Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

startnow redirect - firefox primarily


  • This topic is locked This topic is locked
33 replies to this topic

#1 kmf07302

kmf07302

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 06 September 2011 - 04:17 PM

Am hit up with the startnow virus...it seems to be mostly impacting firefox and mainly in not getting searches through when I use the main address bar versus the serach bar. I get a window error from firefox saying the connection can't be made...so its a real annoyance to me!

Hre are the DDS -- I am running 7 Home Prmium on 64 bit system:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Kevin at 16:57:49 on 2011-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1952 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\SysWOW64\astsrv.exe
C:\Windows\system32\dlcdcoms.exe
C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Droid Explorer\SDK\tools\adb.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\mqtgsvc.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Windows\regedit.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Music Organizer] "C:\Program Files (x86)\Music Organizer\MusicOrganizer.exe" /minimized
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-system: EnableLUA = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859}
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: google.com\mail
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{60A47C2D-5828-4877-9B13-992B516C6B11} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO-X64: Mega Manager IE Click Monitor - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Hosts: 178.32.95.1 paypal.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z083&partner_id=335&product_id=477&affiliate_id=&channel=Fileserve01&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110810&user_guid=D962FDDDBEBC45728EC959CD9DB6476B&machine_id=f2a65422ec55f8993fc1a078d862d726&browser=FF&os=win&os_version=6.1-x64-SP1&q=
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R0 ntcdrdrv;ntcdrdrv;C:\Windows\system32\DRIVERS\ntcdrdrv.sys --> C:\Windows\system32\DRIVERS\ntcdrdrv.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/21 12:15:29];C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]
R2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138};Power Control [2011/07/24 21:36:07];C:\Program Files (x86)\Cyberlink\PowerProducer\BDSDK\000.fcl [2010-7-30 146928]
R2 dlcd_device;dlcd_device;C:\Windows\system32\dlcdcoms.exe -service --> C:\Windows\system32\dlcdcoms.exe -service [?]
R2 DroidExplorerService;DroidExplorer Service;C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [2011-5-17 253952]
R2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-5-4 56200]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 Jasmio.MediaCenter.Service;Media Center Support Service;C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe [2008-11-27 81920]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-2-6 173344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-17 366640]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-3-21 386344]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\system32\DRIVERS\lvsels64.sys --> C:\Windows\system32\DRIVERS\lvsels64.sys [?]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys --> C:\Windows\system32\DRIVERS\PTSimBus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-23 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 BOTService;BOTService;"C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe" --> C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [?]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-8-20 68096]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-17 14216]
S3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk.sys --> C:\Windows\system32\drivers\eudisk.sys [?]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-17 8456]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-23 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-8-31 17152]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys --> C:\Windows\system32\DRIVERS\PTSimHid.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2011-6-9 74384]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/04 15:33:14;C:\Program Files (x86)\Cyberlink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-9 246256]
.
