04-22 17:59 - 0000000 ____D C:\Users\Keith\AppData\Roaming\TP
2011-05-23 10:51 - 2011-05-23 10:54 - 0002461 ____A C:\Users\Keith\Desktop\Microsoft PowerPoint 2010.lnk
2011-05-23 10:51 - 2011-05-23 10:54 - 0002449 ____A C:\Users\Keith\Desktop\Microsoft Word 2010.lnk
2011-05-23 10:51 - 2010-04-22 18:02 - 0000000 ____D C:\Users\Keith\AppData\Local\SoftGrid Client
2011-05-23 10:50 - 2011-05-23 10:54 - 0002451 ____A C:\Users\Keith\Desktop\Microsoft Excel 2010.lnk
2011-05-23 10:48 - 2011-05-23 10:48 - 0000000 ____D C:\Program Files\Microsoft Office
2011-05-23 10:48 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-05-23 10:47 - 2011-05-23 10:47 - 1628560 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\X16-42918_TRQC8-CPYDV-6HWH2-XKJ96-6JDVX.exe
2011-05-23 10:38 - 2011-05-23 10:38 - 0010423 ____A C:\Users\Keith\Downloads\download.htm
2011-05-22 17:11 - 2011-05-22 17:11 - 6485379 ____A C:\Users\Keith\Downloads\beach_party_volleyball_pop-art.jpg
2011-05-22 15:53 - 2011-05-22 13:58 - 0000316 ___AH C:\Users\Keith\Downloads\.picasa.ini
2011-05-22 13:56 - 2011-05-22 13:56 - 0338564 ____A C:\Users\Keith\Downloads\244351_1908369623845_1079956398_2103252_436327_o.jpg
2011-05-22 06:14 - 2011-05-22 06:14 - 0001114 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2011-05-22 06:14 - 2009-12-11 18:45 - 0000000 ____D C:\Users\Keith\AppData\Local\Google
2011-05-22 06:12 - 2011-05-22 06:12 - 14276088 ____A (Google Inc.) C:\Users\Keith\Downloads\picasa38-setup.exe
2011-05-22 06:10 - 2009-12-29 10:43 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Skype
2011-05-22 06:02 - 2010-12-06 20:31 - 0000000 ____D C:\Users\Keith\AppData\Local\LogiShrd
2011-05-22 06:02 - 2010-12-06 20:31 - 0000000 ____D C:\Program Files (x86)\Logitech
2011-05-22 05:52 - 2009-12-29 11:49 - 0000000 ____D C:\Users\Keith\AppData\Roaming\skypePM
2011-05-21 07:56 - 2011-05-21 07:56 - 0568648 ____A (Google Inc.) C:\Users\Keith\Downloads\GoogleEarthSetup.exe
2011-05-21 07:23 - 2010-10-21 12:20 - 0001861 ____A C:\Users\Public\Desktop\ooVoo.lnk
2011-05-21 07:23 - 2010-10-21 12:20 - 0000000 ____D C:\Program Files (x86)\ooVoo
2011-05-20 18:34 - 2010-10-18 10:40 - 0000000 ____D C:\Users\All Users\MFAData
2011-05-20 18:34 - 2010-10-18 10:40 - 0000000 ____D C:\ProgramData\MFAData
2011-05-18 16:47 - 2011-02-13 14:25 - 0000000 ____D C:\Users\Keith\Documents\Ringtones
2011-05-18 15:08 - 2011-05-18 15:08 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Logitech
2011-05-17 14:09 - 2011-05-17 14:02 - 0000000 ____D C:\Windows\rescache
2011-05-16 19:33 - 2011-05-16 19:32 - 5244634 ____A C:\Users\Keith\Downloads\Wiz Khalifa - Top Floor.mp3
2011-05-16 19:00 - 2011-05-16 16:55 - 6818832 ____A C:\Users\Keith\Downloads\wiz-khalifa-on-my-level.mp3
2011-05-16 19:00 - 2011-05-16 16:54 - 3981817 ____A C:\Users\Keith\Downloads\When I'm Gone - Wiz Khalifa.mp3
2011-05-16 19:00 - 2011-05-16 14:19 - 6898121 ____A C:\Users\Keith\Downloads\Cameras.mp3
2011-05-16 18:58 - 2011-05-16 18:34 - 5093341 ____A C:\Users\Keith\Downloads\Bruno Mars - The Lazy Song [Official Video].mp3
2011-05-16 18:54 - 2011-05-16 18:51 - 5675931 ____A C:\Users\Keith\Downloads\Adele - Rolling In The Deep.mp3
2011-05-13 13:25 - 2011-05-13 13:23 - 5580251 ____A C:\Users\Keith\Downloads\Rebecca Black-Friday.mp3
2011-05-12 17:05 - 2009-12-15 16:35 - 0000000 ____D C:\Users\Keith\Documents\Keith
2011-05-12 16:50 - 2011-05-12 14:50 - 4663282 ____A C:\Users\Keith\Downloads\Jeremih (ft. 50 Cent) - Down On Me - CurrentHipHop.com.mp3
2011-05-12 12:22 - 2011-05-12 12:19 - 4580386 ____A C:\Users\Keith\Downloads\preview (1).mp3
2011-05-12 11:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-05-11 16:25 - 2009-12-12 09:11 - 44548040 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-05-11 12:55 - 2011-05-11 12:53 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-05-11 12:55 - 2011-05-11 12:53 - 0000000 ____D C:\ProgramData\Skype Extras
2011-05-11 12:53 - 2011-05-11 12:52 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-05-11 12:52 - 2011-05-11 12:52 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-05-11 12:52 - 2009-12-29 10:42 - 0000000 ____D C:\Users\All Users\Skype
2011-05-11 12:52 - 2009-12-29 10:42 - 0000000 ____D C:\ProgramData\Skype
2011-05-11 12:44 - 2011-05-11 12:43 - 1029512 ____A (Skype Technologies S.A.) C:\Users\Keith\Downloads\SkypeSetup.exe
2011-05-10 13:09 - 2011-05-10 13:09 - 4877888 ____A (Adobe Systems Inc.) C:\Users\Keith\Downloads\Shockwave_Installer_Slim (1).exe
