Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Quarantined some Programs


  • This topic is locked This topic is locked
19 replies to this topic

#1 PointyEars

PointyEars

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 21 July 2011 - 08:50 AM

I recently got Avira AntiVir Personal 10 and it done a scan and quarintined a few files now I have all sorta of problems. A friend of mine started the explorer.exe through task manager so thats fine I think but I have no audio and my System restore gives the following "A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. (0x80042302).

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by PointyEars at 15:29:42 on 2011-07-21
Microsoft Windows 7 Professional 6.1.7600.0.1252.27.1033.18.2046.1355 [GMT 3:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\PointyEars\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - e:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [BCSSync] "e:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [RealtekHDAUpgrade] RealtekHDAUpgrade
dRun: [8DDYX0ZBPZ] c:\windows\temp\Nh0.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - e:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - e:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: {F06BDCD8-A13E-426E-9C06-8EA15C52E89A} = 168.210.2.2 196.14.239.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pointyears\appdata\roaming\mozilla\firefox\profiles\k86w99ms.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: e:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: e:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-21 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-21 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-21 61960]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-7-10 8192]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-18 233024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-20 41272]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-16 1343400]
.
=============== Created Last 30 ================
.
2011-07-21 11:53:59 622080 ----a-w- c:\program files\common files\microsoft shared\ink\ShapeCollector.exe
2011-07-21 11:51:13 2636288 ----a-w- c:\windows\explorer.exe
2011-07-21 11:50:32 -------- d-----w- c:\users\pointyears\appdata\roaming\Avira
2011-07-21 11:14:11 49152 ----a-w- c:\windows\SetupAfterRebootService.exe
2011-07-21 11:08:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-21 11:08:28 -------- d-----w- c:\program files\Avira
2011-07-20 17:05:56 -------- d-----w- c:\users\pointyears\appdata\roaming\Malwarebytes
2011-07-20 17:05:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-20 17:05:49 -------- d-----w- c:\programdata\Malwarebytes
2011-07-20 17:05:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 17:05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 21:07:17 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\Markup.dll
2011-07-19 10:29:33 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-07-19 09:07:55 -------- d-----w- c:\users\pointyears\appdata\roaming\LolClient
2011-07-19 05:36:17 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\Markup.dll
2011-07-18 20:08:26 -------- d-----w- c:\programdata\Trymedia
2011-07-18 20:08:16 -------- d-----w- c:\program files\Games
2011-07-18 15:01:15 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-07-18 15:01:15 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-07-18 14:55:13 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-18 14:29:20 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-07-18 14:28:41 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-07-18 14:28:06 -------- d-----w- c:\users\pointyears\appdata\roaming\DAEMON Tools Pro
2011-07-18 14:28:06 -------- d-----w- c:\programdata\DAEMON Tools Pro
2011-07-17 21:51:44 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-17 21:51:44 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-17 21:51:44 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-17 21:51:44 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-17 21:51:44 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-17 21:51:44 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-17 21:51:44 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-17 19:22:50 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-07-17 19:22:49 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-07-17 19:22:47 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-17 17:43:50 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-07-17 17:19:51 -------- d-----w- c:\windows\system32\directx
2011-07-17 16:49:14 -------- d-----w- c:\windows\system32\BestPractices
2011-07-17 16:49:13 -------- d-----w- C:\inetpub
2011-07-17 16:13:56 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-17 16:13:52 70232 ----a-w- c:\windows\system32\MBWrp32.dll
2011-07-17 16:13:43 -------- d-----w- c:\program files\Realtek
2011-07-17 16:13:32 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-17 16:13:32 -------- d--h--w- c:\program files\Temp
2011-07-17 10:48:45 -------- d-----w- c:\users\pointyears\appdata\roaming\SPORE
2011-07-16 14:50:36 -------- d-----w- c:\windows\system32\Wat
2011-07-16 14:19:14 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-07-16 14:19:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-16 13:57:27 -------- d-----w- c:\users\pointyears\appdata\local\Deployment
2011-07-16 13:10:47 -------- d-----w- c:\users\pointyears\appdata\roaming\JAM Software
2011-07-16 13:10:45 -------- d-----w- c:\program files\JAM Software
2011-07-16 12:50:30 -------- d-----w- C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2011-07-16 12:30:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-16 12:27:20 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-16 12:27:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-16 12:27:20 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-16 12:27:20 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-16 12:27:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-16 12:12:52 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-07-16 12:12:34 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-07-16 12:05:32 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-16 12:05:32 417792 ----a-w- c:\windows\system32\msdri.dll
2011-07-16 12:05:32 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-07-16 12:05:14 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-07-16 12:05:14 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-07-16 12:03:34 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-16 12:02:23 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-07-16 12:02:22 3181568 ----a-w- c:\windows\system32\mf.dll
2011-07-16 12:02:21 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-07-16 12:02:21 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-07-16 12:02:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-07-16 12:02:21 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-07-16 12:02:21 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-07-16 11:59:51 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-07-16 11:59:46 4268544 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-07-16 11:59:45 1413632 ----a-w- c:\windows\system32\ole32.dll
2011-07-16 11:59:19 186368 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-07-16 11:59:19 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-16 11:59:16 224256 ----a-w- c:\windows\system32\schannel.dll
2011-07-16 11:59:15 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-16 11:57:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-07-16 11:51:01 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-07-16 11:50:39 132608 ----a-w- c:\windows\system32\cabview.dll
2011-07-16 11:31:54 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-07-16 11:12:25 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-07-16 11:12:25 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-07-16 11:12:24 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-16 11:12:24 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-16 10:45:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 09:56:24 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e91c8bcf-ef7c-49fa-b857-50dacc472526}\mpengine.dll
2011-07-16 09:56:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-11 07:41:42 -------- d-----w- c:\users\pointyears\appdata\local\Mozilla
2011-07-10 14:50:21 8192 ----a-w- c:\windows\system32\srvany.exe
2011-07-10 14:50:21 180012 ----a-w- c:\windows\KMService.exe
2011-07-10 14:45:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-07-10 14:44:58 -------- d-----w- c:\windows\PCHEALTH
2011-07-10 14:44:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-10 14:43:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-07-10 14:42:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-10 14:42:26 -------- d-----w- c:\users\pointyears\appdata\local\Microsoft Help
2011-07-09 12:07:29 -------- d-----w- c:\program files\MagicISO
2011-07-04 14:43:41 -------- d-----w- C:\Index
2011-07-04 14:38:26 -------- d-----w- c:\users\pointyears\appdata\local\Diagnostics
2011-07-04 14:36:36 -------- d-----w- c:\users\pointyears\appdata\local\ElevatedDiagnostics
2011-07-04 14:36:22 -------- d-----w- c:\users\pointyears\appdata\local\Apps
2011-07-04 12:55:24 -------- d-----w- c:\programdata\Avira
2011-07-03 22:46:47 165376 ----a-w- c:\windows\system32\unrar.dll
2011-07-03 22:46:46 881664 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-03 22:46:46 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-07-03 22:46:46 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-03 22:46:46 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2011-07-03 22:46:46 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-03 22:46:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-03 22:46:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-07-02 20:46:07 -------- d-----w- c:\program files\MP4 Player
2011-07-01 03:11:45 -------- d-----w- c:\windows\Panther
2011-07-01 03:01:25 -------- d-----w- C:\Windows.old
2011-06-30 20:35:37 -------- d-----w- c:\users\pointyears\appdata\roaming\support
2011-06-30 20:31:55 -------- d-----r- c:\users\pointyears\appdata\local\Start
2011-06-30 16:58:25 -------- d-----w- c:\program files\common files\xing shared
2011-06-30 16:58:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-30 16:58:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-30 16:58:12 -------- d-sh--w- c:\windows\Installer
2011-06-30 16:55:34 -------- d-sh--w- C:\Boot
2011-06-30 16:35:22 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
2011-07-21 11:58:21 147456 ----a-w- c:\windows\system32\SoundRecorder.exe
2011-07-21 11:55:05 114176 ----a-w- c:\windows\system32\dwm.exe
2011-07-21 11:53:59 324608 ----a-w- c:\windows\system32\msinfo32.exe
2011-07-21 11:53:59 1055744 ----a-w- c:\windows\system32\mstsc.exe
2011-07-21 11:53:58 608256 ----a-w- c:\windows\system32\dfrgui.exe
2011-07-21 11:53:58 417792 ----a-w- c:\windows\system32\SnippingTool.exe
2011-07-21 11:53:58 3426816 ----a-w- c:\windows\system32\xpsrchvw.exe
2011-07-21 11:53:58 284160 ----a-w- c:\windows\system32\rstrui.exe
2011-07-21 11:53:58 154112 ----a-w- c:\windows\system32\MdSched.exe
2011-07-21 11:53:57 544256 ----a-w- c:\windows\system32\DisplaySwitch.exe
2011-07-21 11:53:57 122368 ----a-w- c:\windows\system32\audiodg.exe
2011-07-21 11:53:55 70656 ----a-w- c:\windows\system32\taskhost.exe
2011-07-21 11:53:42 963072 ----a-w- c:\windows\system32\mblctr.exe
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-04 04:53:10 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
============= FINISH: 15:30:10.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 02 August 2011 - 09:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 07 August 2011 - 08:14 AM

Hi sorry for taking so long I was away for a few weeks.