=============== Created Last 30 ================
.
2011-09-06 15:20:44 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B35CEBC5-7815-4872-95CA-6B10AED7587D}\mpengine.dll
2011-09-06 15:11:52 -------- d-----w- C:\Users\Kevin\AppData\Local\VMware
2011-09-06 15:08:03 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-09-06 15:08:02 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-09-06 15:07:35 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-09-06 15:07:31 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-09-06 15:07:31 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-09-06 15:07:26 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-09-06 15:07:11 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-09-06 15:07:09 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-09-06 15:06:55 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-09-06 15:06:42 -------- d-----w- C:\Program Files (x86)\VMware
2011-09-03 14:01:09 -------- d-----w- C:\Users\Kevin\AppData\Local\womble
2011-09-03 13:40:23 -------- d-----w- C:\Users\Kevin\AppData\Local\{36F453F1-3EEF-4FA1-85E8-74D231731200}
2011-09-03 13:40:13 -------- d-----w- C:\Users\Kevin\AppData\Local\{BC4DDE31-A712-446E-8A56-76BBFC1FDFC9}
2011-09-03 05:59:22 34304 ----a-w- C:\Windows\SysWow64\DfSdkBt.exe
2011-09-02 17:44:55 -------- d-----w- C:\Users\Kevin\AppData\Local\{E3051C1B-9246-41E0-A70D-037C35FA119F}
2011-09-02 17:44:16 -------- d-----w- C:\Users\Kevin\AppData\Local\{14F1D398-07A4-4024-9CDF-D3183128F80A}
2011-09-02 02:25:48 417792 ----a-w- C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-09-02 02:25:48 -------- d-----w- C:\ProgramData\Last.fm
2011-09-02 02:24:39 -------- d-----w- C:\Users\Kevin\AppData\Local\Last.fm
2011-09-02 02:24:33 -------- d-----w- C:\Program Files (x86)\Last.fm
2011-09-01 18:45:57 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys
2011-09-01 18:45:57 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys
2011-09-01 18:45:57 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys
2011-09-01 18:45:57 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys
2011-09-01 18:45:57 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys
2011-09-01 18:45:57 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys
2011-09-01 18:45:57 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys
2011-09-01 18:45:23 58704 ----a-r- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-08-31 21:54:16 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-08-31 20:06:39 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-31 20:04:49 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-08-31 16:03:31 -------- d-----w- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
2011-08-30 23:58:17 -------- d-----w- C:\Users\Kevin\AppData\Local\My_MP4Box_GUI
2011-08-30 23:54:11 -------- d-----w- C:\Program Files\My MP4Box GUI
2011-08-30 21:58:43 -------- d-----w- C:\Users\Kevin\AppData\Roaming\JAM Software
2011-08-30 21:58:38 -------- d-----w- C:\Program Files (x86)\JAM Software
2011-08-30 18:33:42 -------- d-----w- C:\Program Files\DivX
2011-08-30 18:33:37 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-08-30 18:33:28 -------- d-----w- C:\ProgramData\DivX
2011-08-30 18:33:28 -------- d-----w- C:\Program Files (x86)\DivX
2011-08-30 18:21:07 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Roxio Log Files
2011-08-30 17:22:10 -------- d-----w- C:\MoTemp
2011-08-30 12:49:38 -------- d-----w- C:\Users\Kevin\AppData\Local\StreamingFileProcessing
2011-08-30 12:49:36 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Music Organizer
2011-08-30 12:49:21 -------- d-----w- C:\Program Files (x86)\Music Organizer
2011-08-30 11:53:52 -------- d-----w- C:\Users\Kevin\AppData\Roaming\xtools
2011-08-30 11:43:58 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Aminsoft
2011-08-30 11:43:58 -------- d-----w- C:\Program Files (x86)\Aminsoft
2011-08-30 11:42:34 -------- d-----w- C:\xtools
2011-08-30 11:27:02 -------- d-----w- C:\ProgramData\DVDCoverPlus
2011-08-30 11:24:17 -------- d-----w- C:\Users\Kevin\AppData\Local\{2B04E64B-EEE1-421A-A282-7B464CFF36DF}
2011-08-30 11:24:06 -------- d-----w- C:\Users\Kevin\AppData\Local\{AE46E16E-0BD9-42FD-90B8-CA6047021869}
2011-08-30 10:24:21 -------- d-----w- C:\Users\Kevin\AppData\Local\{F9D932F4-AE9A-4B33-9C2D-E7E1C7756C00}
2011-08-30 10:24:10 -------- d-----w- C:\Users\Kevin\AppData\Local\{A543308B-B746-47DA-9172-E5B532C43788}