2011-05-10 13:09 - 2009-08-21 18:30 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-05-10 13:08 - 2011-05-10 13:08 - 4877888 ____A (Adobe Systems Inc.) C:\Users\Keith\Downloads\Shockwave_Installer_Slim.exe
2011-05-08 19:00 - 2011-05-08 19:01 - 0000168 ____A C:\Users\Keith\Downloads\out.php
2011-05-08 15:44 - 2009-12-13 17:21 - 0000000 ____D C:\Users\Keith\AppData\Local\PlayMovie
2011-05-08 11:08 - 2011-05-08 11:08 - 15132107 ____A C:\Users\Keith\Downloads\Noisia - Gutterpump (Pixel Fist Remix) (dubstep-remixes.com).mp3
2011-05-08 11:08 - 2011-05-08 11:08 - 10487406 ____A C:\Users\Keith\Downloads\Drumsound & Bassline Smith - Freak (Dubstep Mix) (daftwho.com).mp3
2011-05-08 09:47 - 2009-07-13 21:13 - 0822156 ____A C:\Windows\System32\PerfStringBackup.INI
2011-05-07 19:44 - 2009-12-26 14:42 - 0000000 ____D C:\Users\Keith\AppData\Local\WMTools Downloaded Files
2011-05-07 13:47 - 2011-05-06 15:35 - 0000000 ____D C:\Users\Keith\AppData\Local\BearShare
2011-05-07 13:43 - 2010-01-04 19:53 - 0084992 ____A C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-07 13:37 - 2011-05-07 13:37 - 3278085 ____A C:\Users\Keith\Downloads\Rej3ctz - Cat Daddy CleanVery Hot Cat Daddy Song.mp3
2011-05-07 11:44 - 2010-10-10 11:31 - 3549390 ____A C:\Users\Keith\Downloads\Lou_Bega_Mambo_No_5.mp3
2011-05-06 19:06 - 2010-09-19 12:39 - 0000000 ____D C:\Users\Keith\AppData\Roaming\FrostWire
2011-05-06 18:53 - 2011-05-06 18:49 - 2477903 ____A C:\Users\Keith\Downloads\mac-miller-donald-trump.mp3
2011-05-06 18:26 - 2009-12-13 17:21 - 0000000 ____D C:\Users\Keith\Documents\Arcade Deluxe
2011-05-06 18:09 - 2009-12-12 18:16 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Mozilla
2011-05-06 15:35 - 2011-05-06 15:35 - 0000000 ____D C:\Users\Keith\Documents\My Received Files
2011-05-06 15:35 - 2011-05-06 15:33 - 0000000 __HDC C:\Users\All Users\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-06 15:35 - 2011-05-06 15:33 - 0000000 __HDC C:\ProgramData\{BABF6F4E-3651-4AC1-876A-46BE5B95D594}
2011-05-06 15:33 - 2011-05-06 15:33 - 0001112 ____A C:\Users\Public\Desktop\BearShare.lnk
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\Users\All Users\BearShare
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\ProgramData\BearShare
2011-05-06 15:33 - 2011-05-06 15:33 - 0000000 ____D C:\Program Files (x86)\BearShare Applications
2011-05-06 15:32 - 2011-05-06 15:32 - 2296704 ____A (Musiclab, LLC ) C:\Users\Keith\Downloads\BearShareV9.exe
2011-05-06 15:09 - 2011-05-06 15:09 - 0000015 ____A C:\Users\Keith\Documents\TEST.txt
2011-05-06 13:02 - 2009-12-12 16:12 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-05-03 13:56 - 2011-05-03 13:56 - 7163824 ____A C:\Users\Keith\Downloads\Terrestrial Biomes.pptx
2011-05-03 13:56 - 2011-05-03 13:56 - 7163824 ____A C:\Users\Keith\Downloads\Terrestrial Biomes (1).pptx
2011-05-03 11:57 - 2011-05-03 11:57 - 0151749 ____A C:\Users\Keith\Downloads\savanna.jpg
2011-05-02 17:24 - 2010-10-21 11:24 - 0000000 ____D C:\Users\Keith\AppData\Local\Windows Live
2011-05-02 17:23 - 2011-05-02 17:23 - 0000000 ____D C:\Users\Keith\AppData\Local\{C6E25FA1-2A10-4BE8-8783-05ECD5B280D3}
2011-05-01 18:52 - 2009-07-13 18:34 - 0000647 ____A C:\Windows\win.ini
2011-05-01 18:46 - 2011-05-01 18:46 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Flip Video
2011-05-01 18:43 - 2011-05-01 18:43 - 0001098 ____A C:\Users\Public\Desktop\FlipShare.lnk
2011-05-01 18:43 - 2010-05-26 18:10 - 0000000 ____D C:\Users\All Users\Flip Video
2011-05-01 18:43 - 2010-05-26 18:10 - 0000000 ____D C:\ProgramData\Flip Video
2011-05-01 18:42 - 2011-05-01 18:42 - 0000000 ____D C:\Program Files (x86)\Flip Video
2011-05-01 18:29 - 2011-02-13 13:38 - 4690321 ____A C:\Users\Keith\Downloads\Gold_Digger__2.mp3
2011-05-01 18:25 - 2011-05-01 18:25 - 0007305 ___SH C:\Users\Keith\Downloads\AlbumArt_{45D79EE9-596C-4846-82A1-6871B6CFC192}_Large.jpg
2011-05-01 18:25 - 2011-05-01 18:25 - 0002018 ___SH C:\Users\Keith\Downloads\AlbumArt_{45D79EE9-596C-4846-82A1-6871B6CFC192}_Small.jpg
2011-05-01 16:13 - 2011-01-26 14:47 - 8942727 ____A C:\Users\Keith\Downloads\19bd5e846a339545f3bf4ab168645b21.mp3
2011-05-01 16:08 - 2011-05-01 16:08 - 0005360 ___SH C:\Users\Keith\Downloads\AlbumArt_{BD65F253-7F2D-498A-978E-76907B190EE1}_Large.jpg
2011-05-01 16:08 - 2011-05-01 16:08 - 0001700 ___SH C:\Users\Keith\Downloads\AlbumArt_{BD65F253-7F2D-498A-978E-76907B190EE1}_Small.jpg
2011-04-25 10:48 - 2011-01-04 14:16 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
2011-04-22 14:15 - 2011-05-24 10:23 - 0027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-21 13:35 - 2011-04-21 13:36 - 0034287 ____A C:\Users\Keith\Documents\Romeo-and-Juliet.jpg