I have Windows 7 Professional 32bit, I don't have a disk for it.

I recently installed kaspersky PURE 2011 on my pc but have not done anything else.

I'll post the two reports soon Im running OTL now.Sorry for the delay.

Here they are: OTL

OTL logfile created on: 8/7/2011 4:09:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PointyEars\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.18% Memory free
4.00 Gb Paging File | 2.66 Gb Available in Paging File | 66.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 13.68 Gb Free Space | 17.85% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 78.42 Gb Free Space | 8.42% Space Free | Partition Type: NTFS

Computer Name: POINTYEARS-PC | User Name: PointyEars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 16:07:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\PointyEars\Desktop\OTL.exe
PRC - [2011/08/06 13:59:06 | 000,211,968 | ---- | M] () -- C:\Windows\Temp\Nh3.exe
PRC - [2011/08/06 13:52:56 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/06 13:52:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/08/06 13:24:58 | 000,226,304 | ---- | M] () -- C:\Windows\Temp\Nh2.exe
PRC - [2011/08/06 13:21:39 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2011/07/10 17:49:50 | 000,180,012 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/07/10 17:49:50 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
PRC - [2011/07/08 08:40:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/02 08:55:31 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/14 09:35:39 | 000,100,616 | ---- | M] () -- C:\Users\PointyEars\AppData\Local\Start\update.exe
PRC - [2011/04/01 11:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe
PRC - [2011/04/01 11:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/17 11:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/12/25 16:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2009/12/25 16:42:48 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 16:07:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\PointyEars\Desktop\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/16 17:50:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/10 17:49:50 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/25 16:43:40 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/07/14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/14 04:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/14 04:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 13:46:53 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/07/18 17:55:13 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/18 17:29:20 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/11 00:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 7C 2D 6B EF 4D CC 01 [binary data]
IE - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.3
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 19:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011/07/28 23:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/16 14:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 17:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/08/06 13:47:18 | 000,000,000 | ---D | M]