2011-08-30 10:23:01 -------- d-----w- C:\Program Files\Dell Photo AIO Printer 944
2011-08-30 10:16:11 -------- d-----w- C:\Windows\en
2011-08-30 10:02:53 -------- d-----w- C:\Users\Kevin\AppData\Local\{E4F0E0AB-2E40-43B3-B25D-5B1DACF0DCAD}
2011-08-30 10:02:43 -------- d-----w- C:\Users\Kevin\AppData\Local\{D53AB188-CAD7-4699-8078-B9DEE291EEC3}
2011-08-29 09:02:02 -------- d-----w- C:\ProgramData\install_clap
2011-08-29 06:56:22 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Secure-Soft Bot
2011-08-29 06:55:50 -------- d-----w- C:\Users\Kevin\AppData\Roaming\WindowsUpdates
2011-08-27 00:00:40 -------- d-----w- C:\Users\Kevin\AppData\Local\CoverEditor
2011-08-27 00:00:23 -------- d-----w- C:\Program Files (x86)\TBS Cover Editor
2011-08-26 15:10:14 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Hardcoded Software
2011-08-25 05:21:23 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Peter Souza IV
2011-08-25 04:05:04 -------- d-----w- C:\Users\Kevin\AppData\Local\{6C3D43BC-96F8-49A9-91CB-74AAEE07DF34}
2011-08-25 04:04:54 -------- d-----w- C:\Users\Kevin\AppData\Local\{F0618AFA-0334-4BCB-9D12-A541914FFCA8}
2011-08-24 07:04:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 07:04:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 23:42:42 -------- d-----w- C:\Users\Kevin\AppData\Local\sabnzbd
2011-08-23 23:40:37 -------- d-----w- C:\Program Files (x86)\SABnzbd
2011-08-23 21:46:39 -------- d-----w- C:\Users\Kevin\AppData\Local\Hardcoded Software
2011-08-23 21:46:20 -------- d-----w- C:\Program Files (x86)\Hardcoded Software
2011-08-23 18:19:03 1917416 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll
2011-08-23 18:19:03 1917416 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01005.dll
2011-08-23 18:18:51 -------- d-----w- C:\Program Files\SAMSUNG
2011-08-23 18:18:35 -------- d-----w- C:\ProgramData\Samsung
2011-08-23 11:08:30 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 6 - Patterns
2011-08-23 11:07:55 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 4 - Distortions
2011-08-23 09:51:45 -------- d-----w- C:\ProgramData\Tarma Installer
2011-08-23 07:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
2011-08-23 03:35:14 29832736 ----a-w- C:\Users\Kevin\AppData\Roaming\Angry Birds Seasons HD v1.5.1 2011 Full PC Version Setup.exe
2011-08-22 05:21:59 -------- d-----w- C:\Users\Kevin\AppData\Roaming\NCH Software
2011-08-22 04:35:48 -------- d-----w- C:\Program Files (x86)\NCH Software
2011-08-22 04:34:04 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2011-08-22 01:23:04 33888 ----a-w- C:\Windows\System32\drivers\appliand.sys
2011-08-22 01:22:55 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2011-08-22 01:22:38 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Replay Media Catcher 4
2011-08-20 05:31:34 -------- d-----r- C:\cygwin
2011-08-19 14:41:16 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Totusoft
2011-08-19 14:41:14 -------- d-----w- C:\Program Files (x86)\LAN Speed Test
2011-08-18 13:39:13 -------- d-----w- C:\Users\Kevin\AppData\Local\{ADAEF640-4C3F-4B9A-9B43-B549CBB58140}
2011-08-18 13:37:34 -------- d-----w- C:\Users\Kevin\AppData\Local\{0381D7B6-19C0-4808-A273-1A7820AE905C}
2011-08-18 09:56:59 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-08-18 03:06:34 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-08-18 02:16:37 3320192 ----a-w- C:\Windows\System32\BootMan.exe
2011-08-18 02:16:37 2469248 ----a-w- C:\Windows\SysWow64\BootMan.exe
2011-08-18 02:16:37 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2011-08-18 02:16:37 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2011-08-18 02:16:37 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2011-08-18 02:16:36 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2011-08-18 02:16:36 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2011-08-18 02:16:36 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2011-08-18 02:16:36 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2011-08-18 02:16:36 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2011-08-17 17:58:23 -------- d-----w- C:\Users\Kevin\DocumentsNYDoc
2011-08-17 15:10:06 -------- d-----w- C:\Users\Kevin\AppData\Roaming\NetMeter
2011-08-17 15:10:01 -------- d-----w- C:\Program Files (x86)\NetMeter
2011-08-17 06:15:26 1191892 ----a-w- C:\ProgramData\SPL3BDE.tmp
