Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 (64-bit) infected with goingonearth virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Cyderize

Cyderize

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 11 July 2011 - 05:24 AM

EDIT: The problem seems to have solved itself, as strange as it seems, I'm no longer getting redirects.
Topic can be now be closed, unless my logs show signs of infection.


Hey everyone. My Windows 7 Home Premium 64-Bit laptop has been infected with a virus which is redirecting some Google links to goingonearth.com. It seems to be sporadic, as it only redirects on some searches, but any search involving the word goingonearth is immediately redirected to the MSDN ask page. This has been solved in another topic, but just in case, I'm starting a new one because I don't want to further damage my PC. DeFogger has already been run. Any help would be greatly appreciated. :) Here are the DDS logs:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Jason at 20:12:50 on 2011-07-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3895.2663 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110615225550.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Tesseract-OCR] C:\Program Files (x86)\Tesseract-OCR\tesseract.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [FAStartup]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5F1EC73D-84D7-4C49-A881-6658DA39AF73} : NameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110615225550.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [FAStartup]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\4ldws3kb.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.37
FF - prefs.js: network.proxy.ftp_port - 1241
FF - prefs.js: network.proxy.http - 192.168.1.37
FF - prefs.js: network.proxy.http_port - 1241
FF - prefs.js: network.proxy.socks - 192.168.1.37
FF - prefs.js: network.proxy.socks_port - 1241
FF - prefs.js: network.proxy.ssl - 192.168.1.37
FF - prefs.js: network.proxy.ssl_port - 1241
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-7 89600]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-7 705856]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-7 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R4 KProcessHacker2;KProcessHacker2;C:\Program Files\Process Hacker 2\kprocesshacker.sys [2011-7-9 35400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-7 13336]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 akgdgc;{6922D242-2CA8-4C27-B62C-84060E386B69};C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [2008-7-23 57344]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-1-7 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-07-11 10:09:01 -------- d-----w- C:\Program Files\CCleaner
2011-07-11 04:24:36 -------- d-----w- C:\Users\Jason\AppData\Local\{ADD16B68-38E3-4705-B62E-DD8229680DA4}
2011-07-10 03:37:42 -------- d-----w- C:\Users\Jason\AppData\Local\{EAD3FFF2-D564-40A4-B65D-DB9B629A00C5}
2011-07-09 08:20:00 -------- d-----w- C:\Users\Jason\AppData\Roaming\Process Hacker 2
2011-07-09 01:14:58 -------- d-----w- C:\Program Files\Process Hacker 2
2011-07-09 01:08:13 -------- d-----w- C:\Users\Jason\AppData\Local\{0DDBBF90-5A4E-469C-A913-6FEE5B023146}
2011-07-09 00:55:15 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics
2011-07-09 00:50:30 -------- d-----w- C:\Combo-Fix
2011-07-09 00:12:07 -------- d-----w- C:\Program Files (x86)\Mästerdata ResLocalizer
2011-07-09 00:05:43 -------- d-----w- C:\Users\Jason\VirtualBox VMs
2011-07-09 00:03:19 -------- d-----w- C:\Users\Jason\.VirtualBox
2011-07-09 00:02:37 219440 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-07-09 00:02:32 44848 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-07-09 00:02:27 -------- d-----w- C:\Program Files\Oracle
2011-07-08 13:07:35 -------- d-----w- C:\Users\Jason\AppData\Local\{69B628B2-A1CF-4FAF-A23E-E77645E1E511}
2011-07-08 12:36:01 15436800 ----a-w- C:\Windows\System32\ffmpeg.exe
2011-07-08 05:06:46 -------- d-----w- C:\Users\Jason\AppData\Roaming\CoreFTP
2011-07-08 05:06:21 -------- d-----w- C:\Program Files (x86)\CoreFTP
2011-07-08 04:29:07 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes
2011-07-08 04:29:02 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 04:29:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-08 04:28:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-08 04:28:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-08 01:49:15 208896 --sha-r- C:\Windows\SysWow64\mssphtb8.dll
2011-07-08 01:19:07 -------- d-----w- C:\Users\Jason\AppData\Local\Sony
2011-07-08 01:16:53 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-08 01:16:33 -------- d-----w- C:\Program Files (x86)\Sony
2011-07-08 01:10:10 168857432 ----a-w- C:\vegaspro90_32bit.exe
2011-07-08 01:06:58 -------- d-----w- C:\Users\Jason\AppData\Local\{6361059D-FE08-4BBD-B395-4E8FA1AA0A70}
2011-07-07 12:32:59 -------- d-----w- C:\Users\Jason\AppData\Local\{01F92AE6-5707-4C88-86DD-17A4949950F2}
2011-07-07 11:40:03 -------- d-----w- C:\Users\Jason\AppData\Local\WIIMOTE
2011-07-07 00:32:21 -------- d-----w- C:\Users\Jason\AppData\Local\{31DEAC70-90FD-47CE-85FB-90C0E1598717}
2011-07-06 11:43:08 -------- d-----w- C:\Users\Jason\AppData\Local\{65888CB4-277F-4892-87A0-55FD3DAD1A53}
2011-07-06 09:09:24 -------- d-----w- C:\Users\Jason\AppData\Local\My Games
2011-07-06 09:06:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2011-07-06 09:00:01 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2011-07-06 03:06:38 -------- d-----w- C:\Users\Jason\AppData\Local\Temporary Projects
2011-07-06 02:42:43 -------- d-----w- C:\Program Files (x86)\Lua
2011-07-05 23:42:45 -------- d-----w- C:\Users\Jason\AppData\Local\{7D23DA99-36CC-4738-A0B2-A79832478A55}
2011-07-05 11:42:20 -------- d-----w- C:\Users\Jason\AppData\Local\{F6D020C0-C3F9-465A-8031-12B07F807379}
2011-07-05 04:35:19 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-07-05 03:57:49 -------- d-----w- C:\PS
2011-07-05 03:28:43 -------- d-----w- C:\Program Files (x86)\PHP
2011-07-05 03:27:10 -------- d-----w- C:\ProgramData\MySQL
2011-07-05 03:27:10 -------- d-----w- C:\Program Files\MySQL
2011-07-05 03:26:15 -------- d-----w- C:\Program Files (x86)\Apache Software Foundation
2011-07-05 01:45:47 -------- d-----w- C:\Program Files (x86)\GnuWin32
2011-07-05 00:48:04 -------- d-----w- C:\Program Files (x86)\MinGW
2011-07-04 23:51:33 -------- d-----w- C:\Users\Jason\AppData\Roaming\Wireshark
2011-07-04 23:41:43 -------- d-----w- C:\Users\Jason\AppData\Local\{AB2E8698-71AA-4B23-8E9A-474E99E584CB}
2011-07-04 11:48:00 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-07-04 11:28:30 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-07-04 11:28:08 -------- d-----w- C:\Program Files\Wireshark
2011-07-04 05:52:16 -------- d-----w- C:\Program Files (x86)\ophcrack
2011-07-04 05:39:21 -------- d-----w- C:\Users\Jason\AppData\Local\{47AD214C-3E08-4A79-ADFF-406B437C3F67}
2011-07-04 05:30:26 -------- d-----w- C:\Users\Jason\AppData\Local\{C4A47EDF-369D-45F9-8390-C071137AF03F}
2011-07-04 00:56:20 -------- d-----w- C:\Users\Jason\AppData\Local\{597C044C-D9F2-452E-B396-DEB664C04AC2}
2011-07-02 23:39:04 -------- d-----w- C:\Users\Jason\AppData\Local\{8C575A8E-8492-4563-BF8A-B73C913CF71B}
2011-07-02 11:27:49 -------- d-----w- C:\Users\Jason\AppData\Local\{FB1F8E3A-2674-4652-BEB9-6DB8B263DBD3}
2011-07-01 23:27:25 -------- d-----w- C:\Users\Jason\AppData\Local\{CC255ACA-4F55-467B-B3F8-C49308021CB8}
2011-07-01 12:11:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-01 04:57:50 -------- d-----w- C:\Users\Jason\AppData\Local\{01EC7911-6A12-45F3-BF86-CD4FC14C1928}
2011-06-30 08:51:14 -------- d-----w- C:\Users\Jason\AppData\Local\{AF27A3E5-1491-4A27-B318-E333CC97405E}
2011-06-29 05:41:27 -------- d-----w- C:\Users\Jason\AppData\Local\{E20463EB-E9DE-4C57-BD2F-5BAC9CB169CF}
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\pdfforge Toolbar
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-06-28 08:09:13 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-06-28 08:09:13 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-06-28 08:09:11 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-06-28 08:09:11 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-06-28 06:35:37 -------- d-----w- C:\Users\Jason\AppData\Local\{69984267-EF73-44C7-B0D7-7AE60E0BFC63}
2011-06-27 13:13:38 -------- d-----r- C:\Users\Jason\AppData\Roaming\Brother
2011-06-26 12:19:43 -------- d-----w- C:\Users\Jason\AppData\Local\{26652DBB-9512-4160-A4CC-48D0DDD0CA5B}
2011-06-26 10:58:25 -------- d-----w- C:\Users\Jason\AppData\Local\Google
2011-06-26 10:03:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-26 06:06:49 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 06:06:49 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-26 06:02:31 -------- d-----w- C:\Program Files (x86)\Tesseract-OCR
2011-06-26 05:49:07 73728 ------w- C:\Windows\SysWow64\BRCrypt.dll
2011-06-26 05:47:53 -------- d-----w- C:\ProgramData\Brother
2011-06-26 05:45:44 -------- d-----w- C:\MFC
2011-06-26 00:19:06 -------- d-----w- C:\Users\Jason\AppData\Local\{6FF925A9-ADFB-4B27-89A8-5B5177B304D2}
2011-06-25 12:18:27 -------- d-----w- C:\Users\Jason\AppData\Local\{67FB0E63-DD4F-476D-88EB-4B8EEEAA0411}
2011-06-25 00:18:03 -------- d-----w- C:\Users\Jason\AppData\Local\{946C5FA7-D440-42F8-A596-2FB2FC00B68F}
2011-06-24 06:31:41 -------- d-----w- C:\Users\Jason\AppData\Roaming\Cosmos User Kit
2011-06-24 06:28:21 90688 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-24 06:27:26 -------- d-----w- C:\Windows\SysWow64\1033
2011-06-24 06:27:05 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-06-24 06:13:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-06-24 06:13:37 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-06-24 06:13:37 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-06-24 06:13:34 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-06-24 06:13:25 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-24 06:12:14 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-06-24 06:11:40 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2011-06-24 06:11:40 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-06-24 05:32:31 -------- d-----w- C:\Users\Jason\AppData\Local\{434F6B87-DB90-4517-96A5-8786EF1B85FD}
2011-06-24 05:32:30 -------- d-----w- C:\Users\Jason\AppData\Local\{CD5130A3-11AA-4FCA-9565-94CAB4F34AD7}
2011-06-24 05:05:00 164656 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-06-24 05:05:00 144688 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-06-24 05:04:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-06-23 07:28:34 -------- d-----w- C:\Users\Jason\AppData\Local\{95DF0BD5-E431-4EC0-BEDA-024F3B8D7DB7}
2011-06-22 12:40:33 -------- d-----w- C:\0e103488620e53d324ecfc7c6cec02
2011-06-22 12:40:19 -------- d-----w- C:\Windows\CheckSur
2011-06-22 11:25:55 -------- d-----w- C:\ProgramData\Datos de programa
2011-06-22 07:23:48 -------- d-----w- C:\Users\Jason\AppData\Local\Thunderbird
2011-06-22 07:04:52 -------- d-----w- C:\Users\Jason\AppData\Local\{28FE8C58-012A-413E-A09F-06302E600E6F}
2011-06-22 07:04:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-21 10:31:57 -------- d-----w- C:\Users\Jason\AppData\Local\{C4B66C89-0C02-4388-86B7-BB79F475AB46}
2011-06-19 04:13:27 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-19 04:13:27 -------- d-----w- C:\Windows\System32\Wat
2011-06-19 03:05:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-19 03:05:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-19 03:02:23 -------- d-----w- C:\Users\Jason\AppData\Local\{C643CD96-5721-474B-913E-2986E55FE8E3}
2011-06-18 05:02:05 -------- d-----w- C:\Users\Jason\AppData\Local\{852E989B-E19B-4E3C-909D-AD2535978D1C}
2011-06-18 03:13:04 -------- d-----w- C:\Users\Jason\AppData\Local\Yenka
2011-06-18 01:28:00 -------- d-----w- C:\Program Files (x86)\NoteWorthy Composer 2
2011-06-17 17:04:38 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-17 17:04:38 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-17 17:04:38 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-17 17:04:38 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-17 17:04:38 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-17 17:04:38 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-17 17:04:38 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-17 17:04:38 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-17 17:04:38 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-17 17:04:38 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-17 17:01:15 -------- d-----w- C:\Users\Jason\AppData\Local\Windows Live
2011-06-17 12:17:31 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-06-17 12:17:09 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2011-06-17 07:43:25 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-06-17 06:12:11 -------- d-----w- C:\Perfect World Entertainment
2011-06-17 06:11:27 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-06-17 05:29:43 -------- d-----w- C:\Users\Jason\AppData\Roaming\SoftGrid Client
2011-06-17 05:29:43 -------- d-----w- C:\Users\Jason\AppData\Local\SoftGrid Client
2011-06-17 05:28:51 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-06-17 05:28:40 -------- d-----w- C:\Users\Jason\AppData\Roaming\TP
2011-06-17 05:22:04 -------- d-----w- C:\Users\Jason\AppData\Local\Adobe
2011-06-17 05:18:11 -------- d-----w- C:\Program Files (x86)\EAGLE-5.11.0
2011-06-17 05:18:05 -------- d-----w- C:\Users\Jason\AppData\Roaming\CadSoft
2011-06-17 04:50:06 -------- d-----w- C:\Users\Jason\AppData\Local\Microsoft Games
2011-06-17 04:48:31 -------- d-----w- C:\Users\Jason\AppData\Local\PMB Files
2011-06-17 04:48:30 -------- d-----w- C:\ProgramData\PMB Files
2011-06-17 04:48:17 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-06-17 04:46:07 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-06-17 04:46:07 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-06-17 04:44:57 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-06-17 04:43:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-06-17 04:42:57 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-17 04:42:57 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-17 04:42:57 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-17 04:42:57 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-17 04:42:56 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-17 04:42:56 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-17 04:42:55 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-17 04:42:53 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-17 04:42:53 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-17 04:42:51 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-17 04:42:50 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-16 12:08:11 395776 ----a-w- C:\Windows\System32\webio.dll
2011-06-16 12:08:11 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-06-16 12:08:09 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-06-16 12:08:08 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-06-16 12:08:07 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-06-16 12:08:06 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-06-16 12:08:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-06-16 12:05:44 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-06-16 12:05:44 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-06-15 12:47:01 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-06-15 10:14:15 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-14 11:42:38 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-06-14 11:38:09 -------- d-----w- C:\Users\Jason\AppData\Roaming\Canneverbe Limited
2011-06-14 11:38:09 -------- d-----w- C:\ProgramData\Canneverbe Limited
2011-06-14 11:36:58 -------- d-----w- C:\Users\Jason\AppData\Local\Mozilla
2011-06-14 11:20:44 -------- d-----w- C:\Users\Jason\AppData\Local\NeoSmart_Technologies
2011-06-14 11:19:44 -------- d-----w- C:\NST
2011-06-14 11:19:03 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2011-06-14 11:17:10 -------- d-----w- C:\Users\Jason\AppData\Roaming\Roxio Burn
2011-06-14 11:16:14 -------- d-----w- C:\Users\Jason\AppData\Roaming\Macrovision
2011-06-14 01:10:56 -------- d-----w- C:\Emergency
2011-06-14 00:56:38 -------- d-----w- C:\Windows\SMINST
2011-06-13 07:48:23 -------- d-----w- C:\Users\Jason\My Backup Files
2011-06-13 07:46:05 -------- d-----w- C:\nDoors
2011-06-13 07:45:17 -------- d-----w- C:\maths Zone 8 VELS
2011-06-13 07:45:17 -------- d-----w- C:\devkitPro
2011-06-13 07:45:16 -------- d-----w- C:\WinDDK
2011-06-13 07:33:45 -------- d-----w- C:\Users\Jason\AppData\Local\Xenocode
2011-06-13 07:33:24 -------- d-----w- C:\USB
2011-06-13 07:33:24 -------- d-----w- C:\S60
2011-06-13 07:33:17 -------- d-----w- C:\ProgramData\Acoustica
2011-06-13 07:33:14 -------- d-----w- C:\Program Files\LMMS
2011-06-13 07:33:04 -------- d-----w- C:\Program Files (x86)\iTunes
2011-06-13 07:33:03 -------- d-----w- C:\Program Files (x86)\Yenka
2011-06-13 07:33:03 -------- d-----w- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2011-06-13 07:33:02 -------- d-----w- C:\Program Files (x86)\Sunstone Circuits
2011-06-13 07:32:57 -------- d-----w- C:\Program Files (x86)\LTC
2011-06-13 07:32:57 -------- d-----w- C:\Program Files (x86)\Game Maker 8 Pro Edition
2011-06-13 07:32:50 -------- d-----w- C:\Program Files (x86)\FlightGear
2011-06-13 07:32:39 -------- d-----w- C:\Program Files (x86)\FFMPEG
2011-06-13 07:32:37 -------- d-----w- C:\Program Files (x86)\DSPXMedia
2011-06-13 07:31:48 -------- d-----w- C:\Program Files (x86)\Counter-Strike 1.6
2011-06-13 07:31:45 -------- d-----w- C:\Program Files (x86)\CamStudio
2011-06-13 07:31:20 -------- d-----w- C:\Program Files (x86)\Ca roule 2
2011-06-13 07:31:20 -------- d-----w- C:\Program Files (x86)\Brother
2011-06-13 07:31:18 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
2011-06-13 07:31:14 -------- d-----w- C:\Program Files (x86)\Acoustica Beatcraft
2011-06-13 07:31:14 -------- d-----w- C:\MinGW
2011-06-13 07:31:05 -------- d-----w- C:\Ca_Roule_2
2011-06-13 07:27:22 -------- d-----w- C:\Users\Jason\AppData\Roaming\Dell
2011-06-13 07:27:16 -------- d-----w- C:\Users\Jason\AppData\Local\Broadcom
2011-06-13 07:27:12 -------- d-----w- C:\Users\Jason\AppData\Roaming\Intel Corporation
2011-06-13 07:26:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-13 07:26:27 -------- d-----w- C:\Users\Jason\AppData\Local\VirtualStore
2011-06-13 07:26:15 -------- d-----w- C:\Users\Jason\AppData\Local\Stardock_Corporation
2011-06-13 07:26:08 -------- d-----w- C:\Users\Jason\AppData\Local\SoftThinks
.
==================== Find3M ====================
.
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-14 04:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 04:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 04:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 04:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 04:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 04:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 04:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 04:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 04:01:38 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2011-04-14 04:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 20:13:16.74 ===============