[2011/07/11 10:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PointyEars\AppData\Roaming\Mozilla\Extensions
[2011/08/06 23:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PointyEars\AppData\Roaming\Mozilla\Firefox\Profiles\k86w99ms.default\extensions
[2011/08/04 17:43:13 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\PointyEars\AppData\Roaming\Mozilla\Firefox\Profiles\k86w99ms.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2011/08/06 13:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/16 17:19:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/06 13:47:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/07/28 23:54:01 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2011/06/30 19:58:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/07/16 17:18:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/08 07:49:46 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/08 07:49:46 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/08 07:49:46 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/08 07:49:46 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [8DDYX0ZBPZ] C:\Windows\Temp\Nh2.exe ()
O4 - HKU\S-1-5-18..\Run: [8DDYX0ZBPZ] C:\Windows\Temp\Nh2.exe ()
O4 - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2717797368-2214164295-3706085137-1000..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\PointyEars\AppData\Local\Start\update.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\svchost.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\svchost.exe (Xolisaqa Gasira)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/05 22:28:47 | 000,000,000 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/18 00:09:22 | 000,000,101 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 16:07:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\PointyEars\Desktop\OTL.exe
[2011/08/07 15:35:24 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Kaspersky PURE
[2011/08/07 15:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/07 15:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/07 15:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/07 15:12:44 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Google
[2011/08/07 15:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/06 13:47:21 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2011/08/06 13:47:21 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2011/08/06 13:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011/08/06 13:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/08/06 13:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2011/08/06 13:46:53 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/08/06 13:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/08/06 13:26:33 | 001,264,963 | ---- | C] (XTREME Labs) -- C:\Users\PointyEars\Desktop\Kaspersky 2011 Crack.exe
[2011/08/06 13:26:33 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Kaspersky 2011 Crack - Thumper
[2011/08/06 13:26:33 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\bonus
[2011/08/06 13:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/05 16:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\LocK-A-FoLdeR
[2011/08/04 22:40:01 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Ninja Compilation
[2011/08/04 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Gold Atm
[2011/08/04 19:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/08/04 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\uTorrent
[2011/08/04 19:57:38 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\uTorrent
[2011/08/02 16:44:51 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{7A217D06-A644-4B6D-972C-6AF294463E9F}
[2011/08/01 00:07:45 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{61500734-84E0-4FAD-A9A0-6A65BCD2CD3D}
[2011/07/31 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.6.1
[2011/07/31 15:18:43 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2011/07/31 15:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2011/07/30 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Magic Gold Hack By Rizal NSc
[2011/07/30 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Reset Points & Npc lvl 100 Hack
[2011/07/30 15:24:44 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{B4D99689-7726-4F25-9F0F-76B1C75B2EC8}
[2011/07/30 04:12:21 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{10459F5B-B935-4DD2-BA3D-0B8AF65B222D}
[2011/07/30 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\All Special Jounin Exam Unlock By Rizal NSc
[2011/07/29 15:42:56 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{52A52AD6-6AE3-4C61-B8C5-6ACBD7C319CB}
[2011/07/29 04:35:12 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\New folder (2)
[2011/07/29 02:42:39 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\New folder
[2011/07/29 02:15:52 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Critical 999
[2011/07/29 00:28:01 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Allinone(Wesley29)WithEmblemHack
[2011/07/29 00:02:10 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Documents\Fiddler2
[2011/07/28 23:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2011/07/28 20:46:14 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{9A830CE3-DCA6-48AF-AD5C-E0D83168F06D}
[2011/07/28 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{84A02464-5430-4FCD-B9B4-5D05F605DC6E}
[2011/07/27 15:40:45 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Documents\My Received Files
[2011/07/27 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{BD0FB7F6-993E-42F2-BF08-C4D7673D1AF7}
[2011/07/27 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Tracing
[2011/07/27 15:14:48 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{584DA4B8-85B2-46EF-871B-1E746729AC0C}
[2011/07/27 15:10:49 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{97A48B08-552A-413C-B235-26817ECFE235}
[2011/07/27 15:07:08 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{F8A26690-CC3C-46B8-860C-1525E27CAE07}
[2011/07/27 15:07:08 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\{70B1521B-C1E0-48AE-BE0A-C2E3FDA6F7F0}
[2011/07/26 23:39:57 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\riotsGamesLogs
[2011/07/25 00:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cheatbook Database 2010
[2011/07/24 22:51:38 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Charles
[2011/07/24 22:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2011/07/24 17:06:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2011/07/24 16:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/07/23 23:18:44 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Bleach Theme by VikiTech
[2011/07/23 19:09:22 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Roxio
[2011/07/23 18:55:02 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Research In Motion
[2011/07/23 18:54:27 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\InstallShield
[2011/07/23 18:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/07/23 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2011/07/23 18:53:59 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Programs
[2011/07/23 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/07/23 18:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/07/23 18:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/07/23 18:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2011/07/23 18:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/07/23 18:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011/07/23 18:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/07/23 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2011/07/23 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2011/07/22 17:00:39 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/07/22 16:49:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/07/22 16:40:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/07/22 15:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/07/22 15:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/07/22 15:34:50 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/07/22 15:34:50 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/07/22 15:31:45 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Windows Live
[2011/07/22 15:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/07/21 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Avira
[2011/07/21 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/20 20:05:56 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Malwarebytes
[2011/07/20 20:05:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/20 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/20 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/20 20:05:46 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/20 20:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/19 12:07:55 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\LolClient
[2011/07/18 23:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/07/18 23:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2011/07/18 18:01:15 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Documents\StarCraft II
[2011/07/18 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/07/18 18:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/07/18 18:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/07/18 17:55:13 | 000,233,024 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/07/18 17:54:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/07/18 17:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011/07/18 17:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2011/07/18 17:28:06 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\DAEMON Tools Pro
[2011/07/18 17:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/07/18 00:51:44 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/07/18 00:51:44 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/07/17 22:22:50 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/07/17 22:22:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/07/17 22:22:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/07/17 20:44:16 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/07/17 20:44:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/07/17 20:44:16 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/07/17 20:44:16 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/07/17 20:44:16 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/07/17 20:44:16 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/07/17 20:44:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/07/17 20:44:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/07/17 20:44:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/07/17 20:44:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/07/17 20:44:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/07/17 20:44:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/07/17 20:44:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/07/17 20:44:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/07/17 20:44:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/07/17 20:44:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/07/17 20:44:13 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/07/17 20:44:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/07/17 20:44:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/07/17 20:44:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/07/17 20:44:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/07/17 20:44:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/07/17 20:44:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/07/17 20:44:12 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/07/17 20:44:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/07/17 20:44:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/07/17 20:44:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/07/17 20:44:11 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/07/17 20:44:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/07/17 20:44:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/07/17 20:44:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/07/17 20:44:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/07/17 20:44:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/07/17 20:44:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/07/17 20:44:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/07/17 20:44:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/07/17 20:44:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/07/17 20:44:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/07/17 20:44:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/07/17 20:44:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/07/17 20:44:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/07/17 20:44:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/07/17 20:44:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/07/17 20:44:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/07/17 20:44:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/07/17 20:44:06 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/07/17 20:44:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/07/17 20:44:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/07/17 20:44:06 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/07/17 20:44:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/07/17 20:44:05 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/07/17 20:44:05 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/07/17 20:44:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/07/17 20:44:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/07/17 20:44:04 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/07/17 20:44:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/07/17 20:44:04 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/07/17 20:44:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/07/17 20:44:04 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/07/17 20:44:04 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/07/17 20:44:04 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/07/17 20:44:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/07/17 20:44:03 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/07/17 20:44:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/07/17 20:44:03 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/07/17 20:44:03 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/07/17 20:44:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/07/17 20:44:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/07/17 20:44:02 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/07/17 20:44:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/07/17 20:44:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/07/17 20:44:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/07/17 20:44:01 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/07/17 20:44:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/07/17 20:44:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/07/17 20:44:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/07/17 20:44:01 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/07/17 20:44:01 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/07/17 20:44:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/07/17 20:43:52 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/07/17 20:43:50 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/07/17 20:43:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/07/17 20:43:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/07/17 20:43:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/07/17 20:43:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/07/17 20:43:50 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/07/17 20:43:50 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/07/17 20:19:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/07/17 19:49:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2011/07/17 19:49:13 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/07/17 19:14:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/07/17 19:14:04 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011/07/17 19:14:04 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/07/17 19:14:04 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/07/17 19:14:04 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/07/17 19:14:03 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/07/17 19:14:00 | 001,497,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011/07/17 19:13:58 | 002,189,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011/07/17 19:13:57 | 000,076,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011/07/17 19:13:56 | 004,187,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011/07/17 19:13:56 | 001,264,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011/07/17 19:13:54 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011/07/17 19:13:54 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011/07/17 19:13:54 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011/07/17 19:13:54 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011/07/17 19:13:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011/07/17 19:13:54 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011/07/17 19:13:52 | 000,738,392 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBAPO32.dll
[2011/07/17 19:13:52 | 000,070,232 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll
[2011/07/17 19:13:52 | 000,053,848 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBppld32.dll
[2011/07/17 19:13:52 | 000,050,776 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBPPCn32.dll
[2011/07/17 19:13:51 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011/07/17 19:13:51 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011/07/17 19:13:51 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011/07/17 19:13:45 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011/07/17 19:13:43 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2011/07/17 19:13:43 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2011/07/17 19:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/07/17 19:13:32 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/07/17 19:13:32 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011/07/17 19:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/07/17 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\ISAT FOR SAD AND PCP L3
[2011/07/17 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\Spore trainer
[2011/07/17 13:49:24 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Documents\My Spore Creations
[2011/07/17 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\SPORE
[2011/07/17 12:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/07/17 12:57:56 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/07/17 09:42:48 | 000,000,000 | RH-D | C] -- C:\Users\PointyEars\AppData\Roaming\SecuROM
[2011/07/17 09:34:23 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/07/17 09:21:52 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\WinRAR
[2011/07/16 17:50:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/07/16 17:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/16 17:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/16 17:19:14 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/07/16 17:19:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/16 17:19:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/16 17:19:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/16 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/16 17:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/16 17:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/07/16 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Deployment
[2011/07/16 16:10:47 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\JAM Software
[2011/07/16 16:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2011/07/16 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011/07/16 16:03:34 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/07/16 16:03:34 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/07/16 16:03:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 16:03:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 16:03:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 16:03:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 15:50:30 | 000,000,000 | ---D | C] -- C:\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2011/07/16 15:27:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/07/16 15:27:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/07/16 15:27:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/07/16 15:12:52 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/07/16 15:05:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/07/16 15:05:32 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/07/16 15:05:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/07/16 15:05:14 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/07/16 15:03:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/07/16 15:02:23 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/07/16 15:02:22 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/07/16 15:02:21 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/07/16 15:02:21 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/07/16 15:02:21 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/07/16 15:02:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/07/16 15:02:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/07/16 15:01:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/07/16 15:01:39 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/07/16 15:01:21 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/07/16 15:01:21 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/07/16 15:01:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/07/16 15:01:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/07/16 15:01:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/07/16 15:01:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/07/16 15:01:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/07/16 15:01:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/16 15:01:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/07/16 15:01:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/07/16 15:01:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/16 15:01:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/07/16 15:00:38 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/16 15:00:38 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/16 15:00:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/07/16 15:00:17 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/07/16 15:00:17 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/07/16 15:00:05 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/07/16 15:00:05 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/07/16 15:00:05 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/07/16 15:00:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/07/16 14:59:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/07/16 14:59:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/07/16 14:59:19 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/07/16 14:58:56 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/16 14:58:53 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/07/16 14:58:53 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/07/16 14:58:53 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/07/16 14:58:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/07/16 14:58:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/07/16 14:58:51 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/07/16 14:58:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/07/16 14:58:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/07/16 14:58:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/07/16 14:58:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/07/16 14:58:40 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/07/16 14:58:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/07/16 14:57:59 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/07/16 14:57:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/07/16 14:57:53 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/07/16 14:57:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/07/16 14:57:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/07/16 14:57:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/07/16 14:57:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/07/16 14:57:48 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/07/16 14:57:48 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/07/16 14:57:39 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/07/16 14:57:36 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/07/16 14:57:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/07/16 14:57:33 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/07/16 14:57:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/07/16 14:57:31 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/07/16 14:57:31 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/07/16 14:57:28 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/07/16 14:57:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/07/16 14:57:26 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/07/16 14:57:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/07/16 14:57:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/07/16 14:57:05 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/07/16 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Macromedia
[2011/07/16 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Adobe
[2011/07/16 13:45:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/16 13:45:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/07/16 12:56:23 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/07/11 10:41:42 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Roaming\Mozilla
[2011/07/11 10:41:42 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Mozilla
[2011/07/11 10:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/07/11 10:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/10 17:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/07/10 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/10 17:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/07/10 17:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/07/10 17:44:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/07/10 17:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/10 17:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/07/10 17:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/07/10 17:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/10 17:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/07/10 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\AppData\Local\Microsoft Help
[2011/07/10 17:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/07/10 10:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2011/07/10 10:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/10 10:06:26 | 000,000,000 | ---D | C] -- C:\Users\PointyEars\Desktop\WinRAR v3.80 Beta 3 English incl. KEY
[2011/07/09 15:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/07/09 15:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO

========== Files - Modified Within 30 Days ==========

[2011/08/07 16:09:38 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/07 16:07:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\PointyEars\Desktop\OTL.exe
[2011/08/07 16:04:23 | 000,007,642 | -HS- | M] () -- C:\Windows\KLIF.spi
[2011/08/07 16:02:24 | 000,155,648 | ---- | M] () -- C:\Windows\KMService.exe.kav
[2011/08/07 15:47:05 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/08/07 15:46:49 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2011/08/07 15:46:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/08/07 15:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/08/07 15:46:48 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/08/07 15:46:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/08/07 15:46:47 | 000,315,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/08/07 15:46:47 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xwizard.exe
[2011/08/07 15:46:47 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlrmdr.exe
[2011/08/07 15:46:46 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/08/07 15:46:46 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/08/07 15:46:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/08/07 15:46:45 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2011/08/07 15:46:45 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/08/07 15:46:45 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/08/07 15:46:44 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2011/08/07 15:46:44 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011/08/07 15:46:44 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011/08/07 15:46:43 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/08/07 15:46:43 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/08/07 15:46:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011/08/07 15:46:43 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TRACERT.EXE
[2011/08/07 15:46:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesComputerName.exe
[2011/08/07 15:46:42 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesHardware.exe
[2011/08/07 15:46:42 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2011/08/07 15:46:42 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timeout.exe
[2011/08/07 15:46:41 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesRemote.exe
[2011/08/07 15:46:41 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesProtection.exe
[2011/08/07 15:46:41 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systray.exe
[2011/08/07 15:46:40 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/08/07 15:46:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/08/07 15:46:40 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/08/07 15:46:40 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TapiUnattend.exe
[2011/08/07 15:46:39 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/08/07 15:46:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcmsetup.exe
[2011/08/07 15:46:38 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/08/07 15:46:38 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdRes.exe
[2011/08/07 15:46:38 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/08/07 15:46:38 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/08/07 15:46:37 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/08/07 15:46:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/08/07 15:46:37 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011/08/07 15:46:36 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/08/07 15:46:36 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/08/07 15:46:36 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/08/07 15:46:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/08/07 15:46:35 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksetup.exe
[2011/08/07 15:46:35 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/08/07 15:46:35 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/08/07 15:46:34 | 000,294,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/08/07 15:46:34 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/08/07 15:46:34 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstUI.exe
[2011/08/07 15:46:33 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/08/07 15:46:33 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/08/07 15:46:33 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/08/07 15:46:33 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/08/07 15:46:32 | 000,776,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/08/07 15:46:32 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/08/07 15:46:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/08/07 15:46:31 | 000,889,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/08/07 15:46:31 | 000,263,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/08/07 15:46:31 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\BdeUISrv.exe
[2011/08/07 15:46:30 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2011/08/07 15:46:30 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011/08/07 15:46:30 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011/08/07 15:46:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011/08/07 15:46:29 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011/08/07 15:46:29 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkdsk.exe
[2011/08/07 15:46:28 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2011/08/07 15:46:28 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\choice.exe
[2011/08/07 15:46:28 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\chkntfs.exe
[2011/08/07 15:46:27 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.exe
[2011/08/07 15:46:27 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/08/07 15:46:27 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clip.exe
[2011/08/07 15:46:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdkey.exe
[2011/08/07 15:46:26 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/08/07 15:46:26 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/08/07 15:46:26 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/08/07 15:46:25 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/08/07 15:46:25 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/08/07 15:46:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comp.exe
[2011/08/07 15:46:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cofire.exe
[2011/08/07 15:46:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/08/07 15:46:24 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/08/07 15:46:24 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credwiz.exe
[2011/08/07 15:46:23 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cttune.exe
[2011/08/07 15:46:23 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cttunesvr.exe
[2011/08/07 15:46:23 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\compact.exe
[2011/08/07 15:46:23 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/08/07 15:46:22 | 000,868,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dccw.exe
[2011/08/07 15:46:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddodiag.exe
[2011/08/07 15:46:22 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dcomcnfg.exe
[2011/08/07 15:46:21 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceProperties.exe
[2011/08/07 15:46:21 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/08/07 15:46:21 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/08/07 15:46:21 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe
[2011/08/07 15:46:20 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/08/07 15:46:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DeviceDisplayObjectProvider.exe
[2011/08/07 15:46:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dialer.exe
[2011/08/07 15:46:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2011/08/07 15:46:19 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/08/07 15:46:19 | 000,203,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Dism.exe
[2011/08/07 15:46:19 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/08/07 15:46:19 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/08/07 15:46:18 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/08/07 15:46:18 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/08/07 15:46:18 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\doskey.exe
[2011/08/07 15:46:17 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/08/07 15:46:17 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/08/07 15:46:17 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2011/08/07 15:46:17 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhst3g.exe
[2011/08/07 15:46:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/08/07 15:46:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/08/07 15:46:16 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dplaysvr.exe
[2011/08/07 15:46:15 | 000,265,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/08/07 15:46:15 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Dxpserver.exe
[2011/08/07 15:46:15 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dvdupgrd.exe
[2011/08/07 15:46:15 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Eap3Host.exe
[2011/08/07 15:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/08/07 15:46:14 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAuthn.exe
[2011/08/07 15:46:14 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\efsui.exe
[2011/08/07 15:46:13 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventcreate.exe
[2011/08/07 15:46:13 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fltMC.exe
[2011/08/07 15:46:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/08/07 15:46:12 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/08/07 15:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/08/07 15:46:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\find.exe
[2011/08/07 15:46:11 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontview.exe
[2011/08/07 15:46:11 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/08/07 15:46:11 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\forfiles.exe
[2011/08/07 15:46:11 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fixmapi.exe
[2011/08/07 15:46:10 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/08/07 15:46:10 | 000,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fveprompt.exe
[2011/08/07 15:46:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/08/07 15:46:10 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/08/07 15:46:09 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fvenotify.exe
[2011/08/07 15:46:09 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/08/07 15:46:09 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSUNATD.exe
[2011/08/07 15:46:09 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GettingStarted.exe
[2011/08/07 15:46:08 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/08/07 15:46:08 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/08/07 15:46:08 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2011/08/07 15:46:08 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\help.exe
[2011/08/07 15:46:08 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/08/07 15:46:07 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hwrreg.exe