2011-08-16 18:13:33 -------- d-----w- C:\Users\Kevin\AppData\Local\{E936510D-4F1B-4D3E-9924-25A934747E4F}
2011-08-16 18:13:23 -------- d-----w- C:\Users\Kevin\AppData\Local\{E91EE474-1186-4726-895A-5ACC4796467A}
2011-08-16 18:02:11 -------- d-----w- C:\Users\Kevin\AppData\Local\Apple Computer
2011-08-16 17:52:14 -------- d-----w- C:\Users\Kevin\AppData\Local\{C1B5627C-405F-4CA5-A701-9D4AF8A93BF8}
2011-08-16 06:19:33 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge 3
2011-08-16 06:18:44 -------- d-----w- C:\Program Files (x86)\Filter Forge 3
2011-08-16 06:00:53 -------- d-----w- C:\ProgramData\ViceVersa PRO 2
2011-08-16 05:40:35 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
2011-08-16 00:11:48 -------- d-----w- C:\WDTV Emulator
2011-08-15 17:47:44 -------- d-----w- C:\Program Files\Applian Technologies
2011-08-15 17:17:30 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Mobipocket
2011-08-15 17:17:12 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
2011-08-15 16:41:24 -------- d-----w- C:\WDTV Builder
2011-08-13 17:21:14 -------- d-----w- C:\Users\Kevin\AppData\Roaming\VidCoder
2011-08-13 17:21:14 -------- d-----w- C:\Users\Kevin\AppData\Local\VidCoder
2011-08-13 04:17:11 557568 ----a-w- C:\Windows\SysWow64\qeditold.dll
2011-08-13 01:22:41 -------- d-----w- C:\Users\Kevin\Google Book
2011-08-12 22:25:00 -------- d-----w- C:\Users\Kevin\AppData\Roaming\ThePluginSite
2011-08-12 22:25:00 -------- d-----w- C:\Program Files (x86)\ThePluginSite
2011-08-12 22:13:24 -------- d-----w- C:\ProgramData\Premium
2011-08-12 22:13:22 -------- d-----w- C:\ProgramData\InstallMate
2011-08-12 21:49:13 -------- d-----w- C:\Program Files (x86)\Filter Forge Freepack 2 - Photo Effects
2011-08-12 21:48:53 -------- d-----w- C:\Program Files (x86)\Filter Forge Freepack 6 - Patterns
2011-08-12 21:48:37 -------- d-----w- C:\Program Files (x86)\Filter Forge Freepack 4 - Distortions
2011-08-12 05:09:48 -------- d-----w- C:\Program Files (x86)\Music Collection
2011-08-12 05:07:04 -------- d-----w- C:\Windows\SysWow64\Temp
2011-08-12 04:46:29 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 1 - Metals
2011-08-12 04:22:17 117248 ----a-w- C:\Windows\SysWow64\RestoratorContextMenu.dll
2011-08-12 04:22:16 -------- d-----w- C:\Program Files (x86)\Restorator 2007
2011-08-12 01:46:52 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F49F49FA-40FC-4B1A-A91C-8B8F77A730A1}\gapaengine.dll
2011-08-11 21:58:49 -------- d-----w- C:\Program Files (x86)\Filter Forge Freepack 1 - Metals
2011-08-11 21:47:52 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge 2
2011-08-11 21:47:06 -------- d-----w- C:\Program Files (x86)\Filter Forge 2
2011-08-11 21:10:34 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Filter Forge
2011-08-11 21:08:35 1030144 ----a-w- C:\Windows\SysWow64\dbghelp-xfw.dll
2011-08-11 13:31:52 -------- d-----w- C:\Windows\SysWow64\templates
2011-08-11 13:31:50 -------- d-----w- C:\Windows\SysWow64\res
2011-08-11 08:36:22 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Ashampoo Slideshow Studio HD 2
2011-08-11 04:18:06 -------- d-----w- C:\Users\Kevin\AppData\Local\Flash Builder
2011-08-11 03:40:20 -------- d-----w- C:\Program Files (x86)\SuperCopier2
2011-08-11 01:44:57 -------- d-----w- C:\Users\Kevin\AppData\Roaming\com.adobe.dmp.contentviewer
2011-08-11 01:44:28 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-08-11 01:26:22 -------- d-----w- C:\Users\Kevin\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2011-08-11 01:12:00 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-08-10 23:46:07 -------- d-----w- C:\ProgramData\ALM
2011-08-10 23:40:21 -------- d-----w- C:\Users\Kevin\Adobe Flash Builder 4.5
2011-08-10 20:25:38 -------- d-----w- C:\Program Files (x86)\FileServe Manager
2011-08-10 18:25:23 -------- d-----w- C:\Program Files (x86)\FilterMeister
2011-08-10 08:43:29 -------- d-----w- C:\Users\Kevin\AppData\Local\{F63BE4AD-8E9F-4E59-B67D-BB4662A7C4B9}
2011-08-10 05:04:32 -------- d-----w- C:\Program Files (x86)\Plugin Manager
2011-08-10 02:32:36 -------- d-----w- C:\Program Files (x86)\Ncesoft
2011-08-09 20:37:23 -------- d-----w- C:\Users\Kevin\AppData\Roaming\ValuSoft
2011-08-09 20:35:59 -------- d-----w- C:\games
2011-08-08 17:46:12 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-08-08 15:18:21 -------- d-----w- C:\Program Files (x86)\Angry-Birds-v1.6.2
.