Attached Files


Edited by Cyderize, 11 July 2011 - 08:24 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 17 July 2011 - 03:47 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 18 July 2011 - 07:00 AM

Here's the main DDS log:
DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Jason at 21:59:04 on 2011-07-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3895.2520 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\WU-IE9-Windows7-x64.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe
C:\PROGRA~1\Oracle\VIRTUA~1\VBoxSVC.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110615225550.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Tesseract-OCR] C:\Program Files (x86)\Tesseract-OCR\tesseract.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [FAStartup] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5F1EC73D-84D7-4C49-A881-6658DA39AF73} : NameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli FAPassSync
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20110615225550.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\4ldws3kb.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.37
FF - prefs.js: network.proxy.ftp_port - 1241
FF - prefs.js: network.proxy.http - 192.168.1.37
FF - prefs.js: network.proxy.http_port - 1241
FF - prefs.js: network.proxy.socks - 192.168.1.37
FF - prefs.js: network.proxy.socks_port - 1241
FF - prefs.js: network.proxy.ssl - 192.168.1.37
FF - prefs.js: network.proxy.ssl_port - 1241
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-14 530304]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-14 283744]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-7 55856]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-14 75160]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-7 89600]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-2 2428552]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-1-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-1-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-7 149032]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-7 705856]
R2 ToonBoomLicense;ToonBoomLicense;C:\Program Files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe [2008-12-15 1423440]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-7 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-1-7 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-1-7 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-7 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-14 63056]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-7 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-7 289280]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-14 190520]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-14 441840]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R4 KProcessHacker2;KProcessHacker2;C:\Program Files\Process Hacker 2\kprocesshacker.sys [2011-7-9 35400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 136176]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-7 13336]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 akgdgc;{6922D242-2CA8-4C27-B62C-84060E386B69};C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [2008-7-23 57344]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-26 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-1-7 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-14 94992]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-7 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-7 325152]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2011-6-24 46384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-11 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2011-07-18 07:53:36 -------- d-----w- C:\Users\Jason\AppData\Local\{1E21FE09-849F-469F-8D59-9C9617402720}
2011-07-17 00:36:11 -------- d-----w- C:\Users\Jason\AppData\Local\{41BCF713-2166-449F-9ECF-60848028BE4E}
2011-07-16 12:44:52 -------- d-----w- C:\Users\Jason\AppData\Roaming\Arduino
2011-07-16 12:24:37 -------- d-----w- C:\WinAVR-20100110
2011-07-16 02:07:43 -------- d-----w- C:\Users\Jason\AppData\Local\{6B4EE1C4-7AE5-4FDB-A6C1-9A4B46EA2797}
2011-07-15 11:54:51 -------- d-----w- C:\Users\Jason\AppData\Local\{A1707DDF-6E6C-4A65-9FC3-A704EF91FC9F}
2011-07-15 04:58:44 -------- d-----w- C:\Program Files (x86)\MagicISO
2011-07-14 23:54:14 -------- d-----w- C:\Users\Jason\AppData\Local\{4FC14BC6-837F-469C-8E85-E2745D905B87}
2011-07-14 02:01:59 -------- d-----w- C:\Users\Jason\AppData\Local\{7F8AF5D4-1AB3-4C32-9467-693272EE4CD7}
2011-07-13 12:27:36 -------- d-----w- C:\Users\Jason\AppData\Local\{36C3856B-7378-450F-A87B-910E5BCEDC7D}
2011-07-13 09:26:30 -------- d-----w- C:\flexlm
2011-07-13 09:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-13 05:26:45 -------- d-----w- C:\Program Files (x86)\Toon Boom Animation
2011-07-13 05:25:03 -------- d-----w- C:\Windows\Downloaded Installations
2011-07-13 00:27:11 -------- d-----w- C:\Users\Jason\AppData\Local\{1FE5A4E9-4906-47E8-B505-FD5CE01A501D}
2011-07-12 10:15:16 -------- d-----w- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-12 10:15:15 -------- d-----w- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-12 01:37:33 -------- d-----w- C:\Users\Jason\AppData\Local\{2893725D-6F80-437F-AD27-DAB3B1C5068E}
2011-07-12 00:20:25 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-11 10:09:01 -------- d-----w- C:\Program Files\CCleaner
2011-07-11 04:24:36 -------- d-----w- C:\Users\Jason\AppData\Local\{ADD16B68-38E3-4705-B62E-DD8229680DA4}
2011-07-10 03:37:42 -------- d-----w- C:\Users\Jason\AppData\Local\{EAD3FFF2-D564-40A4-B65D-DB9B629A00C5}
2011-07-09 08:20:00 -------- d-----w- C:\Users\Jason\AppData\Roaming\Process Hacker 2
2011-07-09 01:14:58 -------- d-----w- C:\Program Files\Process Hacker 2
2011-07-09 01:08:13 -------- d-----w- C:\Users\Jason\AppData\Local\{0DDBBF90-5A4E-469C-A913-6FEE5B023146}
2011-07-09 00:55:15 -------- d-----w- C:\Users\Jason\AppData\Local\Diagnostics
2011-07-09 00:50:30 -------- d-----w- C:\Combo-Fix
2011-07-09 00:12:07 -------- d-----w- C:\Program Files (x86)\Mästerdata ResLocalizer
2011-07-09 00:05:43 -------- d-----w- C:\Users\Jason\VirtualBox VMs
2011-07-09 00:03:19 -------- d-----w- C:\Users\Jason\.VirtualBox
2011-07-09 00:02:37 219440 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-07-09 00:02:32 44848 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-07-09 00:02:27 -------- d-----w- C:\Program Files\Oracle
2011-07-08 13:07:35 -------- d-----w- C:\Users\Jason\AppData\Local\{69B628B2-A1CF-4FAF-A23E-E77645E1E511}
2011-07-08 12:36:01 15436800 ----a-w- C:\Windows\System32\ffmpeg.exe
2011-07-08 05:06:46 -------- d-----w- C:\Users\Jason\AppData\Roaming\CoreFTP
2011-07-08 05:06:21 -------- d-----w- C:\Program Files (x86)\CoreFTP
2011-07-08 04:29:07 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes
2011-07-08 04:29:02 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 04:29:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-08 04:28:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-08 04:28:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-08 01:49:15 208896 --sha-r- C:\Windows\SysWow64\mssphtb8.dll
2011-07-08 01:19:07 -------- d-----w- C:\Users\Jason\AppData\Local\Sony
2011-07-08 01:16:53 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-08 01:16:33 -------- d-----w- C:\Program Files (x86)\Sony
2011-07-08 01:10:10 168857432 ----a-w- C:\vegaspro90_32bit.exe
2011-07-08 01:06:58 -------- d-----w- C:\Users\Jason\AppData\Local\{6361059D-FE08-4BBD-B395-4E8FA1AA0A70}
2011-07-07 12:32:59 -------- d-----w- C:\Users\Jason\AppData\Local\{01F92AE6-5707-4C88-86DD-17A4949950F2}
2011-07-07 11:40:03 -------- d-----w- C:\Users\Jason\AppData\Local\WIIMOTE
2011-07-07 00:32:21 -------- d-----w- C:\Users\Jason\AppData\Local\{31DEAC70-90FD-47CE-85FB-90C0E1598717}
2011-07-06 11:43:08 -------- d-----w- C:\Users\Jason\AppData\Local\{65888CB4-277F-4892-87A0-55FD3DAD1A53}
2011-07-06 09:09:24 -------- d-----w- C:\Users\Jason\AppData\Local\My Games
2011-07-06 09:06:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2011-07-06 09:00:01 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2011-07-06 03:06:38 -------- d-----w- C:\Users\Jason\AppData\Local\Temporary Projects
2011-07-06 02:42:43 -------- d-----w- C:\Program Files (x86)\Lua
2011-07-05 23:42:45 -------- d-----w- C:\Users\Jason\AppData\Local\{7D23DA99-36CC-4738-A0B2-A79832478A55}
2011-07-05 11:42:20 -------- d-----w- C:\Users\Jason\AppData\Local\{F6D020C0-C3F9-465A-8031-12B07F807379}
2011-07-05 04:35:19 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-07-05 03:57:49 -------- d-----w- C:\PS
2011-07-05 03:28:43 -------- d-----w- C:\Program Files (x86)\PHP
2011-07-05 03:27:10 -------- d-----w- C:\ProgramData\MySQL
2011-07-05 03:27:10 -------- d-----w- C:\Program Files\MySQL
2011-07-05 03:26:15 -------- d-----w- C:\Program Files (x86)\Apache Software Foundation
2011-07-05 01:45:47 -------- d-----w- C:\Program Files (x86)\GnuWin32
2011-07-05 00:48:04 -------- d-----w- C:\Program Files (x86)\MinGW
2011-07-04 23:51:33 -------- d-----w- C:\Users\Jason\AppData\Roaming\Wireshark
2011-07-04 23:41:43 -------- d-----w- C:\Users\Jason\AppData\Local\{AB2E8698-71AA-4B23-8E9A-474E99E584CB}
2011-07-04 11:48:00 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-07-04 11:28:30 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-07-04 11:28:08 -------- d-----w- C:\Program Files\Wireshark
2011-07-04 05:52:16 -------- d-----w- C:\Program Files (x86)\ophcrack
2011-07-04 05:39:21 -------- d-----w- C:\Users\Jason\AppData\Local\{47AD214C-3E08-4A79-ADFF-406B437C3F67}
2011-07-04 05:30:26 -------- d-----w- C:\Users\Jason\AppData\Local\{C4A47EDF-369D-45F9-8390-C071137AF03F}
2011-07-04 00:56:20 -------- d-----w- C:\Users\Jason\AppData\Local\{597C044C-D9F2-452E-B396-DEB664C04AC2}
2011-07-02 23:39:04 -------- d-----w- C:\Users\Jason\AppData\Local\{8C575A8E-8492-4563-BF8A-B73C913CF71B}
2011-07-02 11:27:49 -------- d-----w- C:\Users\Jason\AppData\Local\{FB1F8E3A-2674-4652-BEB9-6DB8B263DBD3}
2011-07-01 23:27:25 -------- d-----w- C:\Users\Jason\AppData\Local\{CC255ACA-4F55-467B-B3F8-C49308021CB8}
2011-07-01 12:11:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-07-01 04:57:50 -------- d-----w- C:\Users\Jason\AppData\Local\{01EC7911-6A12-45F3-BF86-CD4FC14C1928}
2011-06-30 08:51:14 -------- d-----w- C:\Users\Jason\AppData\Local\{AF27A3E5-1491-4A27-B318-E333CC97405E}
2011-06-29 05:41:27 -------- d-----w- C:\Users\Jason\AppData\Local\{E20463EB-E9DE-4C57-BD2F-5BAC9CB169CF}
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\pdfforge Toolbar
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-06-28 08:09:57 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-06-28 08:09:13 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-06-28 08:09:13 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-06-28 08:09:11 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-06-28 08:09:11 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-06-28 06:35:37 -------- d-----w- C:\Users\Jason\AppData\Local\{69984267-EF73-44C7-B0D7-7AE60E0BFC63}
2011-06-27 13:13:38 -------- d-----r- C:\Users\Jason\AppData\Roaming\Brother
2011-06-26 12:19:43 -------- d-----w- C:\Users\Jason\AppData\Local\{26652DBB-9512-4160-A4CC-48D0DDD0CA5B}
2011-06-26 10:58:25 -------- d-----w- C:\Users\Jason\AppData\Local\Google
2011-06-26 10:03:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-26 06:06:49 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 06:06:49 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-26 06:02:31 -------- d-----w- C:\Program Files (x86)\Tesseract-OCR
2011-06-26 05:49:07 73728 ------w- C:\Windows\SysWow64\BRCrypt.dll
2011-06-26 05:47:53 -------- d-----w- C:\ProgramData\Brother
2011-06-26 05:45:44 -------- d-----w- C:\MFC
2011-06-26 00:19:06 -------- d-----w- C:\Users\Jason\AppData\Local\{6FF925A9-ADFB-4B27-89A8-5B5177B304D2}
2011-06-25 12:18:27 -------- d-----w- C:\Users\Jason\AppData\Local\{67FB0E63-DD4F-476D-88EB-4B8EEEAA0411}
2011-06-25 00:18:03 -------- d-----w- C:\Users\Jason\AppData\Local\{946C5FA7-D440-42F8-A596-2FB2FC00B68F}
2011-06-24 06:31:41 -------- d-----w- C:\Users\Jason\AppData\Roaming\Cosmos User Kit
2011-06-24 06:28:21 90688 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-24 06:27:26 -------- d-----w- C:\Windows\SysWow64\1033
2011-06-24 06:27:05 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2011-06-24 06:13:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2011-06-24 06:13:37 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-06-24 06:13:37 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-06-24 06:13:34 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-06-24 06:13:25 188128 ----a-w- C:\ProgramData\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-24 06:12:14 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-06-24 06:11:40 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2011-06-24 06:11:40 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-06-24 05:32:31 -------- d-----w- C:\Users\Jason\AppData\Local\{434F6B87-DB90-4517-96A5-8786EF1B85FD}
2011-06-24 05:32:30 -------- d-----w- C:\Users\Jason\AppData\Local\{CD5130A3-11AA-4FCA-9565-94CAB4F34AD7}
2011-06-24 05:05:00 46384 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys
2011-06-24 05:05:00 164656 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-06-24 05:05:00 144688 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-06-24 05:04:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNotify.dll
2011-06-23 07:28:34 -------- d-----w- C:\Users\Jason\AppData\Local\{95DF0BD5-E431-4EC0-BEDA-024F3B8D7DB7}
2011-06-22 12:40:33 -------- d-----w- C:\0e103488620e53d324ecfc7c6cec02
2011-06-22 12:40:19 -------- d-----w- C:\Windows\CheckSur
2011-06-22 11:25:55 -------- d-----w- C:\ProgramData\Datos de programa
2011-06-22 07:23:48 -------- d-----w- C:\Users\Jason\AppData\Local\Thunderbird
2011-06-22 07:04:52 -------- d-----w- C:\Users\Jason\AppData\Local\{28FE8C58-012A-413E-A09F-06302E600E6F}
2011-06-22 07:04:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-21 10:31:57 -------- d-----w- C:\Users\Jason\AppData\Local\{C4B66C89-0C02-4388-86B7-BB79F475AB46}
2011-06-19 04:13:27 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-19 04:13:27 -------- d-----w- C:\Windows\System32\Wat
2011-06-19 03:05:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-19 03:05:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-19 03:02:23 -------- d-----w- C:\Users\Jason\AppData\Local\{C643CD96-5721-474B-913E-2986E55FE8E3}
.
==================== Find3M ====================
.
2011-06-17 05:08:17 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 21:59:17.30 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 18 July 2011 - 11:35 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 20 July 2011 - 03:59 AM

I disabled my McAfee realtime scanning, but ComboFix still complained, even after uninstalling it from add/remove programs. I proceeded anyway.
The virus is still active, and is still sometimes redirecting my google search results. :(