[2011/08/07 15:46:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hwrcomp.exe
[2011/08/07 15:46:07 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\label.exe
[2011/08/07 15:46:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/07 15:46:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/08/07 15:46:06 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisreset.exe
[2011/08/07 15:46:05 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irftp.exe
[2011/08/07 15:46:05 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/08/07 15:46:05 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/08/07 15:46:05 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/08/07 15:46:04 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/08/07 15:46:04 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsicpl.exe
[2011/08/07 15:46:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/07 15:46:03 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/08/07 15:46:03 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\klist.exe
[2011/08/07 15:46:03 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/08/07 15:46:02 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/08/07 15:46:02 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AdapterTroubleshooter.exe
[2011/08/07 15:33:03 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/07 15:24:33 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/07 15:24:33 | 000,002,189 | ---- | M] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/07 15:21:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 15:17:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 15:14:48 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/06 23:44:05 | 000,685,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/06 23:44:05 | 000,129,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/06 23:37:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 16:02:51 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/08/06 16:02:49 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdiagnhost.exe
[2011/08/06 15:59:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/08/06 15:53:47 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/08/06 15:53:47 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/08/06 15:53:41 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netsh.exe
[2011/08/06 15:53:40 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/08/06 15:53:40 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\grpconv.exe
[2011/08/06 15:53:39 | 000,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/08/06 15:36:06 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasautou.exe
[2011/08/06 15:13:51 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2011/08/06 15:13:50 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2011/08/06 15:13:49 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/08/06 15:13:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/08/06 15:13:47 | 000,176,128 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/08/06 15:13:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/08/06 15:13:45 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LocationNotifications.exe
[2011/08/06 15:13:39 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/08/06 15:13:38 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powercfg.exe
[2011/08/06 15:13:36 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/08/06 15:13:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sc.exe
[2011/08/06 15:13:30 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcalua.exe
[2011/08/06 15:12:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SystemPropertiesPerformance.exe
[2011/08/06 15:12:05 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011/08/06 15:08:47 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/08/06 15:08:41 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/08/06 15:08:38 | 001,401,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/08/06 15:08:30 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2011/08/06 15:08:29 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eventvwr.exe
[2011/08/06 15:08:28 | 006,376,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/08/06 15:08:19 | 000,066,048 | ---- | M] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/06 15:08:11 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/08/06 14:49:01 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/08/06 14:17:34 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/08/06 14:12:25 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/08/06 14:12:08 | 001,131,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/08/06 14:12:08 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/08/06 14:12:07 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/08/06 14:12:03 | 000,025,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 14:12:03 | 000,025,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 14:10:51 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
[2011/08/06 14:10:51 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mctadmin.exe
[2011/08/06 14:10:48 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
[2011/08/06 14:10:44 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/08/06 14:08:03 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2011/08/06 14:08:01 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\BdeUnlockWizard.exe
[2011/08/06 14:05:58 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2011/08/06 14:05:21 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/08/06 14:05:21 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/08/06 14:05:21 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/08/06 14:05:21 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/08/06 14:05:19 | 000,587,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/08/06 14:05:19 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/08/06 14:05:19 | 000,263,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/08/06 14:05:18 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/08/06 14:05:18 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/08/06 14:05:16 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DisplaySwitch.exe
[2011/08/06 14:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/08/06 14:04:24 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\agsgo.job
[2011/08/06 14:04:06 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 14:00:00 | 000,360,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/08/06 13:54:02 | 000,941,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/08/06 13:52:56 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/08/06 13:52:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/08/06 13:47:36 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/08/06 13:47:36 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/08/06 13:46:53 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/08/06 13:29:32 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2011/08/06 13:29:32 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/08/06 13:29:31 | 003,405,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsrchvw.exe
[2011/08/06 13:29:30 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/08/06 13:29:29 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeui.exe
[2011/08/06 13:29:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/06 13:21:39 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/08/06 13:12:06 | 000,802,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/08/06 13:11:48 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
[2011/08/06 13:03:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/06 12:37:27 | 000,062,976 | RHS- | M] () -- C:\Windows\System32\KBDKOR9.dll
[2011/08/05 16:31:40 | 000,001,029 | ---- | M] () -- C:\Users\PointyEars\Desktop\LocK-A-FoLdeR.lnk
[2011/08/05 01:42:54 | 000,055,296 | ---- | M] () -- C:\Users\PointyEars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 19:58:04 | 000,000,941 | ---- | M] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/04 19:58:04 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/31 15:19:10 | 000,001,827 | ---- | M] () -- C:\Users\PointyEars\Desktop\Charles.lnk
[2011/07/31 15:18:44 | 000,000,957 | ---- | M] () -- C:\Users\PointyEars\Desktop\Cheat Engine.lnk
[2011/07/29 01:32:26 | 006,970,450 | ---- | M] () -- C:\Users\PointyEars\Desktop\ninja_association.swf
[2011/07/28 16:10:41 | 000,192,716 | ---- | M] () -- C:\Users\PointyEars\Desktop\data_library_en.swf
[2011/07/26 20:16:53 | 000,034,782 | ---- | M] () -- C:\Windows\System32\activeds.exe
[2011/07/25 00:29:51 | 000,001,110 | ---- | M] () -- C:\Users\PointyEars\Desktop\Cheatbook Database 2010.lnk
[2011/07/24 16:47:07 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Multiplayer.lnk
[2011/07/24 16:47:07 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2011/07/24 00:03:11 | 000,446,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/23 23:39:20 | 000,024,244 | ---- | M] () -- C:\Users\Public\Documents\Tppc lvl 4 list.rtf
[2011/07/23 18:48:27 | 000,001,980 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2011/07/23 18:48:27 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/07/22 16:25:06 | 000,000,020 | ---- | M] () -- C:\Windows\8űY
[2011/07/21 02:43:53 | 000,163,299 | ---- | M] () -- C:\Users\PointyEars\Desktop\academy.swf
[2011/07/20 20:05:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 13:08:16 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/07/19 13:08:15 | 000,397,983 | RHS- | M] () -- C:\IGXYO
[2011/07/19 00:40:54 | 000,020,488 | ---- | M] () -- C:\Users\PointyEars\Desktop\Instant.swf
[2011/07/18 23:08:23 | 000,002,066 | ---- | M] () -- C:\Users\PointyEars\Desktop\Monopoly Here & Now.lnk
[2011/07/18 18:11:50 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/07/18 17:55:13 | 000,233,024 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/07/18 17:30:32 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/07/16 17:18:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/07/16 17:18:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/07/16 17:18:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/07/16 17:18:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/07/16 15:21:39 | 000,000,865 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/07/16 14:31:55 | 000,001,913 | ---- | M] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/16 14:31:55 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/16 13:45:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/16 13:36:27 | 000,000,812 | ---- | M] () -- C:\Users\PointyEars\Desktop\New Folder (7) - Shortcut.lnk
[2011/07/16 12:27:01 | 000,000,542 | ---- | M] () -- C:\Users\PointyEars\Desktop\Axxess Broadband Connection - Shortcut.lnk
[2011/07/11 14:17:00 | 001,698,408 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/07/10 19:35:36 | 000,044,413 | ---- | M] () -- C:\Users\PointyEars\Documents\Task 2 Preliminary investigation.rtf
[2011/07/10 18:13:12 | 000,031,089 | ---- | M] () -- C:\Users\PointyEars\Documents\Task 3.rtf
[2011/07/10 17:49:50 | 000,180,012 | ---- | M] () -- C:\Windows\KMService.exe
[2011/07/10 17:49:50 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/07/09 15:07:29 | 000,001,773 | ---- | M] () -- C:\Users\PointyEars\Desktop\MagicISO.lnk