==================== Find3M ====================
.
2011-08-25 10:26:59 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-08-18 03:05:27 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-08-18 03:05:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-08-14 21:36:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 01:54:45 434688 ----a-w- C:\Windows\SysWow64\ss2uinst.exe
2011-08-03 06:54:55 306176 --sha-w- C:\EUMONBMP.SYS
2011-08-01 19:59:06 45416 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 16:59:12.29 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 09 September 2011 - 06:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 10 September 2011 - 09:00 AM

Gringo
Thank you very much for not letting my request for help get buried deep into the pages! Have run Combofix and no issues during its process [it did update after launch] and I have not yet tried to browse, etc so I can't exactly tell you if there is a fix or more to do...I will await your analysis of the run and proceed from there. I will note any issues I might experiance [and of course will note improvements as wel] and report them to you after your reply.
Many many thanks!

ComboFix 11-09-10.02 - Kevin 09/10/2011 9:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2153 [GMT -4:00]
Running from: c:\users\Kevin\Documents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\ipconfig.txt
c:\programdata\SPL3BDE.tmp
c:\programdata\Tarma Installer
c:\users\Kevin\AppData\Roaming\Angry Birds Seasons HD v1.5.1 2011 Full PC Version Setup.exe
c:\users\Kevin\AppData\Roaming\EurekaLog
c:\users\Kevin\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Kevin\AppData\Roaming\inst.exe
c:\users\Kevin\AppData\Roaming\Secure-Soft Bot
c:\users\Kevin\AppData\Roaming\winupdate
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\kernel23.dll
c:\windows\SysWow64\mfc100deu.dll
c:\windows\SysWow64\ReadMe.txt
c:\windows\SysWow64\setup.ini
c:\windows\SysWow64\Temp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 13:51 . 2011-09-10 13:51 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-09-10 13:51 . 2011-09-10 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 04:06 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7ABFA80E-CF8A-4354-AEAC-3E9273A97368}\mpengine.dll
2011-09-09 04:07 . 2011-03-21 09:29 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{614A54BF-BE2B-491B-9E0E-C675D457F636}\gapaengine.dll
2011-09-08 14:27 . 2011-09-08 14:27 -------- d-----w- c:\program files (x86)\WinHex
2011-09-08 05:48 . 2011-09-08 05:48 -------- d-----w- C:\Win Ubu VM Shares
2011-09-07 20:00 . 2011-09-07 20:00 -------- d-----w- c:\program files\zabkat
2011-09-07 19:11 . 2011-09-07 19:17 -------- d-----w- c:\users\Kevin\AppData\Roaming\FileZilla
2011-09-07 19:11 . 2011-09-07 19:11 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-09-07 17:48 . 2011-08-15 18:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-07 17:47 . 2011-08-15 18:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-07 07:54 . 2011-03-26 03:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-09-07 07:54 . 2011-03-26 03:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-09-07 07:54 . 2011-03-26 03:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-09-07 07:53 . 2011-03-26 03:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-09-07 07:53 . 2011-03-26 03:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-09-07 07:53 . 2011-03-26 03:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-09-07 07:53 . 2011-03-26 03:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-09-07 07:53 . 2011-03-26 02:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-09-07 07:52 . 2011-09-07 07:52 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-09-07 07:51 . 2011-09-07 07:51 -------- d-----w- c:\program files (x86)\VMware
2011-09-07 04:56 . 2011-09-07 04:56 -------- d-----w- c:\users\Kevin\AppData\Roaming\Alien Skin
2011-09-06 15:11 . 2011-09-08 08:51 -------- d-----w- c:\users\Kevin\AppData\Local\VMware
2011-09-06 15:11 . 2011-09-09 18:29 -------- d-----w- c:\users\Kevin\AppData\Roaming\VMware
2011-09-06 15:06 . 2011-09-08 07:58 -------- d-----w- c:\programdata\VMware
2011-09-06 15:03 . 2011-09-06 15:05 -------- d-----w- c:\users\Kevin\AppData\Roaming\Download Manager
2011-09-03 14:01 . 2011-09-03 14:01 -------- d-----w- c:\users\Kevin\AppData\Local\womble
2011-09-03 05:59 . 2009-08-25 01:13 34304 ----a-w- c:\windows\SysWow64\DfSdkBt.exe