Here's the ComboFix log:

ComboFix 11-07-20.02 - Jason 20/07/2011 18:42:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3895.2391 [GMT 10:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 08:47 . 2011-07-20 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 09:02 . 2011-07-19 09:02 -------- d-----w- c:\program files (x86)\MixMeister BPM Analyzer
2011-07-16 12:44 . 2011-07-16 12:44 -------- d-----w- c:\users\Jason\AppData\Roaming\Arduino
2011-07-16 12:24 . 2011-07-16 12:26 -------- d-----w- C:\WinAVR-20100110
2011-07-15 04:58 . 2011-07-15 04:58 -------- d-----w- c:\program files (x86)\MagicISO
2011-07-13 09:26 . 2011-07-13 09:36 -------- d-----w- c:\programdata\FLEXnet
2011-07-13 09:26 . 2011-07-20 08:48 -------- d-----w- C:\flexlm
2011-07-13 09:20 . 2011-07-13 09:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-07-13 05:26 . 2011-07-13 05:26 -------- d-----w- c:\program files (x86)\Toon Boom Animation
2011-07-13 05:25 . 2011-07-13 05:25 -------- d-----w- c:\windows\Downloaded Installations
2011-07-12 10:15 . 2011-07-12 10:15 -------- d-----w- c:\users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
2011-07-12 10:15 . 2011-07-12 10:15 -------- d-----w- c:\users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-07-12 00:20 . 2011-07-12 00:20 -------- d-----w- c:\windows\system32\EventProviders
2011-07-11 10:09 . 2011-07-11 10:09 -------- d-----w- c:\program files\CCleaner
2011-07-09 08:20 . 2011-07-09 08:20 -------- d-----w- c:\users\Jason\AppData\Roaming\Process Hacker 2
2011-07-09 01:14 . 2011-07-09 01:14 -------- d-----w- c:\program files\Process Hacker 2
2011-07-09 00:55 . 2011-07-09 00:55 -------- d-----w- c:\users\Jason\AppData\Local\Diagnostics
2011-07-09 00:50 . 2011-07-15 12:27 -------- d-----w- C:\Combo-Fix
2011-07-09 00:12 . 2011-07-09 00:12 -------- d-----w- c:\program files (x86)\Mästerdata ResLocalizer
2011-07-09 00:05 . 2011-07-14 11:47 -------- d-----w- c:\users\Jason\VirtualBox VMs
2011-07-09 00:03 . 2011-07-18 11:55 -------- d-----w- c:\users\Jason\.VirtualBox
2011-07-09 00:02 . 2011-06-24 05:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-07-09 00:02 . 2011-07-09 00:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-09 00:02 . 2011-06-24 05:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-07-09 00:02 . 2011-07-09 00:02 -------- d-----w- c:\program files\Oracle
2011-07-08 12:36 . 2011-07-05 01:44 15436800 ----a-w- c:\windows\system32\ffmpeg.exe
2011-07-08 05:06 . 2011-07-18 11:56 -------- d-----w- c:\users\Jason\AppData\Roaming\CoreFTP
2011-07-08 05:06 . 2011-07-08 05:06 -------- d-----w- c:\program files (x86)\CoreFTP
2011-07-08 04:29 . 2011-07-08 04:29 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2011-07-08 04:29 . 2011-05-28 23:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 04:29 . 2011-07-08 04:29 -------- d-----w- c:\programdata\Malwarebytes
2011-07-08 04:28 . 2011-07-08 04:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-08 04:28 . 2011-05-28 23:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-08 01:49 . 2011-07-08 01:49 208896 --sha-r- c:\windows\SysWow64\mssphtb8.dll
2011-07-08 01:19 . 2011-07-08 01:19 -------- d-----w- c:\users\Jason\AppData\Local\Sony
2011-07-08 01:19 . 2011-07-08 01:19 -------- d-----w- c:\users\Jason\AppData\Roaming\Sony
2011-07-08 01:16 . 2011-07-08 01:16 -------- d-----w- c:\windows\SysWow64\spool
2011-07-08 01:16 . 2011-07-08 01:16 -------- d-----w- c:\programdata\Sony
2011-07-08 01:16 . 2011-07-08 01:16 -------- d-----w- c:\program files (x86)\Sony
2011-07-08 01:10 . 2009-04-17 04:14 168857432 ----a-w- C:\vegaspro90_32bit.exe
2011-07-07 11:55 . 2011-07-07 11:55 -------- d-----w- c:\programdata\Creative
2011-07-07 11:55 . 2011-07-07 11:55 -------- d-----w- c:\users\Jason\AppData\Roaming\Creative
2011-07-07 11:40 . 2011-07-07 11:40 -------- d-----w- c:\users\Jason\AppData\Local\WIIMOTE
2011-07-06 09:09 . 2011-07-06 09:09 -------- d-----w- c:\users\Jason\AppData\Local\My Games
2011-07-06 09:06 . 2009-09-04 07:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-07-06 09:00 . 2011-07-06 09:18 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
2011-07-06 03:06 . 2011-07-07 11:50 -------- d-----w- c:\users\Jason\AppData\Local\Temporary Projects
2011-07-06 02:42 . 2011-07-06 02:42 -------- d-----w- c:\program files (x86)\Lua
2011-07-05 04:35 . 2011-07-05 04:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-07-05 04:25 . 2011-07-05 04:27 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-05 04:24 . 2011-07-05 04:24 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-07-05 03:57 . 2011-07-05 04:11 -------- d-----w- C:\PS
2011-07-05 03:28 . 2011-07-05 03:51 -------- d-----w- c:\program files (x86)\PHP
2011-07-05 03:27 . 2011-07-09 01:04 -------- d-----w- c:\programdata\MySQL
2011-07-05 03:27 . 2011-07-05 03:27 -------- d-----w- c:\program files\MySQL
2011-07-05 03:26 . 2011-07-05 03:26 -------- d-----w- c:\program files (x86)\Apache Software Foundation
2011-07-05 01:45 . 2011-07-05 01:45 -------- d-----w- c:\program files (x86)\GnuWin32
2011-07-05 00:48 . 2011-07-05 01:07 -------- d-----w- c:\program files (x86)\MinGW
2011-07-04 23:51 . 2011-07-04 23:51 -------- d-----w- c:\users\Jason\AppData\Roaming\Wireshark
2011-07-04 11:48 . 2011-07-04 11:48 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-07-04 11:28 . 2011-07-04 11:28 -------- d-----w- c:\program files (x86)\WinPcap
2011-07-04 11:28 . 2011-07-04 11:28 -------- d-----w- c:\program files\Wireshark
2011-07-04 05:52 . 2011-07-04 05:52 -------- d-----w- c:\program files (x86)\ophcrack
2011-07-01 12:12 . 2011-07-01 23:27 -------- d-----w- c:\users\Jason\AppData\Roaming\vlc
2011-07-01 12:11 . 2011-07-01 12:11 -------- d-----w- c:\program files (x86)\VideoLAN
2011-07-01 05:35 . 2011-07-01 05:35 -------- d-----w- c:\program files\7-Zip
2011-06-28 08:09 . 2011-06-28 08:09 -------- d-----w- c:\program files (x86)\Application Updater
2011-06-28 08:09 . 2011-06-28 08:09 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2011-06-28 08:09 . 2011-06-28 08:09 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-06-28 08:09 . 2005-03-11 15:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-06-28 08:09 . 1998-06-23 15:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2011-06-28 08:09 . 2011-06-28 08:10 -------- d-----w- c:\program files (x86)\PDFCreator
2011-06-28 08:09 . 1998-07-05 15:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2011-06-27 13:13 . 2011-06-27 13:13 -------- d-----r- c:\users\Jason\AppData\Roaming\Brother
2011-06-26 10:58 . 2011-06-26 11:00 -------- d-----w- c:\users\Jason\AppData\Local\Google
2011-06-26 10:04 . 2011-06-26 10:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-26 10:03 . 2011-06-26 10:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-26 10:02 . 2011-06-26 10:02 -------- d-----w- c:\program files (x86)\Java
2011-06-26 06:06 . 2011-06-26 06:06 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-26 06:06 . 2011-06-26 06:06 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-26 06:02 . 2011-06-26 06:02 -------- d-----w- c:\program files (x86)\Tesseract-OCR
2011-06-26 05:49 . 2006-07-07 02:40 73728 ------w- c:\windows\SysWow64\BRCrypt.dll
2011-06-26 05:47 . 2011-06-26 05:47 -------- d-----w- c:\programdata\Brother
2011-06-26 05:47 . 2011-06-26 05:47 -------- d-----w- c:\users\Jason\AppData\Roaming\InstallShield
2011-06-26 05:45 . 2011-06-26 05:47 -------- d-----w- C:\MFC
2011-06-24 06:31 . 2011-06-24 06:36 -------- d-----w- c:\users\Jason\AppData\Roaming\Cosmos User Kit
2011-06-24 06:28 . 2011-07-05 17:04 90688 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-24 06:27 . 2011-06-24 06:27 -------- d-----w- c:\windows\SysWow64\1033
2011-06-24 06:27 . 2011-06-24 06:27 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-06-24 06:13 . 2011-06-24 06:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-06-24 06:13 . 2011-06-24 06:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-06-24 06:13 . 2011-06-24 06:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-24 06:13 . 2011-06-24 06:13 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-06-24 06:13 . 2011-07-05 17:03 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-24 06:12 . 2011-07-04 11:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-06-24 06:11 . 2011-06-24 06:11 -------- d-----w- c:\windows\symbols
2011-06-24 06:11 . 2011-06-24 06:11 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-06-24 06:11 . 2011-06-24 06:11 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-06-24 06:11 . 2011-06-24 06:11 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-06-24 05:05 . 2011-06-24 05:05 46384 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-06-24 05:05 . 2011-06-24 05:05 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 05:05 . 2011-06-24 05:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 05:04 . 2011-06-24 05:04 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-23 07:29 . 2011-06-24 06:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-22 12:40 . 2011-06-22 12:40 -------- d-----w- C:\0e103488620e53d324ecfc7c6cec02
2011-06-22 12:40 . 2011-06-22 12:40 -------- d-----w- c:\windows\CheckSur
2011-06-22 11:25 . 2011-06-22 11:25 -------- d-----w- c:\programdata\Datos de programa
2011-06-22 11:24 . 2011-06-26 11:00 -------- d-----w- c:\program files (x86)\Google
2011-06-22 08:03 . 2011-07-09 01:04 -------- d-----w- c:\users\Jason\AppData\Roaming\Notepad++
2011-06-22 08:03 . 2011-06-22 08:03 -------- d-----w- c:\program files (x86)\Notepad++
2011-06-22 07:23 . 2011-07-14 09:31 -------- d-----w- c:\users\Jason\AppData\Local\Thunderbird
2011-06-22 07:23 . 2011-06-22 07:23 -------- d-----w- c:\users\Jason\AppData\Roaming\Thunderbird
2011-06-22 07:22 . 2011-07-14 09:38 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-06-22 07:04 . 2011-06-22 07:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 05:08 . 2011-06-17 06:11 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2011-06-13 07:24 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-28 03:25 . 2011-06-17 04:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:07 . 2011-06-17 04:43 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 03:00 . 2011-06-17 04:43 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-17 04:43 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-17 04:43 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-17 04:43 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-17 04:42 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-17 04:42 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-17 04:42 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-17 04:42 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-17 04:42 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-17 04:43 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-17 04:43 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-17 04:43 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-06-16 12:08 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-17 04:43 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-17 04:43 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-17 04:43 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-17 04:43 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-17 04:43 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-17 04:43 386048 ----a-w- c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-09 4240760]
"Tesseract-OCR"="c:\program files (x86)\Tesseract-OCR\tesseract.exe" [2010-09-30 1080320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-09-03 518640]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-14 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-5-20 41051]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-29 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 04:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-05-20 20549]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 akgdgc;{6922D242-2CA8-4C27-B62C-84060E386B69};c:\program files (x86)\ophcrack\pwdump\servpw.exe [2008-07-22 57344]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 10:58]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 10:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF4910.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{5F1EC73D-84D7-4C49-A881-6658DA39AF73}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\4ldws3kb.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.37
FF - prefs.js: network.proxy.ftp_port - 1241
FF - prefs.js: network.proxy.http - 192.168.1.37
FF - prefs.js: network.proxy.http_port - 1241
FF - prefs.js: network.proxy.socks - 192.168.1.37
FF - prefs.js: network.proxy.socks_port - 1241
FF - prefs.js: network.proxy.ssl - 192.168.1.37
FF - prefs.js: network.proxy.ssl_port - 1241
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ToonBoomLicense]
"ImagePath"="C:/Program Files (x86)/Toon Boom Animation/Toon Boom Animate Pro 2/nt/bin/lmgrd.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ToonBoomLicense]
"ImagePath"="C:/Program Files (x86)/Toon Boom Animation/Toon Boom Animate Pro 2/nt/bin/lmgrd.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe
c:\program files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2011-07-20 18:54:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-20 08:54
.
Pre-Run: 333,884,448,768 bytes free
Post-Run: 333,538,861,056 bytes free
.
- - End Of File - - C5D04C12791F898B4FBC33B3CB0BA062

Edited by Cyderize, 20 July 2011 - 06:50 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 20 July 2011 - 07:35 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 July 2011 - 01:00 AM

Last time I tried this it couldn't find anything, but I still tried it again.

This time it didn't find anything either, but here's the log anyways:

2011/07/22 15:31:16.0402 7244 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 15:31:17.0031 7244 ================================================================================
2011/07/22 15:31:17.0031 7244 SystemInfo:
2011/07/22 15:31:17.0031 7244
2011/07/22 15:31:17.0031 7244 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/22 15:31:17.0031 7244 Product type: Workstation
2011/07/22 15:31:17.0031 7244 ComputerName: NEPTUNE
2011/07/22 15:31:17.0032 7244 UserName: Jason
2011/07/22 15:31:17.0032 7244 Windows directory: C:\Windows
2011/07/22 15:31:17.0032 7244 System windows directory: C:\Windows
2011/07/22 15:31:17.0032 7244 Running under WOW64
2011/07/22 15:31:17.0032 7244 Processor architecture: Intel x64
2011/07/22 15:31:17.0032 7244 Number of processors: 4
2011/07/22 15:31:17.0032 7244 Page size: 0x1000
2011/07/22 15:31:17.0032 7244 Boot type: Normal boot
2011/07/22 15:31:17.0032 7244 ================================================================================
2011/07/22 15:31:18.0203 7244 Initialize success
2011/07/22 15:31:21.0304 7308 ================================================================================
2011/07/22 15:31:21.0305 7308 Scan started
2011/07/22 15:31:21.0305 7308 Mode: Manual;
2011/07/22 15:31:21.0305 7308 ================================================================================
2011/07/22 15:31:21.0553 7308 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/22 15:31:21.0599 7308 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/22 15:31:21.0632 7308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/22 15:31:21.0678 7308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/22 15:31:21.0728 7308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/22 15:31:21.0755 7308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/22 15:31:21.0836 7308 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/22 15:31:21.0874 7308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/22 15:31:21.0928 7308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/22 15:31:21.0953 7308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/22 15:31:22.0012 7308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/22 15:31:22.0038 7308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/22 15:31:22.0076 7308 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/22 15:31:22.0114 7308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/22 15:31:22.0139 7308 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/22 15:31:22.0179 7308 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/22 15:31:22.0248 7308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/22 15:31:22.0299 7308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/22 15:31:22.0369 7308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/22 15:31:22.0414 7308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/22 15:31:22.0481 7308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/22 15:31:22.0531 7308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/22 15:31:22.0589 7308 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
2011/07/22 15:31:22.0690 7308 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/07/22 15:31:22.0783 7308 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
2011/07/22 15:31:22.0814 7308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/22 15:31:22.0867 7308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/22 15:31:22.0902 7308 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/22 15:31:22.0923 7308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/22 15:31:22.0945 7308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/22 15:31:22.0989 7308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/22 15:31:23.0018 7308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/22 15:31:23.0065 7308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/22 15:31:23.0080 7308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/22 15:31:23.0162 7308 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/07/22 15:31:23.0191 7308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/22 15:31:23.0238 7308 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/22 15:31:23.0281 7308 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
2011/07/22 15:31:23.0328 7308 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
2011/07/22 15:31:23.0360 7308 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
2011/07/22 15:31:23.0394 7308 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
2011/07/22 15:31:23.0424 7308 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/07/22 15:31:23.0451 7308 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/07/22 15:31:23.0465 7308 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/22 15:31:23.0494 7308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/22 15:31:23.0534 7308 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/22 15:31:23.0570 7308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/22 15:31:23.0607 7308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/22 15:31:23.0668 7308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/22 15:31:23.0691 7308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/22 15:31:23.0754 7308 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/22 15:31:23.0789 7308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/22 15:31:23.0825 7308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/22 15:31:23.0843 7308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/22 15:31:23.0895 7308 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/07/22 15:31:23.0950 7308 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/22 15:31:23.0978 7308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/22 15:31:24.0023 7308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/22 15:31:24.0072 7308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/22 15:31:24.0113 7308 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/22 15:31:24.0224 7308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/22 15:31:24.0349 7308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/22 15:31:24.0401 7308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/22 15:31:24.0450 7308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/22 15:31:24.0501 7308 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
2011/07/22 15:31:24.0544 7308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/22 15:31:24.0580 7308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/22 15:31:24.0610 7308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/22 15:31:24.0652 7308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/22 15:31:24.0687 7308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/22 15:31:24.0718 7308 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/22 15:31:24.0758 7308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/22 15:31:24.0778 7308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/22 15:31:24.0830 7308 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/22 15:31:24.0862 7308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/22 15:31:24.0933 7308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/22 15:31:24.0972 7308 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/22 15:31:25.0000 7308 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/22 15:31:25.0034 7308 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/07/22 15:31:25.0058 7308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/22 15:31:25.0085 7308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/22 15:31:25.0102 7308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/22 15:31:25.0145 7308 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/22 15:31:25.0201 7308 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/22 15:31:25.0249 7308 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/22 15:31:25.0279 7308 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/22 15:31:25.0332 7308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/22 15:31:25.0368 7308 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/22 15:31:25.0425 7308 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/22 15:31:25.0644 7308 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/22 15:31:25.0838 7308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/22 15:31:25.0874 7308 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/07/22 15:31:25.0929 7308 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/07/22 15:31:25.0956 7308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/22 15:31:25.0983 7308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/22 15:31:26.0014 7308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/22 15:31:26.0045 7308 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/22 15:31:26.0073 7308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/22 15:31:26.0100 7308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/22 15:31:26.0115 7308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/22 15:31:26.0148 7308 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/22 15:31:26.0187 7308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/22 15:31:26.0223 7308 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/22 15:31:26.0246 7308 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/22 15:31:26.0268 7308 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/22 15:31:26.0295 7308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/22 15:31:26.0359 7308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/22 15:31:26.0408 7308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/22 15:31:26.0439 7308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/22 15:31:26.0469 7308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/22 15:31:26.0518 7308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/22 15:31:26.0560 7308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/22 15:31:26.0595 7308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/22 15:31:26.0623 7308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/22 15:31:26.0645 7308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/22 15:31:26.0673 7308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/22 15:31:26.0696 7308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/22 15:31:26.0718 7308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/22 15:31:26.0868 7308 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/22 15:31:26.0908 7308 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/22 15:31:26.0945 7308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/22 15:31:26.0989 7308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/22 15:31:27.0037 7308 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/22 15:31:27.0082 7308 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/22 15:31:27.0115 7308 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/22 15:31:27.0141 7308 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/22 15:31:27.0185 7308 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/22 15:31:27.0228 7308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/22 15:31:27.0262 7308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/22 15:31:27.0286 7308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/22 15:31:27.0335 7308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/22 15:31:27.0355 7308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/22 15:31:27.0390 7308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/22 15:31:27.0418 7308 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/22 15:31:27.0444 7308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/22 15:31:27.0473 7308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/22 15:31:27.0504 7308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/22 15:31:27.0527 7308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/22 15:31:27.0584 7308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/22 15:31:27.0654 7308 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/22 15:31:27.0713 7308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/22 15:31:27.0756 7308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/22 15:31:27.0795 7308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/22 15:31:27.0836 7308 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/22 15:31:27.0873 7308 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/22 15:31:27.0895 7308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/22 15:31:27.0923 7308 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/22 15:31:27.0988 7308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/22 15:31:28.0057 7308 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/07/22 15:31:28.0078 7308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/22 15:31:28.0116 7308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/22 15:31:28.0179 7308 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/22 15:31:28.0237 7308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/22 15:31:28.0297 7308 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/22 15:31:28.0328 7308 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/22 15:31:28.0361 7308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/22 15:31:28.0398 7308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/22 15:31:28.0455 7308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/22 15:31:28.0480 7308 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/22 15:31:28.0527 7308 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/22 15:31:28.0551 7308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/22 15:31:28.0577 7308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/22 15:31:28.0602 7308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/22 15:31:28.0636 7308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/22 15:31:28.0768 7308 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/22 15:31:28.0798 7308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/22 15:31:28.0843 7308 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/22 15:31:28.0887 7308 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/22 15:31:28.0940 7308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/22 15:31:28.0992 7308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/22 15:31:29.0025 7308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/22 15:31:29.0046 7308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/22 15:31:29.0085 7308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/22 15:31:29.0126 7308 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/22 15:31:29.0162 7308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/22 15:31:29.0195 7308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/22 15:31:29.0221 7308 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/22 15:31:29.0252 7308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/22 15:31:29.0280 7308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/22 15:31:29.0324 7308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/22 15:31:29.0356 7308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/22 15:31:29.0387 7308 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/22 15:31:29.0418 7308 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/22 15:31:29.0464 7308 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/22 15:31:29.0533 7308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/22 15:31:29.0562 7308 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/22 15:31:29.0593 7308 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/22 15:31:29.0627 7308 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/22 15:31:29.0659 7308 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/22 15:31:29.0694 7308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/22 15:31:29.0730 7308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/22 15:31:29.0770 7308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/22 15:31:29.0792 7308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/22 15:31:29.0825 7308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/22 15:31:29.0841 7308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/22 15:31:29.0869 7308 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/22 15:31:29.0886 7308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/22 15:31:29.0947 7308 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/07/22 15:31:30.0020 7308 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/07/22 15:31:30.0048 7308 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/07/22 15:31:30.0070 7308 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/07/22 15:31:30.0124 7308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/22 15:31:30.0151 7308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/22 15:31:30.0195 7308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/22 15:31:30.0247 7308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/22 15:31:30.0314 7308 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/22 15:31:30.0359 7308 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/22 15:31:30.0398 7308 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/22 15:31:30.0445 7308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/22 15:31:30.0501 7308 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/07/22 15:31:30.0555 7308 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/22 15:31:30.0591 7308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/22 15:31:30.0638 7308 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/22 15:31:30.0719 7308 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/22 15:31:30.0810 7308 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/22 15:31:30.0845 7308 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/22 15:31:30.0881 7308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/22 15:31:30.0896 7308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/22 15:31:30.0935 7308 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/22 15:31:30.0962 7308 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/22 15:31:31.0027 7308 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/22 15:31:31.0069 7308 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/22 15:31:31.0101 7308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/22 15:31:31.0132 7308 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/22 15:31:31.0165 7308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/22 15:31:31.0196 7308 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/22 15:31:31.0224 7308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/22 15:31:31.0271 7308 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/22 15:31:31.0297 7308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/22 15:31:31.0328 7308 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/07/22 15:31:31.0361 7308 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/22 15:31:31.0389 7308 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/07/22 15:31:31.0416 7308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/22 15:31:31.0443 7308 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/22 15:31:31.0465 7308 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/07/22 15:31:31.0499 7308 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/22 15:31:31.0565 7308 VBoxDrv (f8899654688af11b5e8ddf9ed53cb72e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/07/22 15:31:31.0608 7308 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/07/22 15:31:31.0634 7308 VBoxNetFlt (2666d93096570f92346e3117b9c051e8) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/07/22 15:31:31.0672 7308 VBoxUSB (c012d9c2726157fd9785699b99a638d3) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/07/22 15:31:31.0710 7308 VBoxUSBMon (92d8db75837262e3811dfabf80dc08e0) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/07/22 15:31:31.0760 7308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/22 15:31:31.0794 7308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/22 15:31:31.0820 7308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/22 15:31:31.0852 7308 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/22 15:31:31.0875 7308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/22 15:31:31.0905 7308 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/22 15:31:31.0930 7308 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/22 15:31:31.0957 7308 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/22 15:31:31.0983 7308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/22 15:31:32.0021 7308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/22 15:31:32.0057 7308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/22 15:31:32.0097 7308 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/22 15:31:32.0121 7308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/22 15:31:32.0159 7308 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 15:31:32.0171 7308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 15:31:32.0205 7308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/22 15:31:32.0242 7308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/22 15:31:32.0306 7308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/22 15:31:32.0340 7308 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/22 15:31:32.0369 7308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/22 15:31:32.0453 7308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/22 15:31:32.0491 7308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/22 15:31:32.0533 7308 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/07/22 15:31:32.0565 7308 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/22 15:31:32.0630 7308 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/22 15:31:32.0696 7308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/22 15:31:32.0719 7308 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/07/22 15:31:32.0760 7308 Boot (0x1200) (de4cfc9a6bceac4db23f9f39b2598578) \Device\Harddisk0\DR0\Partition0
2011/07/22 15:31:32.0778 7308 Boot (0x1200) (6b98746e67874b2596352bf256fa3f54) \Device\Harddisk0\DR0\Partition1
2011/07/22 15:31:32.0787 7308 Boot (0x1200) (d75e262dcf60ab1e0332e16ee59b0d75) \Device\Harddisk1\DR2\Partition0
2011/07/22 15:31:32.0794 7308 ================================================================================
2011/07/22 15:31:32.0794 7308 Scan finished
2011/07/22 15:31:32.0794 7308 ================================================================================
2011/07/22 15:31:32.0806 7344 Detected object count: 0
2011/07/22 15:31:32.0806 7344 Actual detected object count: 0
2011/07/22 15:31:52.0480 7248 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 22 July 2011 - 03:09 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 25 July 2011 - 07:13 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 26 July 2011 - 01:58 AM

Sorry about the wait. I've been a bit busy lately, so I wasn't able to use my laptop 'till today. Here's the OTL log:

OTL logfile created on: 7/26/2011 4:54:46 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jason\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 66.55% Memory free
7.78 Gb Paging File | 5.46 Gb Available in Paging File | 70.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.29 Gb Total Space | 306.42 Gb Free Space | 69.75% Space Free | Partition Type: NTFS