2011-04-20 19:08 - 2011-04-20 19:08 - 0020480 ____A C:\Users\Keith\Downloads\TitlePageSample (1).doc
2011-04-20 19:07 - 2011-04-20 19:07 - 0020480 ____A C:\Users\Keith\Downloads\TitlePageSample.doc
2011-04-20 14:08 - 2011-04-20 14:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-04-20 14:07 - 2011-04-20 14:07 - 6280056 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\Silverlight (1).exe
2011-04-20 14:06 - 2011-04-20 14:06 - 6280056 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\Silverlight.exe
2011-04-20 14:02 - 2011-04-20 13:59 - 0000000 ____D C:\Users\All Users\Viper
2011-04-20 14:02 - 2011-04-20 13:59 - 0000000 ____D C:\ProgramData\Viper
2011-04-20 13:58 - 2011-04-20 13:58 - 0921799 ____A C:\Users\Keith\Downloads\ViperClientSetup.exe
2011-04-20 10:56 - 2011-04-20 10:56 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-04-20 10:56 - 2011-04-20 10:54 - 0000000 ____D C:\Program Files\iTunes
2011-04-20 10:56 - 2010-04-07 14:15 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-04-20 10:54 - 2011-04-20 10:54 - 0000000 ____D C:\Program Files\iPod
2011-04-20 10:51 - 2011-04-20 10:51 - 0000000 ____D C:\Program Files\Bonjour
2011-04-20 10:51 - 2011-04-20 10:51 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-04-19 17:54 - 2011-04-19 17:54 - 0087040 ____A C:\Users\Keith\Downloads\Vocab_Lists (5).doc
2011-04-18 10:54 - 2011-04-18 10:54 - 0000000 ___AH C:\Users\Keith\Documents\Default.rdp
2011-04-17 15:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-04-17 12:28 - 2009-07-13 20:45 - 4977216 ____A C:\Windows\System32\FNTCACHE.DAT
2011-04-14 17:28 - 2011-04-14 17:28 - 0118864 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AVGIDSDriver.sys
2011-04-14 16:28 - 2011-04-14 16:28 - 1498624 ____A C:\Users\Keith\Downloads\doj-email.xls
2011-04-14 16:27 - 2011-04-14 16:27 - 0131584 ____A C:\Users\Keith\Downloads\Email.xls.xls
2011-04-13 14:40 - 2011-04-13 14:40 - 4284416 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2011-04-13 13:29 - 2011-04-13 13:29 - 0221184 ____A C:\Users\Keith\Downloads\PVP packet 2011.doc
2011-04-13 10:07 - 2011-04-13 10:07 - 0373367 ____A C:\Users\Keith\Downloads\Sandman__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0350254 ____A C:\Users\Keith\Downloads\Reflections in the Water__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0347040 ____A C:\Users\Keith\Downloads\Red Cotton Candy__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0133868 ____A C:\Users\Keith\Downloads\Hallway Vision__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0114770 ____A C:\Users\Keith\Downloads\Pink Lemonade__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0114670 ____A C:\Users\Keith\Downloads\Chalk Board__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0067116 ____A C:\Users\Keith\Downloads\Dizzy__fun (1).LVF
2011-04-13 10:07 - 2011-04-13 10:07 - 0009436 ____A C:\Users\Keith\Downloads\Polarize__fun (1).LVF
2011-04-13 10:06 - 2011-04-13 10:06 - 0086248 ____A C:\Users\Keith\Downloads\Comic Book__fun (1).LVF
2011-04-13 10:06 - 2011-04-13 10:06 - 0063506 ____A C:\Users\Keith\Downloads\Get Twisted__fun (1).LVF
2011-04-13 10:04 - 2010-12-06 20:17 - 0024274 ____A C:\Windows\System32\lvcoinst.log
2011-04-13 10:04 - 2010-12-06 20:17 - 0000000 ____D C:\Program Files\Common Files\logishrd
2011-04-13 09:42 - 2011-04-13 09:38 - 0004523 ____A C:\Windows\LDPINST.LOG
2011-04-13 09:38 - 2011-04-13 09:37 - 0000000 ____D C:\Program Files (x86)\Help
2011-04-13 09:36 - 2010-12-08 10:32 - 0001628 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2011-04-13 09:26 - 2010-08-20 07:19 - 0000000 ____D C:\Users\All Users\Adobe
2011-04-13 09:26 - 2010-08-20 07:19 - 0000000 ____D C:\ProgramData\Adobe
2011-04-13 09:20 - 2010-12-08 10:35 - 0000000 ____D C:\Windows\SysWOW64\logishrd
2011-04-13 09:20 - 2010-12-08 10:35 - 0000000 ____D C:\Windows\System32\logishrd
2011-04-10 17:25 - 2009-12-11 18:20 - 0000000 ____D C:\Users\Keith\AppData\Roaming\Adobe
2011-04-10 17:19 - 2011-04-10 17:19 - 0002023 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2011-04-10 17:12 - 2011-04-10 17:12 - 48536984 ____A (Adobe Systems Incorporated) C:\Users\Keith\Downloads\AdbeRdr1001_en_US.exe
2011-04-09 14:55 - 2011-04-09 14:55 - 15453336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xlive.dll
2011-04-09 14:55 - 2011-04-09 14:55 - 13642904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xlivefnt.dll
2011-04-09 14:55 - 2011-04-09 14:55 - 0179261 ____A C:\Windows\SysWOW64\xlive.dll.cat