2011-09-02 02:25 . 2011-09-02 02:25 -------- d-----w- c:\programdata\Last.fm
2011-09-02 02:25 . 2008-05-13 21:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-09-02 02:24 . 2011-09-02 02:24 -------- d-----w- c:\users\Kevin\AppData\Local\Last.fm
2011-09-02 02:24 . 2011-09-02 02:24 -------- d-----w- c:\program files (x86)\Last.fm
2011-09-01 18:45 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-09-01 18:45 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-09-01 18:45 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-09-01 18:45 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-09-01 18:45 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-09-01 18:45 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-09-01 18:45 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-09-01 18:45 . 2011-09-01 18:45 58704 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-08-31 21:54 . 2011-08-31 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-31 20:06 . 2011-08-31 20:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 20:04 . 2011-08-31 20:04 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-31 20:04 . 2011-08-31 20:04 -------- d-----w- c:\programdata\Lavasoft
2011-08-31 16:03 . 2011-09-01 18:52 -------- d-----w- c:\users\Kevin\AppData\Local\ElevatedDiagnostics
2011-08-30 23:58 . 2011-08-30 23:58 -------- d-----w- c:\users\Kevin\AppData\Local\My_MP4Box_GUI
2011-08-30 23:54 . 2011-09-01 23:50 -------- d-----w- c:\program files\My MP4Box GUI
2011-08-30 21:58 . 2011-08-30 21:58 -------- d-----w- c:\users\Kevin\AppData\Roaming\JAM Software
2011-08-30 21:58 . 2011-08-30 21:58 -------- d-----w- c:\program files (x86)\JAM Software
2011-08-30 18:35 . 2011-08-30 18:35 -------- d-----w- c:\programdata\FLEXnet
2011-08-30 18:34 . 2011-08-30 18:34 -------- d-----w- c:\programdata\Sonic
2011-08-30 18:34 . 2011-09-01 06:13 -------- d-----w- c:\users\Kevin\AppData\Roaming\DivX
2011-08-30 18:33 . 2011-08-30 18:34 -------- d-----w- c:\program files\DivX
2011-08-30 18:33 . 2011-08-30 18:34 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-08-30 18:33 . 2011-08-31 16:27 -------- d-----w- c:\programdata\DivX
2011-08-30 18:33 . 2011-08-31 16:27 -------- d-----w- c:\program files (x86)\DivX
2011-08-30 18:27 . 2011-08-31 16:36 -------- d-----w- c:\programdata\Roxio
2011-08-30 18:27 . 2011-08-30 18:27 -------- d-----w- c:\programdata\Macrovision
2011-08-30 18:21 . 2011-08-30 18:38 -------- d-----w- c:\users\Kevin\AppData\Roaming\Roxio Log Files
2011-08-30 17:22 . 2011-09-09 08:21 -------- d-----w- C:\MoTemp
2011-08-30 12:49 . 2011-08-30 13:02 -------- d-----w- c:\users\Kevin\AppData\Local\StreamingFileProcessing
2011-08-30 12:49 . 2011-08-30 13:02 -------- d-----w- c:\users\Kevin\AppData\Roaming\Music Organizer
2011-08-30 12:49 . 2011-08-30 14:13 -------- d-----w- c:\program files (x86)\Music Organizer
2011-08-30 11:53 . 2011-09-03 18:11 -------- d-----w- c:\users\Kevin\AppData\Roaming\xtools
2011-08-30 11:43 . 2011-08-30 11:43 -------- d-----w- c:\users\Kevin\AppData\Roaming\Aminsoft
2011-08-30 11:43 . 2011-08-30 11:43 -------- d-----w- c:\program files (x86)\Aminsoft
2011-08-30 11:42 . 2010-03-29 20:57 -------- d-----w- C:\xtools
2011-08-30 11:27 . 2011-08-30 11:27 -------- d-----w- c:\programdata\DVDCoverPlus
2011-08-30 10:23 . 2011-08-30 10:23 -------- d-----w- c:\program files\Dell Photo AIO Printer 944
2011-08-30 10:16 . 2011-08-30 10:16 -------- d-----w- c:\windows\en
2011-08-30 10:14 . 2011-08-30 10:14 -------- d-----w- c:\program files\Windows Live
2011-08-29 09:02 . 2011-08-29 10:29 -------- d-----w- c:\programdata\install_clap
2011-08-29 06:55 . 2011-08-29 06:55 -------- d-----w- c:\users\Kevin\AppData\Roaming\WindowsUpdates
2011-08-27 00:00 . 2011-08-28 03:43 -------- d-----w- c:\users\Kevin\AppData\Local\CoverEditor
2011-08-27 00:00 . 2011-08-28 03:43 -------- d-----w- c:\program files (x86)\TBS Cover Editor
2011-08-26 15:10 . 2011-09-09 03:37 -------- d-----w- c:\users\Kevin\AppData\Roaming\Hardcoded Software
2011-08-25 05:21 . 2011-08-25 05:21 -------- d-----w- c:\users\Kevin\AppData\Roaming\Peter Souza IV
2011-08-24 07:04 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 07:04 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 23:42 . 2011-09-01 01:16 -------- d-----w- c:\users\Kevin\AppData\Local\sabnzbd
2011-08-23 23:40 . 2011-08-23 23:40 -------- d-----w- c:\program files (x86)\SABnzbd
2011-08-23 21:46 . 2011-09-09 03:37 -------- d-----w- c:\users\Kevin\AppData\Local\Hardcoded Software