Computer Name: NEPTUNE | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Toon Boom Animation\Toon Boom Animate Pro 2\nt\bin\lmgrd.exe (Macrovision Corporation)
PRC - C:\WINDOWS\SysWOW64\brsvc01a.exe (brother Industries Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ToonBoomLicense) -- C:/Program Files (x86)/Toon Boom Animation/Toon Boom Animate Pro 2/nt/bin/lmgrd.exe ()
SRV - (akgdgc) -- C:\Program Files (x86)\ophcrack\pwdump\servpw.exe ()
SRV - (Brother XP spl Service) -- C:\WINDOWS\SysWOW64\brsvc01a.exe (brother Industries Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RDID1009) -- C:\WINDOWS\SysNative\drivers\Rdwm1009.sys (Roland Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcDAud) Intel® -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\WINDOWS\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (STHDA) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\WINDOWS\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\WINDOWS\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\WINDOWS\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\WINDOWS\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynTP) -- C:\WINDOWS\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (BCM42RLY) -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\WINDOWS\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\WINDOWS\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\WINDOWS\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\WINDOWS\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FACAP) -- C:\WINDOWS\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-748645411-84201015-2681538989-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/USCON/19
IE - HKU\S-1-5-21-748645411-84201015-2681538989-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.backup.ftp: "192.168.1.37"
FF - prefs.js..network.proxy.backup.ftp_port: 1241
FF - prefs.js..network.proxy.backup.socks: "192.168.1.37"
FF - prefs.js..network.proxy.backup.socks_port: 1241
FF - prefs.js..network.proxy.backup.ssl: "192.168.1.37"
FF - prefs.js..network.proxy.backup.ssl_port: 1241
FF - prefs.js..network.proxy.ftp: "192.168.1.37"
FF - prefs.js..network.proxy.ftp_port: 1241
FF - prefs.js..network.proxy.http: "192.168.1.37"
FF - prefs.js..network.proxy.http_port: 1241
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.37"
FF - prefs.js..network.proxy.socks_port: 1241
FF - prefs.js..network.proxy.ssl: "192.168.1.37"
FF - prefs.js..network.proxy.ssl_port: 1241
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/01/07 02:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/20 18:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/14 19:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/06/22 17:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions
[2011/06/22 17:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/12 17:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\4ldws3kb.default\extensions
[2011/06/23 18:30:10 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\4ldws3kb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/06/26 20:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/26 20:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/07 02:27:03 | 000,000,000 | ---D | M] (FastAccess Web Login) -- C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4LDWS3KB.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
() (No name found) -- C:\USERS\JASON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4LDWS3KB.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2011/06/26 16:06:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/20 18:51:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-748645411-84201015-2681538989-1000..\Run: [Tesseract-OCR] C:\Program Files (x86)\Tesseract-OCR\tesseract.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-748645411-84201015-2681538989-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-748645411-84201015-2681538989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 16:42:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My Recordings
[2011/07/26 15:43:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{50C50BEB-20B3-4524-AE27-1178DE010143}
[2011/07/25 18:29:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Notepad++Portable
[2011/07/25 18:29:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\7-ZipPortable
[2011/07/25 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\VLCPortable
[2011/07/25 18:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\PuTTYPortable
[2011/07/25 18:28:14 | 011,026,592 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\OperaPortable_11.50.paf.exe
[2011/07/25 18:27:49 | 001,071,736 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\PuTTYPortable_0.61_English.paf.exe
[2011/07/25 18:26:50 | 002,432,832 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\7-ZipPortable_9.20_Rev_2.paf.exe
[2011/07/25 18:26:46 | 021,179,504 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\VLCPortable_1.1.11.paf.exe
[2011/07/25 18:26:10 | 003,884,688 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\NotepadPlusPlusPortable_5.9.2.paf.exe
[2011/07/25 18:15:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Firefox Portable
[2011/07/25 18:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Google Chrome Portable
[2011/07/25 18:14:27 | 015,442,216 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\FirefoxPortable_5.0.1_English.paf.exe
[2011/07/25 18:14:26 | 001,462,416 | ---- | C] (PortableApps.com) -- C:\Users\Jason\Documents\GoogleChromePortable_12.0.742.122_online.paf.exe
[2011/07/25 15:50:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{985FD8B8-C924-46B9-995F-26BDDB52F761}
[2011/07/24 22:08:15 | 000,153,824 | ---- | C] (Zoran Ltd.) -- C:\Windows\SysNative\drivers\nuvvid2.sys
[2011/07/24 22:08:15 | 000,139,264 | ---- | C] (Nogatech Ltd.) -- C:\Windows\SysNative\drivers\NUVTWAIN.DLL
[2011/07/24 22:08:15 | 000,081,920 | ---- | C] (Zoran Ltd.) -- C:\Windows\SysNative\drivers\NUVYUV.DLL
[2011/07/24 22:08:15 | 000,080,896 | ---- | C] (Zoran Ltd.) -- C:\Windows\SysNative\drivers\NUVision.ax
[2011/07/24 22:08:15 | 000,077,824 | ---- | C] (Zoran Co.) -- C:\Windows\SysNative\drivers\NUVISION.DS
[2011/07/24 22:08:15 | 000,025,184 | ---- | C] (Zoran Ltd.) -- C:\Windows\SysNative\drivers\nuvaud2.sys
[2011/07/24 22:00:59 | 000,000,000 | ---D | C] -- C:\F5U208
[2011/07/24 21:09:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{817E5A9B-35B0-4668-B558-90F2BF1F61CC}
[2011/07/24 19:24:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Temporary Projects
[2011/07/24 19:14:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\NAudio
[2011/07/24 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\~VB Port
[2011/07/24 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\USdx_1.1_r1539_[duet]
[2011/07/24 16:49:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\duets
[2011/07/24 16:42:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\UltraStar Deluxe
[2011/07/24 16:39:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\us
[2011/07/24 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe CMD Edition
[2011/07/24 16:03:48 | 000,000,000 | ---D | C] -- C:\UltraStar Deluxe CMD Edition
[2011/07/24 14:10:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\EvV
[2011/07/24 14:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karakan
[2011/07/24 14:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karakan
[2011/07/24 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\karakan
[2011/07/24 13:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun
[2011/07/24 13:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Recisio
[2011/07/24 13:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaraFun
[2011/07/24 13:57:28 | 005,063,603 | ---- | C] (Recisio ) -- C:\Users\Jason\Documents\karafun_118.exe
[2011/07/24 11:16:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Acoustica Mixcraft v5.1.149 Portable
[2011/07/24 09:08:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{262867BA-AB6A-4AE0-916C-0CFBCE32913B}
[2011/07/23 20:56:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\usc
[2011/07/23 20:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2011/07/23 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ultrastardx
[2011/07/23 20:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraStar Deluxe
[2011/07/23 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\REAPER Media
[2011/07/23 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\REAPER
[2011/07/23 20:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
[2011/07/23 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER (x64)
[2011/07/23 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/07/23 12:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2011/07/23 12:59:23 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2011/07/23 12:59:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Image-Line
[2011/07/23 12:59:13 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2011/07/23 12:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2011/07/23 12:59:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/07/23 12:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2011/07/23 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2011/07/23 12:56:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\FL Studio 9
[2011/07/23 12:26:31 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/07/23 10:47:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{70F4B1BB-B381-4A8C-AF84-7F8658EEDEA0}
[2011/07/22 21:13:32 | 000,410,624 | ---- | C] (Roland Corporation) -- C:\Windows\SysNative\RDDP1009.DAT
[2011/07/22 21:13:32 | 000,081,920 | ---- | C] (Roland Corporation) -- C:\Windows\SysNative\drivers\Rdwm1009.sys
[2011/07/22 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\RdDrv001
[2011/07/22 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\um1_w764d_v100
[2011/07/22 15:31:05 | 001,436,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\tdsskiller.exe
[2011/07/22 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{697FD732-A131-4757-9EE6-941F7E3D9D8B}
[2011/07/21 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/07/21 21:22:14 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2011/07/21 21:22:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2011/07/21 21:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2011/07/21 21:21:03 | 018,386,448 | ---- | C] (pdfforge GbR) -- C:\Users\Jason\Documents\PDFCreator-1_2_1_setup.exe
[2011/07/21 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BA87BFE8-7F4C-4096-A00E-F28E78078E19}
[2011/07/20 18:51:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/20 18:41:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/20 18:41:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/20 18:41:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/20 18:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/20 17:37:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{62D809BD-4C0F-4B6F-888F-5053237537AE}
[2011/07/19 21:57:08 | 004,150,919 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2011/07/19 19:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixMeister BPM Analyzer
[2011/07/19 19:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixMeister
[2011/07/19 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9705806F-D424-4810-A361-B9D0B0835D90}
[2011/07/18 21:57:20 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2011/07/18 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1E21FE09-849F-469F-8D59-9C9617402720}
[2011/07/17 10:45:40 | 084,001,072 | ---- | C] (Oracle Corporation) -- C:\Users\Jason\Documents\VirtualBox-4.0.12-72916-Win.exe
[2011/07/17 10:36:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{41BCF713-2166-449F-9ECF-60848028BE4E}
[2011/07/16 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Arduino
[2011/07/16 22:44:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Arduino
[2011/07/16 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVR-20100110
[2011/07/16 22:24:37 | 000,000,000 | ---D | C] -- C:\WinAVR-20100110
[2011/07/16 12:07:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{6B4EE1C4-7AE5-4FDB-A6C1-9A4B46EA2797}
[2011/07/15 21:54:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{A1707DDF-6E6C-4A65-9FC3-A704EF91FC9F}
[2011/07/15 14:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/07/15 14:58:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/07/15 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2011/07/15 09:54:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4FC14BC6-837F-469C-8E85-E2745D905B87}
[2011/07/14 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\microcore
[2011/07/14 21:20:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\avrdude
[2011/07/14 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7F8AF5D4-1AB3-4C32-9467-693272EE4CD7}
[2011/07/13 22:27:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{36C3856B-7378-450F-A87B-910E5BCEDC7D}
[2011/07/13 19:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/07/13 19:26:30 | 000,000,000 | ---D | C] -- C:\flexlm
[2011/07/13 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/07/13 16:36:25 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 16:36:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 16:36:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 16:36:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 16:36:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 16:36:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 16:36:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 16:36:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 16:36:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 16:36:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 16:36:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 16:36:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 16:36:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 16:36:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 16:36:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 16:36:09 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 16:36:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 16:36:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 16:36:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 16:36:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 16:36:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 16:36:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 16:36:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 16:36:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 16:36:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/13 16:29:50 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/07/13 16:29:50 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/07/13 16:29:35 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/07/13 16:29:35 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/07/13 16:29:34 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/07/13 16:29:34 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/07/13 16:29:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/07/13 16:29:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/07/13 16:29:34 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/07/13 15:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toon Boom Animation
[2011/07/13 15:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toon Boom Animation
[2011/07/13 15:25:03 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/07/13 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1FE5A4E9-4906-47E8-B505-FD5CE01A501D}
[2011/07/12 20:15:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe Mini Bridge CS5
[2011/07/12 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/12 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2893725D-6F80-437F-AD27-DAB3B1C5068E}
[2011/07/12 10:20:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/07/11 20:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/11 20:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/11 20:08:15 | 003,216,552 | ---- | C] (Piriform Ltd) -- C:\Users\Jason\Documents\ccsetup308.exe
[2011/07/11 19:03:16 | 006,212,416 | ---- | C] (Trend Media Corporation Limited.) -- C:\Users\Jason\Documents\flashget3.7.0.1156en.exe
[2011/07/11 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{ADD16B68-38E3-4705-B62E-DD8229680DA4}
[2011/07/10 16:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2011/07/10 13:37:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EAD3FFF2-D564-40A4-B65D-DB9B629A00C5}
[2011/07/09 20:12:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Documents\OTL.exe
[2011/07/09 18:20:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Process Hacker 2
[2011/07/09 11:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2011/07/09 11:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011/07/09 11:14:37 | 001,561,470 | ---- | C] (wj32 ) -- C:\Users\Jason\Documents\processhacker-2.17-setup2.exe
[2011/07/09 11:08:16 | 001,561,470 | ---- | C] (wj32 ) -- C:\Users\Jason\Documents\processhacker-2.17-setup.exe
[2011/07/09 11:08:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0DDBBF90-5A4E-469C-A913-6FEE5B023146}
[2011/07/09 10:55:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Diagnostics
[2011/07/09 10:50:30 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/07/09 10:49:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/09 10:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mästerdata ResLocalizer
[2011/07/09 10:11:44 | 000,656,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Jason\Documents\ResLocalizer.1.00.1740.1482.exe
[2011/07/09 10:10:20 | 005,015,880 | ---- | C] (Canneverbe Limited ) -- C:\Users\Jason\Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/09 10:05:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\VirtualBox VMs
[2011/07/09 10:03:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\.VirtualBox
[2011/07/09 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/07/09 10:02:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/07/09 10:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/07/09 09:58:38 | 083,345,712 | ---- | C] (Oracle Corporation) -- C:\Users\Jason\Documents\VirtualBox-4.0.10-72479-Win.exe
[2011/07/08 23:07:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{69B628B2-A1CF-4FAF-A23E-E77645E1E511}
[2011/07/08 21:30:25 | 074,999,696 | ---- | C] (Microsoft Corporation) -- C:\Users\Jason\Documents\msert.exe
[2011/07/08 15:06:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\CoreFTP
[2011/07/08 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
[2011/07/08 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreFTP
[2011/07/08 14:46:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\public_html
[2011/07/08 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
[2011/07/08 14:29:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/08 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/08 14:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/08 14:28:58 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/08 14:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/08 14:26:20 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jason\Documents\mbam-setup-1.51.0.1200.exe