2011-04-08 23:02 - 2011-05-11 11:43 - 5562240 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-08 22:58 - 2011-05-22 05:59 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-08 22:02 - 2011-05-11 11:43 - 3967872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-08 22:02 - 2011-05-11 11:43 - 3912576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-08 21:56 - 2011-05-22 05:59 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2011-04-06 12:26 - 2011-04-06 12:26 - 0119584 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-04-06 12:26 - 2011-04-06 12:26 - 0096544 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-04-06 12:20 - 2011-04-06 12:20 - 0107808 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-04-06 12:20 - 2011-04-06 12:20 - 0091424 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-04-05 17:53 - 2011-04-05 17:53 - 0117248 ____A C:\Users\Keith\Downloads\Biology Ignition #63 (Semester 2).ppt
2011-04-04 20:59 - 2011-04-04 20:59 - 0377936 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2011-04-02 07:05 - 2011-04-01 07:11 - 0043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2011-04-01 13:04 - 2011-04-01 13:04 - 0151940 ____A C:\Users\Keith\Downloads\motion_printable_guide.pdf
2011-04-01 13:04 - 2011-04-01 13:04 - 0151940 ____A C:\Users\Keith\Downloads\motion_printable_guide (1).pdf
2011-03-31 21:10 - 2010-12-06 20:30 - 0543328 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2011-03-31 21:10 - 2010-12-06 20:30 - 0539232 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2011-03-31 21:08 - 2010-12-06 20:30 - 0301664 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVCodec2.dll
2011-03-31 21:07 - 2011-03-31 21:07 - 10877272 ____A C:\Windows\SysWOW64\LogiDPP.dll
2011-03-31 21:07 - 2011-03-31 21:07 - 10877272 ____A C:\Windows\System32\LogiDPP.dll
2011-03-31 21:07 - 2011-03-31 21:07 - 0102744 ____A C:\Windows\SysWOW64\LogiDPPApp.exe
2011-03-31 21:07 - 2011-03-31 21:07 - 0102744 ____A C:\Windows\System32\LogiDPPApp.exe
2011-03-31 21:07 - 2010-12-06 20:30 - 4184672 ____A (Logitech Inc.) C:\Windows\System32\Drivers\LVUVC64.sys
2011-03-31 21:07 - 2010-12-06 20:30 - 0767584 ____A (Logitech Inc.) C:\Windows\System32\LVUI64.dll
2011-03-31 21:07 - 2010-12-06 20:30 - 0559712 ____A (Logitech Inc.) C:\Windows\System32\LVUIRC64.dll
2011-03-31 21:06 - 2011-03-31 21:06 - 0341856 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvrs64.sys
2011-03-31 21:06 - 2011-03-31 21:06 - 0331608 ____A C:\Windows\SysWOW64\DevManagerCore.dll
2011-03-31 21:06 - 2011-03-31 21:06 - 0331608 ____A C:\Windows\System32\DevManagerCore.dll
2011-03-31 21:05 - 2011-03-31 21:05 - 0261728 ____A (Logitech Inc.) C:\Windows\System32\lvco13251014.dll
2011-03-31 21:05 - 2010-12-06 20:30 - 0172128 ____A (Logitech Inc.) C:\Windows\System32\LVCod64.dll
2011-03-31 20:56 - 2011-03-31 20:56 - 0039318 ____A C:\Windows\System32\Repository.reg
2011-03-31 20:56 - 2011-03-31 20:56 - 0027872 ____A C:\Windows\System32\lvcoin64.ini
2011-03-29 18:41 - 2009-10-15 09:40 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-03-24 19:29 - 2011-05-11 11:43 - 0343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2011-03-24 19:29 - 2011-05-11 11:43 - 0325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2011-03-24 19:29 - 2011-05-11 11:43 - 0098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2011-03-24 19:29 - 2011-05-11 11:43 - 0052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2011-03-24 19:29 - 2011-05-11 11:43 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2011-03-24 19:28 - 2011-05-11 11:43 - 0007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2011-03-22 20:02 - 2011-03-22 20:02 - 0015192 ____A C:\Windows\System32\Drivers\iKeyLFT264.dll
2011-03-19 09:56 - 2011-03-19 09:56 - 0000000 ____D C:\Users\Keith\AppData\Local\Electronic Arts
2011-03-18 14:17 - 2011-03-17 17:01 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-03-18 14:17 - 2011-03-17 17:01 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-03-17 16:54 - 2011-03-17 16:54 - 0000000 ____D C:\Program Files (x86)\Microsoft WSE
2011-03-17 14:37 - 2011-03-17 14:37 - 0029821 ____A C:\Users\Keith\Downloads\The_Sims_3_-_Razor1911_Final_MAXSPEED.5022393.TPB.torrent
2011-03-16 12:03 - 2011-03-16 12:03 - 0037456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2011-03-13 17:49 - 2011-03-13 17:49 - 27024112 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\PowerPointViewer (3).exe
2011-03-12 11:45 - 2011-03-12 11:44 - 63204984 ____A (Microsoft Corporation) C:\Users\Keith\Downloads\PowerPointViewer (2).exe