========== Files Created - No Company Name ==========

[2011/08/07 15:24:33 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/07 15:24:33 | 000,002,189 | ---- | C] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/07 15:14:48 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/07 15:12:49 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 15:12:48 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/06 15:52:50 | 000,155,648 | ---- | C] () -- C:\Windows\KMService.exe.kav
[2011/08/06 15:03:15 | 000,007,642 | -HS- | C] () -- C:\Windows\KLIF.spi
[2011/08/06 13:47:36 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/08/06 13:47:36 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/08/06 13:26:33 | 000,000,205 | ---- | C] () -- C:\Users\PointyEars\Desktop\^^More downloads here.URL
[2011/08/06 13:05:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2011/08/06 12:37:48 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/08/06 12:37:42 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/06 12:37:35 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/06 12:37:27 | 000,062,976 | RHS- | C] () -- C:\Windows\System32\KBDKOR9.dll
[2011/08/06 12:37:27 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\agsgo.job
[2011/08/05 16:31:40 | 000,001,029 | ---- | C] () -- C:\Users\PointyEars\Desktop\LocK-A-FoLdeR.lnk
[2011/08/04 19:58:04 | 000,000,941 | ---- | C] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/08/04 19:58:04 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/07/31 15:19:10 | 000,001,827 | ---- | C] () -- C:\Users\PointyEars\Desktop\Charles.lnk
[2011/07/31 15:18:44 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2011/07/31 15:18:44 | 000,000,957 | ---- | C] () -- C:\Users\PointyEars\Desktop\Cheat Engine.lnk
[2011/07/29 02:28:40 | 000,163,299 | ---- | C] () -- C:\Users\PointyEars\Desktop\academy.swf
[2011/07/29 02:28:40 | 000,020,488 | ---- | C] () -- C:\Users\PointyEars\Desktop\Instant.swf
[2011/07/29 01:29:00 | 006,970,450 | ---- | C] () -- C:\Users\PointyEars\Desktop\ninja_association.swf
[2011/07/28 23:58:44 | 000,192,716 | ---- | C] () -- C:\Users\PointyEars\Desktop\data_library_en.swf
[2011/07/28 23:54:01 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2011/07/26 20:15:31 | 000,034,782 | ---- | C] () -- C:\Windows\System32\activeds.exe
[2011/07/25 00:29:51 | 000,001,110 | ---- | C] () -- C:\Users\PointyEars\Desktop\Cheatbook Database 2010.lnk
[2011/07/25 00:29:17 | 054,755,776 | ---- | C] () -- C:\Users\PointyEars\Desktop\setup.exe
[2011/07/24 22:51:13 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk
[2011/07/24 16:47:07 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Multiplayer.lnk
[2011/07/24 16:47:07 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2011/07/23 23:39:20 | 000,024,244 | ---- | C] () -- C:\Users\Public\Documents\Tppc lvl 4 list.rtf
[2011/07/23 18:48:27 | 000,001,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
[2011/07/23 18:48:27 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/07/22 16:38:20 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/07/22 16:30:14 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/07/22 16:25:05 | 000,000,020 | ---- | C] () -- C:\Windows\8űY
[2011/07/22 16:19:21 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/07/22 16:13:39 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/07/20 20:05:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/19 13:08:16 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011/07/19 13:08:15 | 000,397,983 | RHS- | C] () -- C:\IGXYO
[2011/07/18 23:08:23 | 000,002,066 | ---- | C] () -- C:\Users\PointyEars\Desktop\Monopoly Here & Now.lnk
[2011/07/18 18:01:15 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011/07/18 17:29:21 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011/07/16 15:21:39 | 000,000,865 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/16 15:00:38 | 000,100,616 | ---- | C] () -- C:\Users\PointyEars\AppData\Local\Start\update.exe
[2011/07/16 14:58:59 | 000,052,736 | ---- | C] () -- C:\Windows\System32\prevhost.exe
[2011/07/16 14:58:51 | 000,346,112 | ---- | C] () -- C:\Windows\System32\RMActivate_isv.exe
[2011/07/16 14:58:51 | 000,342,016 | ---- | C] () -- C:\Windows\System32\RMActivate.exe
[2011/07/16 14:58:51 | 000,301,568 | ---- | C] () -- C:\Windows\System32\RMActivate_ssp.exe
[2011/07/16 14:58:51 | 000,299,008 | ---- | C] () -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/07/16 13:36:27 | 000,000,812 | ---- | C] () -- C:\Users\PointyEars\Desktop\New Folder (7) - Shortcut.lnk
[2011/07/16 12:27:01 | 000,000,542 | ---- | C] () -- C:\Users\PointyEars\Desktop\Axxess Broadband Connection - Shortcut.lnk
[2011/07/11 10:40:29 | 000,001,913 | ---- | C] () -- C:\Users\PointyEars\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 10:40:29 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/10 17:50:21 | 000,180,012 | ---- | C] () -- C:\Windows\KMService.exe
[2011/07/10 17:50:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/07/09 15:07:29 | 000,001,773 | ---- | C] () -- C:\Users\PointyEars\Desktop\MagicISO.lnk
[2011/07/04 11:25:55 | 000,055,296 | ---- | C] () -- C:\Users\PointyEars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/04 01:46:47 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/04 01:46:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/04 01:46:46 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/04 01:46:46 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/04 01:46:44 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/02 23:46:08 | 000,000,041 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2011/06/30 23:35:37 | 000,000,096 | RHS- | C] () -- C:\Users\PointyEars\AppData\Roaming\setup.ini
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/14 10:47:44 | 000,235,008 | ---- | C] () -- C:\Windows\System32\vmicsvc.exe
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,446,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,685,720 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,129,440 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 03:19:38 | 000,469,504 | ---- | C] () -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/14 03:18:57 | 000,082,432 | ---- | C] () -- C:\Windows\System32\printui.exe
[2009/07/14 03:18:20 | 000,083,456 | ---- | C] () -- C:\Windows\System32\ntprint.exe
[2009/07/14 03:18:05 | 000,038,912 | ---- | C] () -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/14 03:15:13 | 000,110,080 | ---- | C] () -- C:\Windows\System32\wiaacmgr.exe
[2009/07/14 03:14:01 | 000,667,648 | ---- | C] () -- C:\Windows\System32\osk.exe
[2009/07/14 03:13:58 | 001,418,752 | ---- | C] () -- C:\Windows\System32\Utilman.exe
[2009/07/14 03:13:58 | 000,291,840 | ---- | C] () -- C:\Windows\System32\sethc.exe
[2009/07/14 03:12:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\odbcconf.exe
[2009/07/14 03:11:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\odbcad32.exe
[2009/07/14 03:07:13 | 000,060,416 | ---- | C] () -- C:\Windows\System32\SyncHost.exe
[2009/07/14 03:04:18 | 000,071,680 | ---- | C] () -- C:\Windows\System32\rrinstaller.exe
[2009/07/14 03:02:14 | 000,042,496 | ---- | C] () -- C:\Windows\System32\shadow.exe
[2009/07/14 03:02:14 | 000,042,496 | ---- | C] () -- C:\Windows\System32\rwinsta.exe
[2009/07/14 03:02:13 | 000,048,128 | ---- | C] () -- C:\Windows\System32\qwinsta.exe
[2009/07/14 03:02:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\quser.exe
[2009/07/14 03:02:11 | 000,043,008 | ---- | C] () -- C:\Windows\System32\qappsrv.exe
[2009/07/14 03:02:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\reset.exe
[2009/07/14 03:02:09 | 000,046,592 | ---- | C] () -- C:\Windows\System32\qprocess.exe
[2009/07/14 03:02:09 | 000,045,568 | ---- | C] () -- C:\Windows\System32\msg.exe
[2009/07/14 03:02:09 | 000,036,352 | ---- | C] () -- C:\Windows\System32\query.exe
[2009/07/14 03:01:50 | 000,244,736 | ---- | C] () -- C:\Windows\System32\wksprt.exe
[2009/07/14 02:59:10 | 000,124,928 | ---- | C] () -- C:\Windows\System32\verifier.exe
[2009/07/14 02:58:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\regini.exe
[2009/07/14 02:57:20 | 000,097,280 | ---- | C] () -- C:\Windows\System32\systeminfo.exe
[2009/07/14 02:56:26 | 000,111,616 | ---- | C] () -- C:\Windows\System32\NetProj.exe
[2009/07/14 02:56:15 | 000,173,568 | ---- | C] () -- C:\Windows\System32\p2phost.exe
[2009/07/14 02:55:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\upnpcont.exe
[2009/07/14 02:55:16 | 000,039,424 | ---- | C] () -- C:\Windows\System32\ROUTE.EXE
[2009/07/14 02:55:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\PING.EXE
[2009/07/14 02:55:14 | 000,034,816 | ---- | C] () -- C:\Windows\System32\PATHPING.EXE
[2009/07/14 02:55:12 | 000,048,640 | ---- | C] () -- C:\Windows\System32\NETSTAT.EXE
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:54:46 | 000,094,720 | ---- | C] () -- C:\Windows\System32\rasdial.exe
[2009/07/14 02:54:03 | 000,046,592 | ---- | C] () -- C:\Windows\System32\netiougc.exe
[2009/07/14 02:53:35 | 000,045,568 | ---- | C] () -- C:\Windows\System32\netbtugc.exe
[2009/07/14 02:53:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\nbtstat.exe
[2009/07/14 02:53:11 | 000,039,424 | ---- | C] () -- C:\Windows\System32\setupSNK.exe