[2011/07/08 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\htdocs
[2011/07/08 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Sony
[2011/07/08 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Sony
[2011/07/08 11:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/07/08 11:16:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/07/08 11:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/07/08 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/07/08 11:10:10 | 168,857,432 | ---- | C] (Sony Creative Software Inc.) -- C:\vegaspro90_32bit.exe
[2011/07/08 11:06:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{6361059D-FE08-4BBD-B395-4E8FA1AA0A70}
[2011/07/07 23:15:04 | 095,395,651 | ---- | C] (Blog do Birungueta) -- C:\Users\Jason\Documents\Portable Sony Vegas Movie Studio Platinum v9.0b.exe
[2011/07/07 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{01F92AE6-5707-4C88-86DD-17A4949950F2}
[2011/07/07 21:55:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Dell WebCam Central
[2011/07/07 21:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011/07/07 21:55:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Creative
[2011/07/07 21:40:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\WIIMOTE
[2011/07/07 10:32:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{31DEAC70-90FD-47CE-85FB-90C0E1598717}
[2011/07/06 21:43:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{65888CB4-277F-4892-87A0-55FD3DAD1A53}
[2011/07/06 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\My Games
[2011/07/06 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My Games
[2011/07/06 19:07:04 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/07/06 19:07:04 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/07/06 19:07:04 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/07/06 19:07:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/07/06 19:07:04 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/07/06 19:07:03 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/07/06 19:07:03 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/07/06 19:07:02 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/07/06 19:07:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/07/06 19:07:01 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/07/06 19:07:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/07/06 19:07:00 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/07/06 19:07:00 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/07/06 19:07:00 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/07/06 19:07:00 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/07/06 19:06:59 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/07/06 19:06:59 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/07/06 19:06:59 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/07/06 19:06:58 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/07/06 19:06:58 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/07/06 19:06:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/07/06 19:06:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/07/06 19:06:57 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/07/06 19:06:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/07/06 19:06:57 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/07/06 19:06:57 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/07/06 19:06:56 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/07/06 19:06:56 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/07/06 19:06:56 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/07/06 19:06:56 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/07/06 19:06:56 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/07/06 19:06:56 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/07/06 19:06:54 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/07/06 19:06:54 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/07/06 19:06:54 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/07/06 19:06:54 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/07/06 19:06:53 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/07/06 19:06:53 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/07/06 19:06:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/07/06 19:06:53 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/07/06 19:06:53 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/07/06 19:06:53 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/07/06 19:06:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/07/06 19:06:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/07/06 19:06:52 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/07/06 19:06:52 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/07/06 19:06:52 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/07/06 19:06:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/07/06 19:06:51 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/07/06 19:06:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/07/06 19:06:51 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/07/06 19:06:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/07/06 19:06:50 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/07/06 19:06:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/07/06 19:06:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/07/06 19:06:50 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/07/06 19:06:50 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/07/06 19:06:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/07/06 19:06:49 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/07/06 19:06:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/07/06 19:06:49 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/07/06 19:06:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/07/06 19:06:48 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/07/06 19:06:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/07/06 19:06:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/07/06 19:06:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/07/06 19:06:47 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/07/06 19:06:47 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/07/06 19:06:47 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/07/06 19:06:47 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/07/06 19:06:47 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/07/06 19:06:47 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/07/06 19:06:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/07/06 19:06:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/07/06 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/07/06 18:56:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\sr-civ5
[2011/07/06 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\CIV5 SkidRow CRACK ONLY
[2011/07/06 12:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lua
[2011/07/06 12:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lua
[2011/07/06 12:41:44 | 025,272,295 | ---- | C] (The Lua for Windows Project and Lua and Tecgraf, PUC-Rio ) -- C:\Users\Jason\Documents\LuaForWindows_v5.1.4-45.exe
[2011/07/06 09:42:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7D23DA99-36CC-4738-A0B2-A79832478A55}
[2011/07/05 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F6D020C0-C3F9-465A-8031-12B07F807379}
[2011/07/05 14:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/07/05 14:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/05 14:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/07/05 14:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/07/05 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Adobe CS5
[2011/07/05 13:57:49 | 000,000,000 | ---D | C] -- C:\PS
[2011/07/05 13:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5
[2011/07/05 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP
[2011/07/05 13:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2011/07/05 13:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2011/07/05 13:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2011/07/05 13:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apache HTTP Server 2.2
[2011/07/05 13:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apache Software Foundation
[2011/07/05 11:46:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\MinGW
[2011/07/05 11:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
[2011/07/05 11:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuWin32
[2011/07/05 10:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW
[2011/07/05 10:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MinGW
[2011/07/05 10:46:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\trafficserver-3.0.0
[2011/07/05 09:51:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Wireshark
[2011/07/05 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AB2E8698-71AA-4B23-8E9A-474E99E584CB}
[2011/07/04 21:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/07/04 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/07/04 21:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011/07/04 15:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack
[2011/07/04 15:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ophcrack
[2011/07/04 15:39:21 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{47AD214C-3E08-4A79-ADFF-406B437C3F67}
[2011/07/04 15:30:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C4A47EDF-369D-45F9-8390-C071137AF03F}
[2011/07/04 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{597C044C-D9F2-452E-B396-DEB664C04AC2}
[2011/07/03 15:05:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\LibAV
[2011/07/03 14:46:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\gly_data
[2011/07/03 09:39:04 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C575A8E-8492-4563-BF8A-B73C913CF71B}
[2011/07/02 22:34:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\g_data
[2011/07/02 21:58:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\glycerine_data
[2011/07/02 21:27:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FB1F8E3A-2674-4652-BEB9-6DB8B263DBD3}
[2011/07/02 10:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devkitPro
[2011/07/02 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\DevKitPPC
[2011/07/02 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\rdesktop-1.7.0
[2011/07/02 09:27:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{CC255ACA-4F55-467B-B3F8-C49308021CB8}
[2011/07/01 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\car world
[2011/07/01 22:12:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\vlc
[2011/07/01 22:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/07/01 22:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/07/01 15:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/07/01 15:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/07/01 14:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{01EC7911-6A12-45F3-BF86-CD4FC14C1928}
[2011/06/30 18:51:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{AF27A3E5-1491-4A27-B318-E333CC97405E}
[2011/06/29 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\DIY Layout Creator
[2011/06/29 15:45:34 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 15:45:34 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 15:45:31 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 15:45:30 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 15:45:30 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 15:45:30 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 15:45:30 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 15:45:29 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 15:45:29 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 15:45:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 15:45:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 15:45:29 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 15:45:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 15:45:29 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 15:45:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 15:45:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/29 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E20463EB-E9DE-4C57-BD2F-5BAC9CB169CF}
[2011/06/28 18:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/06/28 18:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011/06/28 18:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/06/28 16:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{69984267-EF73-44C7-B0D7-7AE60E0BFC63}
[2011/06/27 23:13:38 | 000,000,000 | R--D | C] -- C:\Users\Jason\AppData\Roaming\Brother
[2011/06/26 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{26652DBB-9512-4160-A4CC-48D0DDD0CA5B}
[2011/06/26 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/26 20:58:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Google
[2011/06/26 20:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/26 20:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/26 20:03:35 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/26 20:03:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/26 20:03:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/26 20:03:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/26 20:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/06/26 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\eastwood
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 16:52:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2011/07/26 16:07:48 | 000,007,205 | -HS- | M] () -- C:\Users\Jason\Documents\Folder.jpg
[2011/07/26 16:07:48 | 000,007,205 | -HS- | M] () -- C:\Users\Jason\Documents\AlbumArt_{AE2D9A79-2CC3-4D88-905B-CC6EB4FB8E90}_Large.jpg
[2011/07/26 16:07:46 | 000,002,018 | -HS- | M] () -- C:\Users\Jason\Documents\AlbumArtSmall.jpg
[2011/07/26 16:07:46 | 000,002,018 | -HS- | M] () -- C:\Users\Jason\Documents\AlbumArt_{AE2D9A79-2CC3-4D88-905B-CC6EB4FB8E90}_Small.jpg
[2011/07/26 16:04:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/26 15:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/25 21:10:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 18:29:21 | 011,026,592 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\OperaPortable_11.50.paf.exe
[2011/07/25 18:27:49 | 001,071,736 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\PuTTYPortable_0.61_English.paf.exe
[2011/07/25 18:27:10 | 021,179,504 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\VLCPortable_1.1.11.paf.exe
[2011/07/25 18:26:54 | 002,432,832 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\7-ZipPortable_9.20_Rev_2.paf.exe
[2011/07/25 18:26:16 | 003,884,688 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\NotepadPlusPlusPortable_5.9.2.paf.exe
[2011/07/25 18:14:50 | 015,442,216 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\FirefoxPortable_5.0.1_English.paf.exe
[2011/07/25 18:14:27 | 001,462,416 | ---- | M] (PortableApps.com) -- C:\Users\Jason\Documents\GoogleChromePortable_12.0.742.122_online.paf.exe
[2011/07/25 18:08:48 | 000,002,038 | -H-- | M] () -- C:\Users\Jason\Documents\Default.rdp
[2011/07/24 22:00:43 | 000,275,968 | ---- | M] () -- C:\Users\Jason\Documents\f5u208_xp.exe
[2011/07/24 19:30:08 | 000,310,768 | ---- | M] () -- C:\Users\Jason\Documents\VoiceRecorderWithAutoTune.zip
[2011/07/24 19:14:12 | 000,130,380 | ---- | M] () -- C:\Users\Jason\Documents\NAudio_1_4_0_0.zip
[2011/07/24 18:31:42 | 002,322,268 | ---- | M] () -- C:\Users\Jason\Documents\voicerecorder-f652f98eb1ff.zip
[2011/07/24 17:09:38 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 17:09:38 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/24 16:48:48 | 016,789,830 | ---- | M] () -- C:\Users\Jason\Documents\USdx_1.1_r1539_[duet].zip
[2011/07/24 16:48:03 | 000,312,915 | ---- | M] () -- C:\Users\Jason\Documents\duets.zip
[2011/07/24 16:46:15 | 035,541,734 | ---- | M] () -- C:\Users\Jason\Documents\ultrastardx-1.1-src.tar.gz
[2011/07/24 16:41:34 | 039,343,099 | ---- | M] () -- C:\Users\Jason\Documents\ultrastardx-1.1-full.zip
[2011/07/24 16:39:09 | 000,412,327 | ---- | M] () -- C:\Users\Jason\Documents\latest.7z
[2011/07/24 16:04:23 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Play UltraStar CMD Edition.lnk
[2011/07/24 16:03:33 | 015,442,803 | ---- | M] () -- C:\Users\Jason\Documents\USdx_CMD_Edition-r9.5-Installer.exe
[2011/07/24 15:22:57 | 000,004,423 | ---- | M] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed 2.mid
[2011/07/24 15:22:49 | 000,004,311 | ---- | M] () -- C:\Users\Jason\Documents\untitled.kar
[2011/07/24 15:14:01 | 000,002,377 | ---- | M] () -- C:\Users\Jason\Documents\2dnb2.mid
[2011/07/24 14:58:35 | 000,002,850 | ---- | M] () -- C:\Users\Jason\Documents\2dnb1.lyr
[2011/07/24 14:58:27 | 000,002,850 | ---- | M] () -- C:\Users\Jason\Documents\untitled.lyr
[2011/07/24 14:58:17 | 000,005,924 | ---- | M] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed.mid
[2011/07/24 14:57:34 | 000,002,985 | ---- | M] () -- C:\Users\Jason\Documents\2dnb1.mid
[2011/07/24 14:10:12 | 000,000,989 | ---- | M] () -- C:\Users\Jason\Desktop\Karakan.lnk
[2011/07/24 14:09:57 | 001,186,308 | ---- | M] () -- C:\Users\Jason\Documents\karakan.zip
[2011/07/24 13:58:37 | 000,001,817 | ---- | M] () -- C:\Users\Jason\Desktop\KaraFun Editor.lnk
[2011/07/24 13:58:37 | 000,000,927 | ---- | M] () -- C:\Users\Jason\Desktop\KaraFun.lnk
[2011/07/24 13:57:47 | 005,063,603 | ---- | M] (Recisio ) -- C:\Users\Jason\Documents\karafun_118.exe
[2011/07/24 13:34:26 | 000,031,364 | ---- | M] () -- C:\Users\Jason\Documents\20dollarnosebleed.mx5
[2011/07/24 11:15:34 | 136,637,926 | ---- | M] () -- C:\Users\Jason\Documents\AcMxcft5.1.149_Port.rar
[2011/07/24 11:00:34 | 000,568,914 | ---- | M] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed - Fall Out Boy.mp3.reapeaks
[2011/07/24 10:27:02 | 000,191,514 | ---- | M] () -- C:\Users\Jason\Documents\folieadeux.jpg
[2011/07/23 20:56:12 | 006,820,829 | ---- | M] () -- C:\Users\Jason\Documents\usc_r160.zip
[2011/07/23 20:54:37 | 002,436,661 | ---- | M] () -- C:\Users\Jason\Documents\usdx_song-steven_dunston_-_northern_star.zip
[2011/07/23 20:48:47 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Play UltraStar Deluxe.lnk
[2011/07/23 20:09:30 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2011/07/23 20:08:23 | 005,314,739 | ---- | M] () -- C:\Users\Jason\Documents\reaper377_x64-install.exe
[2011/07/23 13:27:04 | 000,161,124 | ---- | M] () -- C:\Users\Jason\Documents\GSnap.zip
[2011/07/23 12:59:32 | 000,001,136 | ---- | M] () -- C:\Users\Jason\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/07/23 12:59:23 | 000,001,137 | ---- | M] () -- C:\Users\Jason\Desktop\FL Studio 9.lnk
[2011/07/23 12:45:45 | 193,161,065 | ---- | M] () -- C:\Users\Jason\Documents\CW_FL.Studio.XXL.v9.0.0.+UN-LOCKER.+UN-LOCKED.VSTi.100% Clean.zip
[2011/07/23 12:22:39 | 036,884,520 | ---- | M] () -- C:\Users\Jason\Documents\ultrastardx-1.1-installer-full.exe