2011-03-12 04:08 - 2011-04-27 10:34 - 1465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2011-03-12 03:23 - 2011-04-27 10:34 - 0870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2011-03-10 22:41 - 2011-04-27 10:33 - 1659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2011-03-10 22:41 - 2011-04-27 10:33 - 0027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2011-03-10 22:34 - 2011-04-14 15:43 - 1395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2011-03-10 22:34 - 2011-04-14 15:43 - 1359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2011-03-10 22:33 - 2011-04-27 10:33 - 2565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2011-03-10 22:30 - 2011-04-27 10:33 - 0096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2011-03-10 21:33 - 2011-04-27 10:33 - 1699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2011-03-10 21:33 - 2011-04-14 15:43 - 1164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2011-03-10 21:33 - 2011-04-14 15:43 - 1137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2011-03-10 21:31 - 2011-04-27 10:33 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2011-03-10 20:37 - 2011-04-27 10:33 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2011-03-10 17:39 - 2011-03-10 17:39 - 0094890 ____A C:\Users\Keith\Downloads\TS030008041.potx
2011-03-09 14:51 - 2009-12-11 18:11 - 0000174 ___SH C:\Users\Keith\Start Menu\Programs\Startup\desktop.ini
2011-03-09 14:51 - 2009-12-11 18:11 - 0000174 ___SH C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-03-09 14:26 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2011-03-09 14:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2011-03-09 14:25 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\en
2011-03-09 14:25 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\wbem
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-03-09 14:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\wbem
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sppui
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Setup
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\manifeststore
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-03-09 14:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2011-03-09 13:57 - 2009-07-13 18:36 - 0175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2011-03-09 13:57 - 2009-07-13 18:36 - 0152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2011-03-09 13:32 - 2011-03-09 13:32 - 0000000 ____D C:\Windows\System32\SPReview
2011-03-09 13:32 - 2011-03-09 13:32 - 0000000 ____D C:\Windows\System32\EventProviders
2011-03-09 12:14 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\debug
2011-03-09 11:51 - 2011-03-09 11:51 - 1627352 ____A C:\Users\Keith\Downloads\PowerISO47 (1).exe
2011-03-09 11:42 - 2011-03-09 11:42 - 0016037 ____A C:\Users\Keith\Downloads\MICROSOFT_OFFICE_2010_POWERPOINT_X64_[thethingy]_.6085508.TPB.torrent
2011-03-07 22:29 - 2011-04-14 15:42 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-03-07 21:28 - 2011-04-14 15:42 - 0741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-03-06 22:31 - 2011-04-17 11:50 - 1491456 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-03-06 22:31 - 2011-04-17 11:49 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-03-06 22:29 - 2011-04-17 11:50 - 8995328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-03-06 22:29 - 2011-04-17 11:49 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-03-06 22:28 - 2011-04-17 11:50 - 12260352 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-03-06 22:28 - 2011-04-17 11:49 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-03-06 21:33 - 2011-04-17 11:49 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-03-06 21:33 - 2011-04-17 11:49 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-03-06 21:31 - 2011-04-17 11:50 - 5981696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-03-06 21:31 - 2011-04-17 11:50 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-03-06 21:31 - 2011-04-17 11:49 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-03-06 21:31 - 2011-04-17 11:49 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-03-06 20:24 - 2011-04-17 11:49 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-03-06 19:52 - 2011-04-17 11:49 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-03-06 19:46 - 2011-03-06 19:45 - 5220110 ____A C:\Users\Keith\Downloads\319327546472349c196e148357b81447.mp3
2011-03-06 12:49 - 2009-12-11 18:10 - 0000000 ____D C:\Users\Keith\AppData\LocalLow