[2009/07/14 02:52:34 | 000,301,056 | ---- | C] () -- C:\Windows\System32\NAPSTAT.EXE
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:47:53 | 000,074,752 | ---- | C] () -- C:\Windows\System32\MultiDigiMon.exe
[2009/07/14 02:47:42 | 000,355,840 | ---- | C] () -- C:\Windows\System32\wisptis.exe
[2009/07/14 02:44:15 | 000,146,944 | ---- | C] () -- C:\Windows\System32\mtstocom.exe
[2009/07/14 02:43:45 | 000,056,320 | ---- | C] () -- C:\Windows\System32\RpcPing.exe
[2009/07/14 02:43:07 | 000,099,328 | ---- | C] () -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/07/14 02:43:05 | 000,105,472 | ---- | C] () -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/07/14 02:42:43 | 000,173,056 | ---- | C] () -- C:\Windows\System32\wextract.exe
[2009/07/14 02:42:23 | 000,034,304 | ---- | C] () -- C:\Windows\System32\msfeedssync.exe
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 02:41:47 | 000,101,376 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/14 02:41:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\RunLegacyCPLElevated.exe
[2009/07/14 02:40:44 | 000,103,424 | ---- | C] () -- C:\Windows\System32\SystemPropertiesAdvanced.exe
[2009/07/14 02:40:43 | 000,118,784 | ---- | C] () -- C:\Windows\System32\OptionalFeatures.exe
[2009/07/14 02:40:37 | 000,278,528 | ---- | C] () -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2009/07/14 02:40:34 | 000,214,016 | ---- | C] () -- C:\Windows\System32\UserAccountControlSettings.exe
[2009/07/14 02:40:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\sbunattend.exe
[2009/07/14 02:40:24 | 000,314,368 | ---- | C] () -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2009/07/14 02:39:46 | 000,192,000 | ---- | C] () -- C:\Windows\System32\PresentationSettings.exe
[2009/07/14 02:39:42 | 000,047,616 | ---- | C] () -- C:\Windows\System32\Netplwiz.exe
[2009/07/14 02:38:53 | 000,107,008 | ---- | C] () -- C:\Windows\System32\nslookup.exe
[2009/07/14 02:38:15 | 000,180,736 | ---- | C] () -- C:\Windows\System32\net1.exe
[2009/07/14 02:37:52 | 000,348,672 | ---- | C] () -- C:\Windows\System32\nltest.exe
[2009/07/14 02:37:52 | 000,067,584 | ---- | C] () -- C:\Windows\System32\net.exe
[2009/07/14 02:37:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\VaultCmd.exe
[2009/07/14 02:37:07 | 000,058,880 | ---- | C] () -- C:\Windows\System32\VaultSysUi.exe
[2009/07/14 02:36:44 | 000,035,328 | ---- | C] () -- C:\Windows\System32\mpnotify.exe
[2009/07/14 02:36:43 | 000,347,136 | ---- | C] () -- C:\Windows\System32\slui.exe
[2009/07/14 02:34:45 | 000,053,248 | ---- | C] () -- C:\Windows\System32\setspn.exe
[2009/07/14 02:34:40 | 000,050,176 | ---- | C] () -- C:\Windows\System32\syskey.exe
[2009/07/14 02:34:14 | 000,049,664 | ---- | C] () -- C:\Windows\System32\proquota.exe
[2009/07/14 02:34:10 | 000,052,224 | ---- | C] () -- C:\Windows\System32\shutdown.exe
[2009/07/14 02:34:05 | 000,082,944 | ---- | C] () -- C:\Windows\System32\rekeywiz.exe
[2009/07/14 02:33:24 | 000,087,040 | ---- | C] () -- C:\Windows\System32\w32tm.exe
[2009/07/14 02:33:20 | 000,056,832 | ---- | C] () -- C:\Windows\System32\SecEdit.exe
[2009/07/14 02:31:51 | 000,413,184 | ---- | C] () -- C:\Windows\System32\shrpubw.exe
[2009/07/14 02:31:17 | 000,061,440 | ---- | C] () -- C:\Windows\System32\winrs.exe
[2009/07/14 02:31:17 | 000,041,984 | ---- | C] () -- C:\Windows\System32\winrshost.exe
[2009/07/14 02:30:21 | 000,197,120 | ---- | C] () -- C:\Windows\System32\wevtutil.exe
[2009/07/14 02:30:12 | 000,101,888 | ---- | C] () -- C:\Windows\System32\wecutil.exe
[2009/07/14 02:27:25 | 000,050,176 | ---- | C] () -- C:\Windows\System32\WerFaultSecure.exe
[2009/07/14 02:23:50 | 000,136,704 | ---- | C] () -- C:\Windows\System32\vssadmin.exe
[2009/07/14 02:23:37 | 000,041,472 | ---- | C] () -- C:\Windows\System32\vdsldr.exe
[2009/07/14 02:23:22 | 000,246,272 | ---- | C] () -- C:\Windows\System32\wbadmin.exe
[2009/07/14 02:23:08 | 003,388,928 | ---- | C] () -- C:\Windows\System32\WinSAT.exe
[2009/07/14 02:22:53 | 000,036,352 | ---- | C] () -- C:\Windows\System32\RmClient.exe
[2009/07/14 02:22:44 | 000,469,504 | ---- | C] () -- C:\Windows\System32\spinstall.exe
[2009/07/14 02:22:42 | 000,304,128 | ---- | C] () -- C:\Windows\System32\spreview.exe
[2009/07/14 02:22:31 | 000,231,424 | ---- | C] () -- C:\Windows\System32\PkgMgr.exe
[2009/07/14 02:22:31 | 000,036,352 | ---- | C] () -- C:\Windows\System32\secinit.exe
[2009/07/14 02:22:30 | 000,219,136 | ---- | C] () -- C:\Windows\System32\ocsetup.exe
[2009/07/14 02:20:49 | 000,717,824 | ---- | C] () -- C:\Windows\System32\psr.exe
[2009/07/14 02:20:30 | 001,004,544 | ---- | C] () -- C:\Windows\System32\msdt.exe
[2009/07/14 02:20:26 | 000,031,232 | ---- | C] () -- C:\Windows\System32\pcawrk.exe
[2009/07/14 02:20:22 | 000,037,376 | ---- | C] () -- C:\Windows\System32\pcaui.exe
[2009/07/14 02:20:21 | 000,204,288 | ---- | C] () -- C:\Windows\System32\RelPost.exe
[2009/07/14 02:20:14 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ReAgentc.exe
[2009/07/14 02:20:13 | 000,062,464 | ---- | C] () -- C:\Windows\System32\sdchange.exe
[2009/07/14 02:20:06 | 000,057,856 | ---- | C] () -- C:\Windows\System32\rdrleakdiag.exe
[2009/07/14 02:20:00 | 000,178,688 | ---- | C] () -- C:\Windows\System32\perfmon.exe
[2009/07/14 02:19:58 | 000,124,928 | ---- | C] () -- C:\Windows\System32\resmon.exe
[2009/07/14 02:19:58 | 000,058,880 | ---- | C] () -- C:\Windows\System32\relog.exe
[2009/07/14 02:19:51 | 000,033,792 | ---- | C] () -- C:\Windows\System32\pcwrun.exe
[2009/07/14 02:19:39 | 000,029,184 | ---- | C] () -- C:\Windows\System32\plasrv.exe
[2009/07/14 02:19:35 | 000,055,296 | ---- | C] () -- C:\Windows\System32\unlodctr.exe
[2009/07/14 02:18:02 | 000,046,592 | ---- | C] () -- C:\Windows\System32\netcfg.exe
[2009/07/14 02:17:19 | 000,134,144 | ---- | C] () -- C:\Windows\System32\setupugc.exe
[2009/07/14 02:16:39 | 000,055,808 | ---- | C] () -- C:\Windows\System32\PnPutil.exe
[2009/07/14 02:16:37 | 000,082,432 | ---- | C] () -- C:\Windows\System32\PnPUnattend.exe
[2009/07/14 02:16:21 | 000,089,088 | ---- | C] () -- C:\Windows\System32\sigverif.exe
[2009/07/14 02:16:17 | 000,098,304 | ---- | C] () -- C:\Windows\System32\newdev.exe
[2009/07/14 02:16:14 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ndadmin.exe
[2009/07/14 02:16:11 | 000,048,640 | ---- | C] () -- C:\Windows\System32\sxstrace.exe
[2009/07/14 02:16:01 | 000,118,784 | ---- | C] () -- C:\Windows\System32\Robocopy.exe
[2009/07/14 02:15:56 | 000,083,968 | ---- | C] () -- C:\Windows\System32\reg.exe
[2009/07/14 02:15:52 | 000,056,832 | ---- | C] () -- C:\Windows\System32\sfc.exe
[2009/07/14 02:15:45 | 000,069,120 | ---- | C] () -- C:\Windows\System32\tzutil.exe
[2009/07/14 02:15:37 | 000,064,512 | ---- | C] () -- C:\Windows\System32\whoami.exe
[2009/07/14 02:15:33 | 000,056,832 | ---- | C] () -- C:\Windows\System32\where.exe
[2009/07/14 02:15:31 | 000,067,584 | ---- | C] () -- C:\Windows\System32\setx.exe
[2009/07/14 02:15:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\waitfor.exe
[2009/07/14 02:15:29 | 000,038,400 | ---- | C] () -- C:\Windows\System32\replace.exe
[2009/07/14 02:15:25 | 000,041,472 | ---- | C] () -- C:\Windows\System32\sort.exe
[2009/07/14 02:15:25 | 000,038,912 | ---- | C] () -- C:\Windows\System32\runas.exe
[2009/07/14 02:15:25 | 000,035,328 | ---- | C] () -- C:\Windows\System32\subst.exe
[2009/07/14 02:15:25 | 000,030,720 | ---- | C] () -- C:\Windows\System32\regedt32.exe
[2009/07/14 02:15:24 | 000,083,968 | ---- | C] () -- C:\Windows\System32\openfiles.exe
[2009/07/14 02:15:17 | 000,035,328 | ---- | C] () -- C:\Windows\System32\print.exe
[2009/07/14 02:15:17 | 000,033,280 | ---- | C] () -- C:\Windows\System32\recover.exe
[2009/07/14 02:15:15 | 000,034,816 | ---- | C] () -- C:\Windows\System32\mountvol.exe
[2009/07/14 02:15:01 | 000,037,888 | ---- | C] () -- C:\Windows\System32\attrib.exe
[2009/07/14 02:13:34 | 000,092,160 | ---- | C] () -- C:\Windows\System32\MuiUnattend.exe
[2009/07/14 02:12:55 | 000,078,848 | ---- | C] () -- C:\Windows\System32\repair-bde.exe
[2009/07/14 02:12:22 | 000,042,496 | ---- | C] () -- C:\Windows\System32\sdbinst.exe
[2009/07/14 00:39:34 | 001,097,728 | ---- | C] () -- C:\Windows\System32\Narrator.exe
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/08/06 14:08:03 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: EXPLORER.EXE >
[2011/08/06 13:52:56 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\explorer.exe
[2009/07/14 04:14:20 | 002,634,752 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 08:45:39 | 002,635,776 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/08/06 13:52:56 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2009/10/31 09:00:51 | 002,635,776 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2011/02/26 08:51:13 | 002,636,288 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/25 08:30:54 | 002,637,824 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011/02/26 08:19:21 | 002,637,824 | ---- | M] () MD5=D12F3574E6A40BE9DA2DE12BD5C9EB66 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 09:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/07/14 04:14:45 | 000,307,200 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/10/28 08:52:08 | 000,307,200 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