[2011/07/23 12:19:35 | 000,013,880 | ---- | M] () -- C:\Users\Jason\SONGm1.mid
[2011/07/23 12:19:30 | 000,001,518 | ---- | M] () -- C:\Users\Jason\SONGm1.nwc
[2011/07/23 12:16:01 | 000,000,431 | ---- | M] () -- C:\Users\Jason\SONG3.mid
[2011/07/22 21:41:03 | 000,001,511 | ---- | M] () -- C:\Users\Jason\SONGm1.BAK
[2011/07/22 21:21:40 | 005,749,738 | ---- | M] () -- C:\Users\Jason\Documents\HP-535_335_OM.pdf
[2011/07/22 21:13:15 | 000,000,390 | ---- | M] () -- C:\Users\Jason\Documents\um1_win7_x64_v100.zip
[2011/07/22 21:13:14 | 000,410,624 | ---- | M] (Roland Corporation) -- C:\Windows\SysNative\RDDP1009.DAT
[2011/07/22 21:13:14 | 000,081,920 | ---- | M] (Roland Corporation) -- C:\Windows\SysNative\drivers\Rdwm1009.sys
[2011/07/22 21:13:14 | 000,056,832 | ---- | M] () -- C:\Windows\SysNative\RDCP1009.CPL
[2011/07/22 21:13:14 | 000,009,216 | ---- | M] () -- C:\Windows\SysNative\RdCi1009.dll
[2011/07/22 20:55:14 | 000,002,592 | ---- | M] () -- C:\Users\Jason\SONG1.nwc
[2011/07/22 19:50:57 | 000,043,436 | ---- | M] () -- C:\Users\Jason\Desktop\FWYNC60F3AQ37UY.zip
[2011/07/22 19:49:32 | 000,064,645 | ---- | M] () -- C:\Users\Jason\Desktop\FSYLZNLGE056Z5B.zip
[2011/07/22 15:31:10 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jason\Desktop\tdsskiller.exe
[2011/07/21 22:19:30 | 000,278,358 | ---- | M] () -- C:\Users\Jason\Documents\20dollarnosebleed.xps
[2011/07/21 22:18:03 | 000,013,883 | ---- | M] () -- C:\Users\Jason\SONG1.mid
[2011/07/21 22:17:36 | 000,002,592 | ---- | M] () -- C:\Users\Jason\SONG1.BAK
[2011/07/21 21:36:30 | 000,000,716 | ---- | M] () -- C:\Users\Jason\Documents\SONG2.nwc
[2011/07/21 21:35:24 | 000,001,305 | ---- | M] () -- C:\Users\Jason\Documents\study.nwc
[2011/07/21 21:24:51 | 000,293,516 | ---- | M] () -- C:\Users\Jason\Documents\a.xps
[2011/07/21 21:22:56 | 000,000,105 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011/07/21 21:22:37 | 000,001,304 | ---- | M] () -- C:\Users\Jason\Documents\study.BAK
[2011/07/21 21:22:17 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/07/21 21:21:26 | 018,386,448 | ---- | M] (pdfforge GbR) -- C:\Users\Jason\Documents\PDFCreator-1_2_1_setup.exe
[2011/07/21 03:19:52 | 005,018,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/21 03:18:29 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 18:51:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/20 18:41:01 | 004,150,919 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\ComboFix.exe
[2011/07/19 21:54:05 | 000,092,316 | ---- | M] () -- C:\Users\Jason\Documents\DSCF2101.AVI.sfk
[2011/07/19 21:46:06 | 000,140,196 | ---- | M] () -- C:\Users\Jason\Documents\bemyescape.mp3.sfk
[2011/07/19 21:43:39 | 003,253,811 | ---- | M] () -- C:\Users\Jason\Documents\bemyescape.mp3
[2011/07/19 21:07:04 | 000,779,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/19 21:07:04 | 000,665,050 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/19 21:07:04 | 000,125,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/19 21:01:02 | 431,458,466 | ---- | M] () -- C:\Users\Jason\Documents\DSCF2101.AVI
[2011/07/19 19:36:35 | 010,721,280 | ---- | M] () -- C:\Users\Jason\Documents\Scorch620NSPluginInstaller.msi
[2011/07/19 19:17:42 | 000,044,446 | ---- | M] () -- C:\Users\Jason\Documents\SONG1.pdf
[2011/07/19 19:02:26 | 004,315,948 | ---- | M] () -- C:\Users\Jason\Documents\Bush - Glycerine.mp3
[2011/07/19 19:01:51 | 000,652,482 | ---- | M] () -- C:\Users\Jason\Documents\bpmanalyzer.zip
[2011/07/18 21:57:26 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2011/07/18 21:56:25 | 000,041,187 | ---- | M] () -- C:\Users\Jason\Documents\a.diy
[2011/07/18 21:54:08 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Desktop\Defogger.exe
[2011/07/18 18:27:54 | 005,321,611 | ---- | M] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed - Fall Out Boy.mp3
[2011/07/17 10:46:50 | 084,001,072 | ---- | M] (Oracle Corporation) -- C:\Users\Jason\Documents\VirtualBox-4.0.12-72916-Win.exe
[2011/07/16 22:36:49 | 089,688,842 | ---- | M] () -- C:\Users\Jason\Documents\arduino-0022.zip
[2011/07/16 22:23:59 | 028,840,282 | ---- | M] () -- C:\Users\Jason\Documents\WinAVR-20100110-install.exe
[2011/07/16 13:20:33 | 007,411,712 | ---- | M] () -- C:\Users\Jason\Documents\MC-rem.iso
[2011/07/16 12:39:16 | 007,411,712 | ---- | M] () -- C:\Users\Jason\Documents\MC-remastered.iso
[2011/07/16 12:29:15 | 007,270,400 | ---- | M] () -- C:\Users\Jason\Documents\TC-remastered.iso
[2011/07/15 20:47:07 | 008,327,168 | ---- | M] () -- C:\Users\Jason\Documents\microcore-current.iso
[2011/07/15 20:46:41 | 000,311,296 | ---- | M] () -- C:\Users\Jason\Documents\mtd-2.6.33.3-tinycore.tcz
[2011/07/15 20:46:33 | 000,790,528 | ---- | M] () -- C:\Users\Jason\Documents\filesystems-2.6.33.3-tinycore.tcz
[2011/07/15 20:45:45 | 000,012,288 | ---- | M] () -- C:\Users\Jason\Documents\ncurses-common.tcz
[2011/07/15 20:45:38 | 000,151,552 | ---- | M] () -- C:\Users\Jason\Documents\ncurses.tcz
[2011/07/15 20:38:12 | 007,065,600 | ---- | M] () -- C:\Users\Jason\Documents\microcore-avrdude.iso
[2011/07/15 20:37:29 | 000,229,376 | ---- | M] () -- C:\Users\Jason\Documents\avrdude.tcz
[2011/07/15 20:35:10 | 000,130,840 | ---- | M] () -- C:\Users\Jason\Documents\avrdude.gz
[2011/07/15 20:29:38 | 000,000,000 | ---- | M] () -- C:\Users\Jason\Documents\t.3gp
[2011/07/15 20:29:13 | 000,000,000 | ---- | M] () -- C:\Users\Jason\Documents\test.3gp
[2011/07/15 20:27:45 | 000,000,000 | ---- | M] () -- C:\Users\Jason\Documents\test.wmv
[2011/07/15 20:25:58 | 001,287,321 | ---- | M] () -- C:\Users\Jason\Documents\test.avi
[2011/07/15 20:25:05 | 000,000,000 | ---- | M] () -- C:\Users\Jason\Documents\a.mp4
[2011/07/15 14:58:46 | 000,001,797 | ---- | M] () -- C:\Users\Jason\Desktop\MagicISO.lnk
[2011/07/15 14:53:03 | 003,067,400 | ---- | M] () -- C:\Users\Jason\Documents\Setup_MagicISO.exe
[2011/07/15 10:50:20 | 004,882,432 | ---- | M] () -- C:\Users\Jason\Documents\avr-binutils.tcz
[2011/07/14 12:09:24 | 000,682,025 | ---- | M] () -- C:\Users\Jason\Documents\T-REC-X.224-199511-I!!PDF-E.pdf
[2011/07/13 22:28:41 | 001,082,039 | ---- | M] () -- C:\Users\Jason\Documents\T-REC-T.123-200701-I!!PDF-E.pdf
[2011/07/13 22:27:05 | 010,545,333 | ---- | M] () -- C:\Users\Jason\Documents\[MS-RDPBCGR].pdf
[2011/07/13 17:18:07 | 000,004,375 | ---- | M] () -- C:\Users\Jason\Documents\cyderize.png
[2011/07/13 17:18:07 | 000,000,132 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/13 16:56:31 | 000,006,736 | ---- | M] () -- C:\Users\Jason\Documents\icon.png
[2011/07/13 16:30:59 | 000,129,206 | ---- | M] () -- C:\Users\Jason\Documents\header.png
[2011/07/13 15:50:10 | 000,058,101 | ---- | M] () -- C:\Users\Jason\Documents\banner.png
[2011/07/13 15:28:04 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\Toon Boom Animate Pro 2.lnk
[2011/07/13 15:28:04 | 000,001,495 | ---- | M] () -- C:\Users\Public\Desktop\Toon Boom Animate Pro 2 Documentation.lnk
[2011/07/13 10:30:18 | 001,361,095 | ---- | M] () -- C:\Users\Jason\Documents\header.psd
[2011/07/12 20:54:10 | 000,002,908 | ---- | M] () -- C:\Users\Jason\Documents\footer.png
[2011/07/12 20:53:41 | 000,002,832 | ---- | M] () -- C:\Users\Jason\Documents\title.png
[2011/07/12 20:48:44 | 000,002,817 | ---- | M] () -- C:\Users\Jason\Documents\menu.png
[2011/07/12 19:36:57 | 000,004,231 | ---- | M] () -- C:\Users\Jason\Documents\000webhost.png
[2011/07/12 19:35:07 | 000,003,899 | ---- | M] () -- C:\Users\Jason\Documents\donate.png
[2011/07/12 19:32:12 | 000,003,919 | ---- | M] () -- C:\Users\Jason\Documents\search.png
[2011/07/12 11:44:13 | 000,006,726 | ---- | M] () -- C:\Users\Jason\Documents\loop-category.php
[2011/07/12 11:41:07 | 000,007,302 | ---- | M] () -- C:\Users\Jason\Documents\loop-archive.php
[2011/07/11 20:12:16 | 000,005,564 | ---- | M] () -- C:\Users\Jason\Documents\cc_20110711_201212.reg
[2011/07/11 20:11:50 | 000,072,516 | ---- | M] () -- C:\Users\Jason\Documents\cc_20110711_201144.reg
[2011/07/11 20:09:08 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/11 20:08:19 | 003,216,552 | ---- | M] (Piriform Ltd) -- C:\Users\Jason\Documents\ccsetup308.exe
[2011/07/11 20:00:20 | 000,000,000 | ---- | M] () -- C:\Users\Jason\defogger_reenable
[2011/07/11 20:00:04 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Documents\Defogger.exe
[2011/07/11 19:16:32 | 006,212,416 | ---- | M] (Trend Media Corporation Limited.) -- C:\Users\Jason\Documents\flashget3.7.0.1156en.exe
[2011/07/10 16:05:34 | 000,002,838 | ---- | M] () -- C:\Users\Jason\Documents\time.png
[2011/07/09 21:47:05 | 000,004,678 | ---- | M] () -- C:\Users\Jason\Documents\inlineposts.php
[2011/07/09 21:45:14 | 000,002,266 | ---- | M] () -- C:\Users\Jason\Documents\InlinePosts_2.1.2g.zip
[2011/07/09 20:43:38 | 000,003,310 | ---- | M] () -- C:\Users\Jason\Documents\content.png
[2011/07/09 20:12:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Documents\OTL.exe
[2011/07/09 18:33:30 | 000,066,057 | ---- | M] () -- C:\Users\Jason\Documents\apache-httpd.png
[2011/07/09 18:15:04 | 001,327,397 | ---- | M] () -- C:\Users\Jason\Documents\tdsskiller.zip
[2011/07/09 11:14:58 | 000,001,827 | ---- | M] () -- C:\Users\Jason\Desktop\Process Hacker 2.lnk
[2011/07/09 11:14:38 | 001,561,470 | ---- | M] (wj32 ) -- C:\Users\Jason\Documents\processhacker-2.17-setup.exe
[2011/07/09 11:14:37 | 001,561,470 | ---- | M] (wj32 ) -- C:\Users\Jason\Documents\processhacker-2.17-setup2.exe
[2011/07/09 11:09:05 | 001,546,851 | ---- | M] () -- C:\Users\Jason\Documents\ProcessExplorer.zip
[2011/07/09 10:11:52 | 000,656,664 | ---- | M] (Microsoft Corporation) -- C:\Users\Jason\Documents\ResLocalizer.1.00.1740.1482.exe
[2011/07/09 10:11:24 | 000,171,481 | ---- | M] () -- C:\Users\Jason\Documents\Strings.ja-JP.resx
[2011/07/09 10:11:24 | 000,171,481 | ---- | M] () -- C:\Users\Jason\Documents\Strings.ja-JP - Copy.resx
[2011/07/09 10:10:39 | 005,015,880 | ---- | M] (Canneverbe Limited ) -- C:\Users\Jason\Documents\cdbxp_setup_4.3.8.2568.exe
[2011/07/09 10:02:37 | 000,001,060 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2011/07/09 10:02:37 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/09 09:59:34 | 083,345,712 | ---- | M] (Oracle Corporation) -- C:\Users\Jason\Documents\VirtualBox-4.0.10-72479-Win.exe
[2011/07/09 09:21:34 | 000,004,164 | ---- | M] () -- C:\Users\Jason\Documents\search-hover.png
[2011/07/09 08:54:40 | 000,002,811 | ---- | M] () -- C:\Users\Jason\Documents\background.png
[2011/07/08 23:06:48 | 652,891,914 | ---- | M] () -- C:\Users\Jason\Documents\glycerine.mp4
[2011/07/08 22:35:51 | 005,906,636 | ---- | M] () -- C:\Users\Jason\Documents\ffmpeg-git-5d4fd1d-win64-static.7z
[2011/07/08 22:30:40 | 000,009,728 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 21:57:24 | 000,003,326 | ---- | M] () -- C:\Users\Jason\Documents\sidebar.png
[2011/07/08 21:35:16 | 074,999,696 | ---- | M] (Microsoft Corporation) -- C:\Users\Jason\Documents\msert.exe
[2011/07/08 20:36:54 | 000,002,796 | ---- | M] () -- C:\Users\Jason\Documents\line.png
[2011/07/08 20:14:07 | 000,091,273 | ---- | M] () -- C:\Users\Jason\Documents\starkers.zip
[2011/07/08 15:06:22 | 000,000,772 | ---- | M] () -- C:\Users\Jason\Desktop\Core FTP LE.lnk
[2011/07/08 15:06:12 | 004,430,090 | ---- | M] () -- C:\Users\Jason\Documents\coreftplite.exe
[2011/07/08 14:55:51 | 003,899,271 | ---- | M] () -- C:\Users\Jason\Documents\public_html.zip
[2011/07/08 14:29:02 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 14:28:01 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jason\Documents\mbam-setup-1.51.0.1200.exe
[2011/07/08 11:49:15 | 000,208,896 | RHS- | M] () -- C:\Windows\SysWow64\mssphtb8.dll
[2011/07/08 11:42:37 | 000,002,608 | ---- | M] () -- C:\Users\Jason\Documents\Register Vegas Pro.htm
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/06 19:29:43 | 000,001,671 | ---- | M] () -- C:\Users\Jason\Desktop\Civilization.lnk
[2011/07/06 15:03:22 | 3329,425,408 | ---- | M] () -- C:\Users\Jason\Documents\sr-civ5.iso
[2011/07/06 14:36:56 | 000,009,485 | ---- | M] () -- C:\Users\Jason\Documents\skidrow.nfo
[2011/07/06 13:54:09 | 000,001,273 | ---- | M] () -- C:\Users\Jason\Documents\decrypt.html
[2011/07/06 12:47:17 | 000,002,247 | ---- | M] () -- C:\Users\Jason\Documents\mv.lua
[2011/07/06 12:42:13 | 025,272,295 | ---- | M] (The Lua for Windows Project and Lua and Tecgraf, PUC-Rio ) -- C:\Users\Jason\Documents\LuaForWindows_v5.1.4-45.exe
[2011/07/05 21:59:34 | 000,000,298 | ---- | M] () -- C:\Users\Jason\Documents\go.bat
[2011/07/05 13:31:31 | 002,937,657 | ---- | M] () -- C:\Users\Jason\Documents\phpMyAdmin-3.4.3.1-english.7z
[2011/07/05 13:26:50 | 021,400,576 | ---- | M] () -- C:\Users\Jason\Documents\php-5.2.17-Win32-VC6-x86.msi
[2011/07/05 13:26:50 | 000,001,384 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2011/07/05 13:25:55 | 030,236,664 | ---- | M] () -- C:\Users\Jason\Documents\mysql-5.5.13-winx64.msi
[2011/07/05 13:22:41 | 005,830,656 | ---- | M] () -- C:\Users\Jason\Documents\httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
[2011/07/05 13:21:56 | 003,934,427 | ---- | M] () -- C:\Users\Jason\Documents\wordpress-3.2.zip
[2011/07/05 12:15:11 | 000,001,681 | ---- | M] () -- C:\Users\Jason\Desktop\MSYS.lnk
[2011/07/05 12:15:11 | 000,000,063 | ---- | M] () -- C:\Windows\MSYS.INI
[2011/07/05 11:44:28 | 015,436,800 | ---- | M] () -- C:\Windows\SysNative\ffmpeg.exe
[2011/07/04 21:28:26 | 000,001,555 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/04 15:52:18 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\ophcrack.lnk
[2011/07/03 21:59:16 | 000,014,331 | ---- | M] () -- C:\Users\Jason\Documents\e.aup
[2011/07/03 21:59:12 | 000,008,428 | ---- | M] () -- C:\Users\Jason\Documents\d.aup
[2011/07/03 21:59:05 | 000,007,043 | ---- | M] () -- C:\Users\Jason\Documents\c.aup
[2011/07/03 21:58:57 | 000,017,398 | ---- | M] () -- C:\Users\Jason\Documents\b.aup
[2011/07/03 21:58:51 | 000,015,521 | ---- | M] () -- C:\Users\Jason\Documents\a.aup
[2011/07/03 21:34:57 | 000,073,840 | ---- | M] () -- C:\Users\Jason\Documents\stylophone.diy
[2011/07/03 14:46:39 | 000,013,089 | ---- | M] () -- C:\Users\Jason\Documents\gly.aup
[2011/07/03 10:27:37 | 000,013,191 | -HS- | M] () -- C:\Users\Jason\Documents\AlbumArt_{C62BA331-4A88-4D64-A014-8E2C941B0671}_Large.jpg
[2011/07/03 10:27:37 | 000,002,838 | -HS- | M] () -- C:\Users\Jason\Documents\AlbumArt_{C62BA331-4A88-4D64-A014-8E2C941B0671}_Small.jpg
[2011/07/02 22:35:22 | 000,014,775 | ---- | M] () -- C:\Users\Jason\Documents\glycerine.aup
[2011/07/02 22:34:55 | 000,021,809 | ---- | M] () -- C:\Users\Jason\Documents\g.aup
[2011/07/01 22:29:32 | 000,010,043 | ---- | M] () -- C:\Users\Jason\Documents\a.png
[2011/07/01 22:11:51 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/28 22:49:16 | 000,000,708 | ---- | M] () -- C:\Users\Jason\Documents\SONG2.BAK
[2011/06/28 18:34:18 | 000,042,849 | ---- | M] () -- C:\Users\Jason\Documents\Study.pdf
[2011/06/27 23:13:40 | 000,000,463 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/06/27 22:32:54 | 000,027,980 | ---- | M] () -- C:\Users\Jason\Documents\BOXMARK2.TTF
[2011/06/26 21:00:11 | 000,002,282 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/26 20:38:16 | 000,001,381 | ---- | M] () -- C:\Users\Jason\Documents\cwle.csv
[2011/06/26 20:31:49 | 000,003,083 | ---- | M] () -- C:\Users\Jason\Documents\wle.csv
[2011/06/26 20:11:43 | 000,040,380 | ---- | M] () -- C:\Users\Jason\Documents\chloropleth2.png
[2011/06/26 20:10:21 | 000,025,586 | ---- | M] () -- C:\Users\Jason\Documents\chloropleth.png
[2011/06/26 20:03:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/26 20:03:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/26 20:03:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/26 20:02:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/24 22:08:15 | 000,012,855 | ---- | C] () -- C:\Windows\SysNative\drivers\NUVVID2.INF
[2011/07/24 22:08:15 | 000,005,003 | ---- | C] () -- C:\Windows\SysNative\drivers\NUVAUD2.INF
[2011/07/24 22:08:15 | 000,000,002 | ---- | C] () -- C:\Windows\SysNative\drivers\NUVISION.CAT
[2011/07/24 22:00:43 | 000,275,968 | ---- | C] () -- C:\Users\Jason\Documents\f5u208_xp.exe
[2011/07/24 19:30:08 | 000,310,768 | ---- | C] () -- C:\Users\Jason\Documents\VoiceRecorderWithAutoTune.zip
[2011/07/24 19:14:07 | 000,130,380 | ---- | C] () -- C:\Users\Jason\Documents\NAudio_1_4_0_0.zip
[2011/07/24 18:31:41 | 002,322,268 | ---- | C] () -- C:\Users\Jason\Documents\voicerecorder-f652f98eb1ff.zip
[2011/07/24 16:48:02 | 000,312,915 | ---- | C] () -- C:\Users\Jason\Documents\duets.zip
[2011/07/24 16:47:54 | 016,789,830 | ---- | C] () -- C:\Users\Jason\Documents\USdx_1.1_r1539_[duet].zip
[2011/07/24 16:45:27 | 035,541,734 | ---- | C] () -- C:\Users\Jason\Documents\ultrastardx-1.1-src.tar.gz
[2011/07/24 16:40:46 | 039,343,099 | ---- | C] () -- C:\Users\Jason\Documents\ultrastardx-1.1-full.zip
[2011/07/24 16:39:06 | 000,412,327 | ---- | C] () -- C:\Users\Jason\Documents\latest.7z
[2011/07/24 16:04:23 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Play UltraStar CMD Edition.lnk
[2011/07/24 16:02:52 | 015,442,803 | ---- | C] () -- C:\Users\Jason\Documents\USdx_CMD_Edition-r9.5-Installer.exe
[2011/07/24 15:22:57 | 000,004,423 | ---- | C] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed 2.mid
[2011/07/24 15:01:07 | 000,004,311 | ---- | C] () -- C:\Users\Jason\Documents\untitled.kar
[2011/07/24 14:58:35 | 000,002,850 | ---- | C] () -- C:\Users\Jason\Documents\2dnb1.lyr
[2011/07/24 14:58:25 | 000,002,850 | ---- | C] () -- C:\Users\Jason\Documents\untitled.lyr
[2011/07/24 14:25:54 | 000,005,924 | ---- | C] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed.mid
[2011/07/24 14:10:12 | 000,000,989 | ---- | C] () -- C:\Users\Jason\Desktop\Karakan.lnk
[2011/07/24 14:02:21 | 001,186,308 | ---- | C] () -- C:\Users\Jason\Documents\karakan.zip
[2011/07/24 13:58:37 | 000,001,817 | ---- | C] () -- C:\Users\Jason\Desktop\KaraFun Editor.lnk
[2011/07/24 13:58:37 | 000,000,927 | ---- | C] () -- C:\Users\Jason\Desktop\KaraFun.lnk
[2011/07/24 13:34:26 | 000,031,364 | ---- | C] () -- C:\Users\Jason\Documents\20dollarnosebleed.mx5
[2011/07/24 13:34:12 | 000,002,377 | ---- | C] () -- C:\Users\Jason\Documents\2dnb2.mid
[2011/07/24 13:33:56 | 000,002,985 | ---- | C] () -- C:\Users\Jason\Documents\2dnb1.mid
[2011/07/24 11:04:58 | 136,637,926 | ---- | C] () -- C:\Users\Jason\Documents\AcMxcft5.1.149_Port.rar
[2011/07/24 11:00:32 | 000,568,914 | ---- | C] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed - Fall Out Boy.mp3.reapeaks
[2011/07/24 10:27:02 | 000,191,514 | ---- | C] () -- C:\Users\Jason\Documents\folieadeux.jpg
[2011/07/23 20:56:06 | 006,820,829 | ---- | C] () -- C:\Users\Jason\Documents\usc_r160.zip
[2011/07/23 20:54:36 | 002,436,661 | ---- | C] () -- C:\Users\Jason\Documents\usdx_song-steven_dunston_-_northern_star.zip
[2011/07/23 20:48:47 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Play UltraStar Deluxe.lnk
[2011/07/23 20:09:30 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\REAPER (x64).lnk
[2011/07/23 20:07:50 | 005,314,739 | ---- | C] () -- C:\Users\Jason\Documents\reaper377_x64-install.exe