2011-08-23 21:46 . 2011-09-09 03:18 -------- d-----w- c:\program files (x86)\Hardcoded Software
2011-08-23 18:19 . 2010-05-25 07:59 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-08-23 18:19 . 2010-05-25 07:59 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-08-23 18:18 . 2011-08-23 18:18 -------- d-----w- c:\program files\SAMSUNG
2011-08-23 18:18 . 2011-08-23 18:18 -------- d-----w- c:\programdata\Samsung
2011-08-23 11:08 . 2011-08-23 11:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 6 - Patterns
2011-08-23 11:07 . 2011-08-23 11:08 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 4 - Distortions
2011-08-23 07:20 . 2011-08-23 07:20 -------- d-----w- c:\program files (x86)\Microsoft Expression
2011-08-22 05:21 . 2011-08-27 23:46 -------- d-----w- c:\users\Kevin\AppData\Roaming\NCH Software
2011-08-22 05:21 . 2011-08-22 05:32 -------- d-----w- c:\programdata\NCH Software
2011-08-22 04:35 . 2011-08-27 23:47 -------- d-----w- c:\program files (x86)\NCH Software
2011-08-22 04:34 . 2011-08-22 04:37 -------- d-----w- c:\programdata\NCH Swift Sound
2011-08-22 04:34 . 2011-08-27 23:48 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2011-08-22 01:23 . 2011-06-26 00:56 33888 ----a-w- c:\windows\system32\drivers\appliand.sys
2011-08-22 01:22 . 2011-08-22 01:22 -------- d-----w- c:\program files (x86)\Applian Technologies
2011-08-22 01:22 . 2011-08-22 01:22 -------- d-----w- c:\users\Kevin\AppData\Roaming\Replay Media Catcher 4
2011-08-20 05:31 . 2011-08-23 10:30 -------- d-----r- C:\cygwin
2011-08-20 04:38 . 2011-08-20 04:38 -------- d-----w- c:\program files\7-Zip
2011-08-19 14:41 . 2011-08-19 14:41 -------- d-----w- c:\users\Kevin\AppData\Roaming\Totusoft
2011-08-19 14:41 . 2011-08-19 14:45 -------- d-----w- c:\program files (x86)\LAN Speed Test
2011-08-18 09:56 . 2011-08-18 09:56 -------- d-----w- c:\users\Kevin\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-08-18 03:06 . 2011-08-18 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-08-18 02:16 . 2011-08-03 00:48 2469248 ----a-w- c:\windows\SysWow64\BootMan.exe
2011-08-18 02:16 . 2011-08-03 00:48 3320192 ----a-w- c:\windows\system32\BootMan.exe
2011-08-18 02:16 . 2011-07-29 17:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2011-08-18 02:16 . 2011-07-29 17:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2011-08-18 02:16 . 2011-07-29 17:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-08-18 02:16 . 2011-07-29 17:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2011-08-18 02:16 . 2011-07-29 17:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2011-08-17 17:58 . 2011-09-07 18:25 -------- d-----w- c:\users\Kevin\DocumentsNYDoc
2011-08-17 15:10 . 2011-08-17 15:15 -------- d-----w- c:\users\Kevin\AppData\Roaming\NetMeter
2011-08-17 15:10 . 2011-08-20 11:48 -------- d-----w- c:\program files (x86)\NetMeter
2011-08-16 18:02 . 2011-08-16 18:02 -------- d-----w- c:\users\Kevin\AppData\Local\Apple Computer
2011-08-16 06:19 . 2011-08-26 12:38 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge 3
2011-08-16 06:18 . 2011-08-16 06:19 -------- d-----w- c:\program files (x86)\Filter Forge 3
2011-08-16 06:00 . 2011-08-16 06:00 -------- d-----w- c:\programdata\ViceVersa PRO 2
2011-08-16 05:40 . 2011-08-16 05:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
2011-08-16 00:11 . 2011-09-06 17:01 -------- d-----w- C:\WDTV Emulator
2011-08-15 18:32 . 2011-08-15 18:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 18:32 . 2011-08-15 18:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 04:01 . 2011-08-07 19:27 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2011-08-30 10:14 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-25 10:26 . 2011-03-23 01:14 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-08-18 03:05 . 2011-03-19 14:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-18 03:05 . 2003-02-21 08:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-14 21:36 . 2011-05-15 20:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10 . 2011-03-21 09:45 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-04 01:54 . 2011-08-04 01:54 434688 ----a-w- c:\windows\SysWow64\ss2uinst.exe