========================= Known DLLs =========================

[2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2011-03-09 13:17] - [2010-11-20 04:18] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2011-03-09 13:17] - [2010-11-20 05:25] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
[2011-03-09 13:16] - [2010-11-20 04:18] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2011-03-09 13:16] - [2010-11-20 05:26] - 0403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2011-03-09 13:15] - [2010-11-20 04:08] - 0311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2011-03-09 13:18] - [2010-11-20 05:26] - 2444288 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2011-03-09 13:18] - [2010-11-20 04:19] - 2064384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2011-03-09 13:12] - [2010-11-20 05:26] - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
[2011-03-09 13:12] - [2010-11-20 04:19] - 0155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-03-09 13:12] - [2010-11-20 04:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2011-03-09 13:18] - [2010-11-20 05:26] - 1161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2011-03-09 13:16] - [2010-11-20 04:08] - 0837632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2009-07-13 15:19] - [2009-07-13 17:41] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:12] - [2009-07-13 17:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2011-03-09 13:18] - [2010-11-20 05:27] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-03-09 13:18] - [2010-11-20 04:20] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
[2011-03-09 13:14] - [2010-11-20 04:20] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
[2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2011-03-09 13:18] - [2010-11-20 05:27] - 1219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2011-03-09 13:12] - [2010-11-20 04:08] - 0663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2011-03-09 13:18] - [2010-11-20 05:27] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2011-03-09 13:17] - [2010-11-20 04:21] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2011-03-09 13:19] - [2010-11-20 05:27] - 14174208 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
[2011-03-09 13:18] - [2010-11-20 04:21] - 12872192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-03-09 13:16] - [2010-11-20 04:21] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2011-04-17 11:50] - [2011-03-06 22:31] - 1491456 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
[2011-04-17 11:49] - [2011-03-06 21:33] - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2011-03-09 13:16] - [2010-11-20 04:08] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 0800256 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2011-03-09 13:16] - [2010-11-20 04:21] - 0626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2009-07-13 15:57] - [2009-07-13 17:41] - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\version.dll
[2009-07-13 15:41] - [2009-07-13 17:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll
[2011-04-17 11:49] - [2011-03-06 22:31] - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
[2011-04-17 11:49] - [2011-03-06 21:33] - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll
[2011-03-09 13:16] - [2010-11-20 04:21] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll
[2011-03-09 13:17] - [2010-11-20 05:27] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2011-03-09 13:15] - [2010-11-20 04:21] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

======================= Bamital Check ========================

C:\Windows\System32\winlogon.exe
[2011-03-09 13:17] - [2010-11-20 05:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\explorer.exe
[2011-04-27 10:34] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3


========================= Memory info ========================

Percentage of memory in use: 18%
Total physical RAM: 2812.05 MB
Available physical RAM: 2279.66 MB
Total Pagefile: 2810.2 MB
Available Pagefile: 2271.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions ===========================

1 Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:11.74 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:2.21 GB) NTFS
4 Drive g: (ILOGIC) (Removable) (Total:0.98 GB) (Free:0.98 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 01:04 AM

Well done. :thumbup2:

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
We are going to remove those cracked software casing the infection and fix the infection and boot problem.

Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

2011-06-02 13:33 - 2011-06-02 13:33 - 0151280 ____A C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip
2011-06-02 13:33 - 2011-06-02 13:33 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno
2011-06-02 13:29 - 2011-06-02 13:29 - 11193664 ____A (DT Soft Ltd.) C:\Users\Keith\Downloads\DTLite4402-0131 (1).exe
2011-06-01 14:06 - 2011-06-01 14:06 - 0287008 ____A C:\Users\Keith\Downloads\SoftonicDownloader_for_daemon-tools.exe
2011-06-01 14:02 - 2011-06-01 14:03 - 0000000 ____D C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version
2011-06-01 13:58 - 2011-06-01 13:58 - 7759263 ____A C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version.rar
cmd: bootrec /FixMbr
cmd: bcdedit /set {default} winpe no
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart normally and tell me how it went.

#5 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 June 2011 - 11:11 AM

Its working!