[2011/07/23 13:27:01 | 000,161,124 | ---- | C] () -- C:\Users\Jason\Documents\GSnap.zip
[2011/07/23 12:59:32 | 000,001,136 | ---- | C] () -- C:\Users\Jason\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/07/23 12:59:23 | 000,001,137 | ---- | C] () -- C:\Users\Jason\Desktop\FL Studio 9.lnk
[2011/07/23 12:25:42 | 193,161,065 | ---- | C] () -- C:\Users\Jason\Documents\CW_FL.Studio.XXL.v9.0.0.+UN-LOCKER.+UN-LOCKED.VSTi.100% Clean.zip
[2011/07/23 12:22:08 | 036,884,520 | ---- | C] () -- C:\Users\Jason\Documents\ultrastardx-1.1-installer-full.exe
[2011/07/23 12:19:34 | 000,013,880 | ---- | C] () -- C:\Users\Jason\SONGm1.mid
[2011/07/23 12:16:01 | 000,000,431 | ---- | C] () -- C:\Users\Jason\SONG3.mid
[2011/07/22 21:41:03 | 000,001,518 | ---- | C] () -- C:\Users\Jason\SONGm1.nwc
[2011/07/22 21:41:03 | 000,001,511 | ---- | C] () -- C:\Users\Jason\SONGm1.BAK
[2011/07/22 21:21:13 | 005,749,738 | ---- | C] () -- C:\Users\Jason\Documents\HP-535_335_OM.pdf
[2011/07/22 21:13:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\RDCP1009.CPL
[2011/07/22 21:13:32 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\RdCi1009.dll
[2011/07/22 21:12:56 | 000,000,390 | ---- | C] () -- C:\Users\Jason\Documents\um1_win7_x64_v100.zip
[2011/07/22 19:50:57 | 000,043,436 | ---- | C] () -- C:\Users\Jason\Desktop\FWYNC60F3AQ37UY.zip
[2011/07/22 19:49:31 | 000,064,645 | ---- | C] () -- C:\Users\Jason\Desktop\FSYLZNLGE056Z5B.zip
[2011/07/21 22:19:28 | 000,278,358 | ---- | C] () -- C:\Users\Jason\Documents\20dollarnosebleed.xps
[2011/07/21 22:18:03 | 000,013,883 | ---- | C] () -- C:\Users\Jason\SONG1.mid
[2011/07/21 21:23:39 | 000,293,516 | ---- | C] () -- C:\Users\Jason\Documents\a.xps
[2011/07/21 21:22:17 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011/07/21 21:19:04 | 000,000,105 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2011/07/20 18:41:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/20 18:41:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/20 18:41:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/20 18:41:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/20 18:41:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/19 21:46:54 | 000,092,316 | ---- | C] () -- C:\Users\Jason\Documents\DSCF2101.AVI.sfk
[2011/07/19 21:44:59 | 000,140,196 | ---- | C] () -- C:\Users\Jason\Documents\bemyescape.mp3.sfk
[2011/07/19 21:43:33 | 003,253,811 | ---- | C] () -- C:\Users\Jason\Documents\bemyescape.mp3
[2011/07/19 21:01:03 | 431,458,466 | ---- | C] () -- C:\Users\Jason\Documents\DSCF2101.AVI
[2011/07/19 19:35:05 | 010,721,280 | ---- | C] () -- C:\Users\Jason\Documents\Scorch620NSPluginInstaller.msi
[2011/07/19 19:17:41 | 000,044,446 | ---- | C] () -- C:\Users\Jason\Documents\SONG1.pdf
[2011/07/19 19:01:48 | 000,652,482 | ---- | C] () -- C:\Users\Jason\Documents\bpmanalyzer.zip
[2011/07/18 21:56:24 | 000,041,187 | ---- | C] () -- C:\Users\Jason\Documents\a.diy
[2011/07/18 21:55:17 | 000,002,592 | ---- | C] () -- C:\Users\Jason\SONG1.nwc
[2011/07/18 21:55:17 | 000,002,592 | ---- | C] () -- C:\Users\Jason\SONG1.BAK
[2011/07/18 21:54:07 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Desktop\Defogger.exe
[2011/07/18 18:28:37 | 000,007,205 | -HS- | C] () -- C:\Users\Jason\Documents\AlbumArt_{AE2D9A79-2CC3-4D88-905B-CC6EB4FB8E90}_Large.jpg
[2011/07/18 18:28:37 | 000,002,018 | -HS- | C] () -- C:\Users\Jason\Documents\AlbumArt_{AE2D9A79-2CC3-4D88-905B-CC6EB4FB8E90}_Small.jpg
[2011/07/18 18:21:23 | 005,321,611 | ---- | C] () -- C:\Users\Jason\Documents\20 Dollar Nose Bleed - Fall Out Boy.mp3
[2011/07/16 22:28:06 | 089,688,842 | ---- | C] () -- C:\Users\Jason\Documents\arduino-0022.zip
[2011/07/16 22:23:29 | 028,840,282 | ---- | C] () -- C:\Users\Jason\Documents\WinAVR-20100110-install.exe
[2011/07/16 13:20:32 | 007,411,712 | ---- | C] () -- C:\Users\Jason\Documents\MC-rem.iso
[2011/07/16 12:39:16 | 007,411,712 | ---- | C] () -- C:\Users\Jason\Documents\MC-remastered.iso
[2011/07/16 12:29:14 | 007,270,400 | ---- | C] () -- C:\Users\Jason\Documents\TC-remastered.iso
[2011/07/15 20:46:40 | 000,311,296 | ---- | C] () -- C:\Users\Jason\Documents\mtd-2.6.33.3-tinycore.tcz
[2011/07/15 20:46:27 | 000,790,528 | ---- | C] () -- C:\Users\Jason\Documents\filesystems-2.6.33.3-tinycore.tcz
[2011/07/15 20:45:45 | 000,012,288 | ---- | C] () -- C:\Users\Jason\Documents\ncurses-common.tcz
[2011/07/15 20:45:38 | 000,151,552 | ---- | C] () -- C:\Users\Jason\Documents\ncurses.tcz
[2011/07/15 20:43:34 | 008,327,168 | ---- | C] () -- C:\Users\Jason\Documents\microcore-current.iso
[2011/07/15 20:37:29 | 000,229,376 | ---- | C] () -- C:\Users\Jason\Documents\avrdude.tcz
[2011/07/15 20:35:09 | 000,130,840 | ---- | C] () -- C:\Users\Jason\Documents\avrdude.gz
[2011/07/15 20:29:38 | 000,000,000 | ---- | C] () -- C:\Users\Jason\Documents\t.3gp
[2011/07/15 20:29:13 | 000,000,000 | ---- | C] () -- C:\Users\Jason\Documents\test.3gp
[2011/07/15 20:26:14 | 000,000,000 | ---- | C] () -- C:\Users\Jason\Documents\test.wmv
[2011/07/15 20:25:54 | 001,287,321 | ---- | C] () -- C:\Users\Jason\Documents\test.avi
[2011/07/15 20:23:28 | 000,000,000 | ---- | C] () -- C:\Users\Jason\Documents\a.mp4
[2011/07/15 20:18:31 | 155,944,181 | ---- | C] () -- C:\Users\Jason\Documents\a.mkv
[2011/07/15 14:58:46 | 000,001,797 | ---- | C] () -- C:\Users\Jason\Desktop\MagicISO.lnk
[2011/07/15 14:51:46 | 003,067,400 | ---- | C] () -- C:\Users\Jason\Documents\Setup_MagicISO.exe
[2011/07/15 14:46:55 | 007,065,600 | ---- | C] () -- C:\Users\Jason\Documents\microcore-avrdude.iso
[2011/07/15 10:50:18 | 004,882,432 | ---- | C] () -- C:\Users\Jason\Documents\avr-binutils.tcz
[2011/07/14 19:38:11 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/07/14 12:09:24 | 000,682,025 | ---- | C] () -- C:\Users\Jason\Documents\T-REC-X.224-199511-I!!PDF-E.pdf
[2011/07/13 22:28:40 | 001,082,039 | ---- | C] () -- C:\Users\Jason\Documents\T-REC-T.123-200701-I!!PDF-E.pdf
[2011/07/13 22:26:33 | 010,545,333 | ---- | C] () -- C:\Users\Jason\Documents\[MS-RDPBCGR].pdf
[2011/07/13 17:18:06 | 000,004,375 | ---- | C] () -- C:\Users\Jason\Documents\cyderize.png
[2011/07/13 16:56:30 | 000,006,736 | ---- | C] () -- C:\Users\Jason\Documents\icon.png
[2011/07/13 15:50:08 | 000,058,101 | ---- | C] () -- C:\Users\Jason\Documents\banner.png
[2011/07/13 15:28:04 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\Toon Boom Animate Pro 2.lnk
[2011/07/13 15:28:04 | 000,001,495 | ---- | C] () -- C:\Users\Public\Desktop\Toon Boom Animate Pro 2 Documentation.lnk
[2011/07/12 20:44:23 | 001,361,095 | ---- | C] () -- C:\Users\Jason\Documents\header.psd
[2011/07/12 14:51:37 | 000,004,231 | ---- | C] () -- C:\Users\Jason\Documents\000webhost.png
[2011/07/12 14:41:15 | 000,003,899 | ---- | C] () -- C:\Users\Jason\Documents\donate.png
[2011/07/12 11:44:13 | 000,006,726 | ---- | C] () -- C:\Users\Jason\Documents\loop-category.php
[2011/07/12 11:30:03 | 000,007,302 | ---- | C] () -- C:\Users\Jason\Documents\loop-archive.php
[2011/07/11 20:12:13 | 000,005,564 | ---- | C] () -- C:\Users\Jason\Documents\cc_20110711_201212.reg
[2011/07/11 20:11:46 | 000,072,516 | ---- | C] () -- C:\Users\Jason\Documents\cc_20110711_201144.reg
[2011/07/11 20:09:08 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/11 20:00:20 | 000,000,000 | ---- | C] () -- C:\Users\Jason\defogger_reenable
[2011/07/11 20:00:04 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Documents\Defogger.exe
[2011/07/10 16:05:42 | 000,002,832 | ---- | C] () -- C:\Users\Jason\Documents\title.png
[2011/07/10 16:04:31 | 000,002,838 | ---- | C] () -- C:\Users\Jason\Documents\time.png
[2011/07/09 21:45:14 | 000,002,266 | ---- | C] () -- C:\Users\Jason\Documents\InlinePosts_2.1.2g.zip
[2011/07/09 18:33:30 | 000,066,057 | ---- | C] () -- C:\Users\Jason\Documents\apache-httpd.png
[2011/07/09 18:14:40 | 001,327,397 | ---- | C] () -- C:\Users\Jason\Documents\tdsskiller.zip
[2011/07/09 11:14:58 | 000,001,827 | ---- | C] () -- C:\Users\Jason\Desktop\Process Hacker 2.lnk
[2011/07/09 11:09:04 | 001,546,851 | ---- | C] () -- C:\Users\Jason\Documents\ProcessExplorer.zip
[2011/07/09 10:12:08 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mästerdata ResLocalizer.lnk
[2011/07/09 10:11:50 | 000,171,481 | ---- | C] () -- C:\Users\Jason\Documents\Strings.ja-JP - Copy.resx
[2011/07/09 10:11:24 | 000,171,481 | ---- | C] () -- C:\Users\Jason\Documents\Strings.ja-JP.resx
[2011/07/09 10:02:37 | 000,001,060 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2011/07/09 10:02:37 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/07/09 09:21:33 | 000,004,164 | ---- | C] () -- C:\Users\Jason\Documents\search-hover.png
[2011/07/09 09:20:38 | 000,003,919 | ---- | C] () -- C:\Users\Jason\Documents\search.png
[2011/07/09 08:56:34 | 000,002,908 | ---- | C] () -- C:\Users\Jason\Documents\footer.png
[2011/07/08 22:37:44 | 652,891,914 | ---- | C] () -- C:\Users\Jason\Documents\glycerine.mp4
[2011/07/08 22:36:01 | 015,436,800 | ---- | C] () -- C:\Windows\SysNative\ffmpeg.exe
[2011/07/08 22:35:34 | 005,906,636 | ---- | C] () -- C:\Users\Jason\Documents\ffmpeg-git-5d4fd1d-win64-static.7z
[2011/07/08 22:00:23 | 000,002,811 | ---- | C] () -- C:\Users\Jason\Documents\background.png
[2011/07/08 21:57:33 | 000,003,310 | ---- | C] () -- C:\Users\Jason\Documents\content.png
[2011/07/08 21:50:27 | 000,003,326 | ---- | C] () -- C:\Users\Jason\Documents\sidebar.png
[2011/07/08 20:36:53 | 000,002,796 | ---- | C] () -- C:\Users\Jason\Documents\line.png
[2011/07/08 20:35:02 | 000,002,817 | ---- | C] () -- C:\Users\Jason\Documents\menu.png
[2011/07/08 20:26:53 | 000,129,206 | ---- | C] () -- C:\Users\Jason\Documents\header.png
[2011/07/08 20:13:06 | 000,091,273 | ---- | C] () -- C:\Users\Jason\Documents\starkers.zip
[2011/07/08 15:06:22 | 000,000,772 | ---- | C] () -- C:\Users\Jason\Desktop\Core FTP LE.lnk
[2011/07/08 15:06:12 | 004,430,090 | ---- | C] () -- C:\Users\Jason\Documents\coreftplite.exe
[2011/07/08 14:55:50 | 003,899,271 | ---- | C] () -- C:\Users\Jason\Documents\public_html.zip
[2011/07/08 14:29:02 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 11:49:15 | 000,208,896 | RHS- | C] () -- C:\Windows\SysWow64\mssphtb8.dll
[2011/07/08 11:21:05 | 000,002,608 | ---- | C] () -- C:\Users\Jason\Documents\Register Vegas Pro.htm
[2011/07/07 22:03:17 | 000,009,728 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 19:29:43 | 000,001,671 | ---- | C] () -- C:\Users\Jason\Desktop\Civilization.lnk
[2011/07/06 18:48:23 | 3329,425,408 | ---- | C] () -- C:\Users\Jason\Documents\sr-civ5.iso
[2011/07/06 18:48:23 | 000,009,485 | ---- | C] () -- C:\Users\Jason\Documents\skidrow.nfo
[2011/07/06 12:41:08 | 000,002,247 | ---- | C] () -- C:\Users\Jason\Documents\mv.lua
[2011/07/06 12:16:37 | 000,001,273 | ---- | C] () -- C:\Users\Jason\Documents\decrypt.html
[2011/07/05 21:57:55 | 000,000,298 | ---- | C] () -- C:\Users\Jason\Documents\go.bat
[2011/07/05 15:30:11 | 000,000,132 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/05 14:27:34 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/07/05 14:26:56 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/07/05 14:25:13 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/07/05 14:24:53 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/07/05 14:23:25 | 000,001,351 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/07/05 14:23:16 | 000,001,517 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/07/05 14:11:46 | 000,958,252 | ---- | C] () -- C:\Users\Jason\Documents\jammy.png
[2011/07/05 13:31:30 | 002,937,657 | ---- | C] () -- C:\Users\Jason\Documents\phpMyAdmin-3.4.3.1-english.7z
[2011/07/05 13:26:50 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
[2011/07/05 13:24:59 | 030,236,664 | ---- | C] () -- C:\Users\Jason\Documents\mysql-5.5.13-winx64.msi
[2011/07/05 13:23:20 | 021,400,576 | ---- | C] () -- C:\Users\Jason\Documents\php-5.2.17-Win32-VC6-x86.msi
[2011/07/05 13:22:38 | 005,830,656 | ---- | C] () -- C:\Users\Jason\Documents\httpd-2.2.19-win32-x86-openssl-0.9.8r.msi
[2011/07/05 13:21:47 | 003,934,427 | ---- | C] () -- C:\Users\Jason\Documents\wordpress-3.2.zip
[2011/07/05 12:13:51 | 000,001,681 | ---- | C] () -- C:\Users\Jason\Desktop\MSYS.lnk
[2011/07/05 12:13:51 | 000,000,063 | ---- | C] () -- C:\Windows\MSYS.INI
[2011/07/04 21:28:26 | 000,001,555 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/04 21:28:26 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011/07/04 15:52:18 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\ophcrack.lnk
[2011/07/03 21:59:16 | 000,014,331 | ---- | C] () -- C:\Users\Jason\Documents\e.aup
[2011/07/03 21:59:12 | 000,008,428 | ---- | C] () -- C:\Users\Jason\Documents\d.aup
[2011/07/03 21:59:05 | 000,007,043 | ---- | C] () -- C:\Users\Jason\Documents\c.aup
[2011/07/03 21:58:57 | 000,017,398 | ---- | C] () -- C:\Users\Jason\Documents\b.aup
[2011/07/03 21:58:51 | 000,015,521 | ---- | C] () -- C:\Users\Jason\Documents\a.aup
[2011/07/03 14:46:39 | 000,013,089 | ---- | C] () -- C:\Users\Jason\Documents\gly.aup
[2011/07/03 10:32:25 | 000,013,191 | -HS- | C] () -- C:\Users\Jason\Documents\AlbumArt_{C62BA331-4A88-4D64-A014-8E2C941B0671}_Large.jpg
[2011/07/03 10:32:25 | 000,007,205 | -HS- | C] () -- C:\Users\Jason\Documents\Folder.jpg
[2011/07/03 10:32:25 | 000,002,838 | -HS- | C] () -- C:\Users\Jason\Documents\AlbumArt_{C62BA331-4A88-4D64-A014-8E2C941B0671}_Small.jpg
[2011/07/03 10:32:25 | 000,002,018 | -HS- | C] () -- C:\Users\Jason\Documents\AlbumArtSmall.jpg
[2011/07/03 10:31:35 | 004,315,948 | ---- | C] () -- C:\Users\Jason\Documents\Bush - Glycerine.mp3
[2011/07/02 22:34:55 | 000,021,809 | ---- | C] () -- C:\Users\Jason\Documents\g.aup
[2011/07/02 21:58:43 | 000,014,775 | ---- | C] () -- C:\Users\Jason\Documents\glycerine.aup
[2011/07/01 22:29:32 | 000,010,043 | ---- | C] () -- C:\Users\Jason\Documents\a.png
[2011/07/01 22:11:51 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/29 22:35:18 | 000,073,840 | ---- | C] () -- C:\Users\Jason\Documents\stylophone.diy
[2011/06/28 22:49:16 | 000,000,716 | ---- | C] () -- C:\Users\Jason\Documents\SONG2.nwc
[2011/06/28 22:49:16 | 000,000,708 | ---- | C] () -- C:\Users\Jason\Documents\SONG2.BAK
[2011/06/28 18:16:05 | 000,042,849 | ---- | C] () -- C:\Users\Jason\Documents\Study.pdf
[2011/06/28 18:09:13 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011/06/28 16:35:56 | 000,001,305 | ---- | C] () -- C:\Users\Jason\Documents\study.nwc
[2011/06/28 16:35:56 | 000,001,304 | ---- | C] () -- C:\Users\Jason\Documents\study.BAK
[2011/06/26 21:00:11 | 000,002,282 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/26 20:59:22 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 20:59:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 20:38:15 | 000,001,381 | ---- | C] () -- C:\Users\Jason\Documents\cwle.csv
[2011/06/26 20:26:34 | 000,003,083 | ---- | C] () -- C:\Users\Jason\Documents\wle.csv
[2011/06/26 20:11:43 | 000,040,380 | ---- | C] () -- C:\Users\Jason\Documents\chloropleth2.png
[2011/06/26 20:10:21 | 000,025,586 | ---- | C] () -- C:\Users\Jason\Documents\chloropleth.png
[2011/06/26 15:50:38 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/06/26 15:50:38 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/06/26 15:50:10 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011/06/26 15:50:09 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/26 15:50:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/06/26 15:48:59 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/06/26 15:48:58 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/06/26 15:48:57 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/06/17 15:29:01 | 000,758,392 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/07 03:00:53 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/07 03:00:53 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/07 03:00:53 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/07 03:00:53 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/07 03:00:53 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/07 02:58:05 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
[2011/01/07 02:58:05 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
[2011/01/07 02:58:05 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
[2011/01/07 02:58:05 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
[2011/01/07 02:58:04 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2011/01/07 02:58:04 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2011/01/07 02:58:04 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2011/01/07 02:14:13 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/11/02 14:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/11/02 14:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/11/02 14:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/02/23 05:42:02 | 000,126,976 | ---- | C] () -- C:\Windows\gdf.dll
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/14 07:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 07:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 07:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 26 July 2011 - 08:29 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    SRV - (akgdgc) -- C:\Program Files (x86)\ophcrack\pwdump\servpw.exe ()
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 27 July 2011 - 03:25 AM

Here's the OTL log:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\WINDOWS\SysNative\igfxdev.dll moved successfully.
Service akgdgc stopped successfully!
Service akgdgc deleted successfully!
C:\Program Files (x86)\ophcrack\pwdump\servpw.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chinhduc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1217836 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jason
->Temp folder emptied: 8233017 bytes
->Temporary Internet Files folder emptied: 30037762 bytes
->Java cache emptied: 91909 bytes
->FireFox cache emptied: 270459036 bytes
->Flash cache emptied: 3897 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 255533 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8939203 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84925 bytes
RecycleBin emptied: 26628847 bytes

Total Files Cleaned = 330.00 mb


[EMPTYFLASH]

User: All Users

User: chinhduc

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jason
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07272011_182012

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\Jason\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEE4D23D\01[1].htm not found!
File\Folder C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEE4D23D\ADSAdClient31[1].txt not found!

Registry entries deleted on Reboot...

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 27 July 2011 - 03:58 AM

how are things running now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Cyderize

Cyderize
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 28 July 2011 - 02:36 AM

As far as I can tell, things are fine now, none of my browsers are redirecting anymore, but it's disappeared and come back before, so I'm not sure if it's really gone.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 28 July 2011 - 02:40 AM

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users