< End of report >


Extras.txt

OTL Extras logfile created on: 8/7/2011 4:09:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\PointyEars\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.18% Memory free
4.00 Gb Paging File | 2.66 Gb Available in Paging File | 66.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 13.68 Gb Free Space | 17.85% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 78.42 Gb Free Space | 8.42% Space Free | Partition Type: NTFS

Computer Name: POINTYEARS-PC | User Name: PointyEars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"Charles_XK72" = Charles
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheatbook Database 2010" = Cheatbook Database 2010
"DAEMON Tools Pro" = DAEMON Tools Pro
"Fiddler2" = Fiddler2
"Google Chrome" = Google Chrome
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"LocK-A-FoLdeR" = LocK-A-FoLdeR
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monopoly Here & Now" = Monopoly Here & Now (remove only)
"Mozilla Firefox (3.6.19)" = Mozilla Firefox (3.6.19)
"MP4 Player" = MP4 Player
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 12.0" = RealPlayer
"StarCraft II" = StarCraft II
"TreeSize Free_is1" = TreeSize Free V2.5
"uTorrent" = µTorrent
"WinDjView" = WinDjView 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2717797368-2214164295-3706085137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2011 6:35:33 PM | Computer Name = PointyEars-PC | Source = RasClient | ID = 20227
Description =

Error - 8/6/2011 6:40:57 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 6:41:58 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 6:41:59 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 6:42:05 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 7:42:05 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 7:43:05 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 7:43:07 PM | Computer Name = PointyEars-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/7/2011 1:33:56 AM | Computer Name = PointyEars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Nh3.exe, version: 0.0.0.0, time stamp:
0x4e32c709 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000096 Fault offset: 0x00cfbeed Faulting process id: 0x9dc Faulting application
start time: 0x01cc54c2eefb4ede Faulting application path: C:\Windows\TEMP\Nh3.exe
Faulting
module path: unknown Report Id: d7ccd7ae-c0b6-11e0-a66c-6cf049a3b9a3

Error - 8/7/2011 1:33:56 AM | Computer Name = PointyEars-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Nh3.exe because of this error. Program: Nh3.exe File: The error
value is listed in the Additional Data section. User Action 1. Open the file again.
This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

[ Media Center Events ]
Error - 8/3/2011 9:22:02 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 04:22:02 AM - Error connecting to the internet. 04:22:02 AM - Unable
to contact server..

Error - 8/3/2011 9:22:08 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 04:22:07 AM - Error connecting to the internet. 04:22:07 AM - Unable
to contact server..

Error - 8/6/2011 4:39:08 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 11:39:07 PM - Error connecting to the internet. 11:39:07 PM - Unable
to contact server..

Error - 8/6/2011 4:39:41 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 11:39:37 PM - Error connecting to the internet. 11:39:37 PM - Unable
to contact server..

Error - 8/6/2011 5:40:17 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 12:40:17 AM - Error connecting to the internet. 12:40:17 AM - Unable
to contact server..

Error - 8/6/2011 5:40:54 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 12:40:46 AM - Error connecting to the internet. 12:40:46 AM - Unable
to contact server..

Error - 8/6/2011 6:41:29 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 01:41:29 AM - Error connecting to the internet. 01:41:29 AM - Unable
to contact server..

Error - 8/6/2011 6:42:04 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 01:41:58 AM - Error connecting to the internet. 01:41:58 AM - Unable
to contact server..

Error - 8/6/2011 7:42:36 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 02:42:36 AM - Error connecting to the internet. 02:42:36 AM - Unable
to contact server..

Error - 8/6/2011 7:43:07 PM | Computer Name = PointyEars-PC | Source = MCUpdate | ID = 0
Description = 02:43:05 AM - Error connecting to the internet. 02:43:05 AM - Unable
to contact server..

[ System Events ]
Error - 8/7/2011 4:34:20 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 5:05:26 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 5:35:23 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 6:05:52 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 6:35:43 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 7:05:58 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 7:35:28 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 8:05:20 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 8:35:32 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 8/7/2011 9:05:19 AM | Computer Name = PointyEars-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >


Edited by PointyEars, 07 August 2011 - 08:49 AM.


#4 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 09 August 2011 - 05:01 AM

I don't know if it helps to determine the problem but I'v also been having problems loading any microsoft websites & I can't update windows, I also cannot connect to any kaspersky site.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 10 August 2011 - 04:05 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 10 August 2011 - 03:58 PM

I am unable to run ComboFix it start extracting and then once its done a window pops up saying it is not safe and that I might have a virus called Virut.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 10 August 2011 - 04:44 PM

Hi,

could you please make sure that Antivir is disabled before running ComboFix.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 11 August 2011 - 04:30 AM

I'm still unable to run it. I read that this Virut virus is really bad and requires me to format and reinstall my OS I hope thats not the case.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:05 AM

Posted 11 August 2011 - 04:53 AM

Hi,

that would indeed be the case, however the message can be caused by other things too, which is why I would like to run a scan with Kaspersky to check for virut:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 11 August 2011 - 07:31 AM

I'm unable to load any kaspersky site is there another site I can scan with ?

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:05 PM

Posted 11 August 2011 - 12:47 PM

Hi,

Myrti is away so I'll be helping out till she returns

please do the following scan:

Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 11 August 2011 - 02:02 PM

I am unable to load any antivirus website or microsoft.

I ran rmvirut to clear away some files with the virut infection and can now access The ESET website I will start scanning now.

Edited by PointyEars, 11 August 2011 - 06:01 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:05 PM

Posted 11 August 2011 - 07:18 PM

Hi

If you find ESET is taking hours and hours to scan because of the infection, upload a few core files to virscan to confirm the virut infection:



  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:


    c:\windows\system32\userinit.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:

c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 PointyEars

PointyEars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 11 August 2011 - 07:42 PM

I attached the ESET scan .

I'll run the next scan later today as It's 2:41am here and I'm tired.

Attached Files


Edited by PointyEars, 12 August 2011 - 06:13 AM.


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:05 PM

Posted 11 August 2011 - 07:54 PM

Hi,

the scan didn't attach if you could please try attaching it again

thanks

(ps. get some rest)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users