Thank you so much! I tried rebooting after the fix and it worked perfectly. I don't know how you do it. Here's the log from the fix:

Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.0.8)
Ran by SYSTEM at 2011-06-06 11:46:22 R:1
Running from G:\

==============================================

C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip moved successfully.
C:\Users\Keith\Downloads\Daemon.Tools.Lite.4.30.1.patch.by.Inferno moved successfully.
C:\Users\Keith\Downloads\DTLite4402-0131 (1).exe moved successfully.
C:\Users\Keith\Downloads\SoftonicDownloader_for_daemon-tools.exe moved successfully.
C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version moved successfully.
C:\Users\Keith\Downloads\Daemon.Tools.Pro.4.10.0218.Advanced.Version.rar moved successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bcdedit /set {default} winpe no =========

The operation completed successfully.

========= End of CMD: =========

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 11:57 AM

Great. :thumbsup:

Now let's make sure nothing is left behind.

Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste olt.txt and attach Extra.txt to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#7 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 June 2011 - 12:24 PM

Ok I've attached Extra.txt and here's the log for OTL.txt:


OTL logfile created on: 6/6/2011 1:06:46 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Keith\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.35% Memory free
5.49 Gb Paging File | 3.82 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 11.68 Gb Free Space | 8.53% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 13:04:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/13 16:54:34 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2010/08/12 15:55:02 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/27 20:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 13:04:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/05/18 19:05:31 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/01 01:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/30 23:21:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/04/01 01:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2011/04/01 01:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 06:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/30 18:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2007/11/07 05:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FFAddon\
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/06/02 14:22:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\components [2011/01/25 19:40:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 5\plugins [2011/04/10 21:19:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/04/25 14:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins

[2010/01/04 22:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/01/04 22:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/25 14:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions
[2011/04/25 14:48:30 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/25 14:48:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions\engine@conduit.com
[2011/01/06 22:32:59 | 000,002,698 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\searchplugins\twitter.xml
File not found (No name found) --
[2011/06/02 14:22:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/02/20 17:47:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7GJEUKZK.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI

O1 HOSTS File: ([2011/03/09 18:59:55 | 000,000,858 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] File not found
O4:64bit: - HKLM..\Run: [PLFSetL] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NielsenOnline] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [EADM] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/30 15:13:26 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2d678f47-38ce-11df-8f19-002622666cc1}\Shell - "" = AutoRun
O33 - MountPoints2\{2d678f47-38ce-11df-8f19-002622666cc1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 13:04:40 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2011/06/06 00:32:41 | 000,000,000 | ---D | C] -- C:\FRST
[2011/06/01 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\DAEMON Tools Lite
[2011/06/01 17:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/05/31 16:04:23 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/05/31 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop Express Uploader
[2011/05/30 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\Black Ops
[2011/05/24 14:23:22 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/05/23 14:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (English)
[2011/05/23 14:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/23 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/23 14:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/05/23 14:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gamevance Games
[2011/05/22 10:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/05/22 09:59:46 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/22 09:59:46 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/18 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Logitech
[2011/05/17 18:02:22 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2011/05/11 16:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/11 16:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/11 16:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/11 16:52:00 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/11 15:43:32 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 15:43:28 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 15:43:28 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/11 15:43:20 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 15:43:20 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2010/04/13 21:45:17 | 000,764,432 | ---- | C] (The Nielsen Company) -- C:\Program Files (x86)\netsight_setup_5.2.4.10_MP_Production_mid60531865643_p.exe
[2010/03/30 22:41:43 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ADBEPPROCS4_LS7.exe
[2010/01/10 19:32:08 | 004,182,178 | ---- | C] (The Public) -- C:\Program Files (x86)\Avisynth_258.exe
[2009/12/26 18:50:13 | 000,056,105 | ---- | C] (PortableAppZ.blogspot.com) -- C:\Program Files\Photoshop CS4.exe
[2009/12/12 22:35:46 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 13:12:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 13:04:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2011/06/06 12:15:16 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
[2011/06/06 12:14:52 | 000,002,405 | ---- | M] () -- C:\Users\Keith\Desktop\Google Chrome.lnk
[2011/06/06 12:14:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
[2011/06/06 12:00:01 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 12:00:01 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 11:54:08 | 117,362,716 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/06/06 11:48:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 11:48:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 11:47:51 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 14:22:44 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/06/01 18:15:16 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 17:11:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/05/31 16:04:05 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/24 17:30:23 | 000,839,374 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/24 17:30:23 | 000,692,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/24 17:30:23 | 000,131,954 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/23 14:51:10 | 000,002,449 | ---- | M] () -- C:\Users\Keith\Desktop\Microsoft Word 2010.lnk
[2011/05/23 14:51:06 | 000,002,461 | ---- | M] () -- C:\Users\Keith\Desktop\Microsoft PowerPoint 2010.lnk
[2011/05/23 14:50:59 | 000,002,451 | ---- | M] () -- C:\Users\Keith\Desktop\Microsoft Excel 2010.lnk
[2011/05/22 10:14:31 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 11:23:11 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/05/11 16:52:02 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/08 13:47:45 | 000,822,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/07 17:43:44 | 000,084,992 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/31 16:04:05 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Express Uploader.lnk
[2011/05/23 14:54:36 | 000,002,449 | ---- | C] () -- C:\Users\Keith\Desktop\Microsoft Word 2010.lnk
[2011/05/23 14:54:29 | 000,002,461 | ---- | C] () -- C:\Users\Keith\Desktop\Microsoft PowerPoint 2010.lnk
[2011/05/23 14:54:22 | 000,002,451 | ---- | C] () -- C:\Users\Keith\Desktop\Microsoft Excel 2010.lnk
[2011/05/22 10:14:31 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/11 16:52:02 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/01 11:11:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/04/01 01:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 01:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 01:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/01/16 14:33:55 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2011/01/16 14:33:55 | 000,069,720 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/10/28 14:32:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/08 14:29:21 | 000,315,616 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe
[2010/09/08 14:29:03 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2010/09/08 14:29:03 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2010/05/16 15:35:26 | 001,914,998 | ---- | C] () -- C:\Program Files (x86)\VirtualDub-1.9.9-AMD64.zip
[2010/04/18 15:34:34 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010/04/13 23:40:57 | 000,578,040 | ---- | C] () -- C:\Program Files (x86)\Install_FreeRealms.exe
[2010/04/03 21:49:22 | 000,000,255 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/01/31 15:15:17 | 000,839,374 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/09 23:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infob.dat
[2010/01/09 23:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Infoa.dat
[2010/01/09 23:24:30 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\treeinfo.dat
[2010/01/09 23:21:39 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/01/04 23:53:42 | 000,084,992 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/30 15:43:00 | 000,182,404 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/12/29 15:49:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/12/26 16:45:24 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/26 16:45:23 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7420.DAT
[2009/12/18 22:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/12 22:35:47 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2009/12/12 22:35:46 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2009/12/12 22:35:46 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2009/12/11 22:29:29 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/08/21 21:46:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03D08225

< End of report >

Attached Files


Edited by KDenning, 06 June 2011 - 12:27 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 12:51 PM

  • I recommend you to uninstall the following programs, they are not malicious but adware related:

    BearShare
    Conduit Engine

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
      IE - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - File not found
      O4:64bit: - HKLM..\Run: [mwlDaemon] File not found
      O4:64bit: - HKLM..\Run: [PLFSetL] File not found
      O4 - HKLM..\Run: [NielsenOnline] File not found
      O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [AdobeBridge] File not found
      O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [EA Core] File not found
      O4 - HKU\S-1-5-21-2393778099-1793147535-3310906996-1002..\Run: [EADM] File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      :commands
      [emptytemp]
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 June 2011 - 01:47 PM

Ok I uninstalled both of those programs. I then ran ccleaner. Here's the log from OTL:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mwlDaemon deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NielsenOnline deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keith
->Temp folder emptied: 4506143 bytes
->Temporary Internet Files folder emptied: 2392868 bytes
->Java cache emptied: 35792075 bytes
->FireFox cache emptied: 32436229 bytes
->Google Chrome cache emptied: 6886376 bytes
->Apple Safari cache emptied: 9997312 bytes
->Flash cache emptied: 56987 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06062011_142632

Files\Folders moved on Reboot...
C:\Users\Keith\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 01:52 PM

Well done. Now please do the last step too.

#11 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 June 2011 - 01:55 PM

Here's the MBAM log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6788

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/6/2011 2:43:42 PM
mbam-log-2011-06-06 (14-43-42).txt

Scan type: Quick scan
Objects scanned: 163908
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Keith\Desktop\code cracker.exe (Malware.Tool) -> Quarantined and deleted successfully.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 01:59 PM

We are almost there. We have taken care of any active malware. Let's check for the potential risks too.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats and the option Scan archivesare checked.
  • Now click on Advanced Settings and select the following:
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#13 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 June 2011 - 08:27 PM

Did the scan. It took awhile but its found 2 things. Here's the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=d84bcec54e965f46b6786d2cd8be4beb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-07 12:53:37
# local_time=2011-06-06 08:53:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 88 0 50447755 0 0
# compatibility_mode=5893 16776574 100 94 7595654 58931461 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=234866
# found=2
# cleaned=2
# scan_time=20006
C:\FRST\Quarantine\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip a variant of Win32/Kryptik.OOR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Gamevance Games\gvun.exe a variant of Win32/Adware.Gamevance.AV application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:29 AM

Posted 06 June 2011 - 10:37 PM

Well done.

C:\FRST\Quarantine\Daemon.Tools.Lite.4.30.1.patch.by.Inferno.zip a variant of Win32/Kryptik.OOR trojan (deleted - quarantined)

This zipped cracked software was the source of the infection we deleted with Farbar Recovery Scan Tool and was still in the Quarantine folder created by the tool we used. Seems you forgot you delete C:\FRST folder as I asked before. Please go to C:\ drive and delete FRST folder.

Everything looks good now and you are good to go. :thumbup2:

  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point:
  • Go to Start => Right-click "Computer" and select "Properties".
  • In the left pane select "System Protection".
  • Press "Configure".
  • Select "Delete". Then press "Continue" close and "OK".
  • Select your drive (drive C) and press "Create".
    Fill in a name for the restore point and press "Create".
    After finished press "Close".

Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.

Happy Surfing KDenning.:)

#15 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 07 June 2011 - 12:22 PM

Thank you very much for everything farbar. My computer is back to normal and working better then ever. I have one question though. Right now my antivirus software is Avg 2011. It obviously did not catch the virus that I got. Is there any other antivirus software you recommend? What's the best one?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users