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-26 23:34 . 2011-06-03 01:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-26 23:34 . 2011-03-22 09:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-26 23:34 . 2011-03-20 00:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-22 05:42 . 2011-08-11 00:29 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 00:29 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 00:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 00:29 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 00:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 00:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 22:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 22:22 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 22:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 22:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 22:22 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 22:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 22:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 22:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 22:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 22:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 22:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 22:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 22:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 22:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-07-27 17:23 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-11 20:45 . 2011-06-06 00:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-07-11 20:45 . 2011-03-21 21:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-11 20:45 . 2011-03-20 22:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-11 20:45 . 2011-06-19 21:34 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-09 02:46 . 2011-08-10 22:22 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 23:52 . 2011-07-01 03:35 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-07-01 03:35 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:14 . 2011-08-08 17:46 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-06-29 23:57 . 2011-06-06 00:24 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-24 05:34 . 2011-08-10 22:22 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 05:25 . 2011-08-10 22:22 338432 ----a-w- c:\windows\system32\conhost.exe
2011-06-24 05:19 . 2011-06-24 05:19 1867264 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{09AD6FBB-2843-4644-B669-DEC30A75E8A3}\AppIcon.exe
2011-06-23 05:43 . 2011-08-10 22:22 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 hyykqubu;hyykqubu;c:\windows\system32\drivers\hyykqubu.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2011-05-17 253952]
R2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 136176]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 BOTService;BOTService;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-31 2151640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-31 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\Kevin\AppData\Local\Temp\HBCD\FindAndMount\slicedisk-x64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-07-15 74384]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/04 15:33;c:\program files (x86)\Cyberlink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-09 246256]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/21 12:15];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 01:29 146928]
S2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138};Power Control [2011/07/24 21:36];c:\program files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [2010-07-30 19:29 146928]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe [2007-01-17 566768]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Jasmio.MediaCenter.Service;Media Center Support Service;c:\program files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe [2008-11-28 81920]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 16:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 16:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-23 15:53]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 15:54]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 15:54]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 00:10]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 00:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\W7FBC\dll.dll" [2011-04-13 211968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: google.com\mail
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z083&partner_id=335&product_id=477&affiliate_id=&channel=Fileserve01&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110810&user_guid=D962FDDDBEBC45728EC959CD9DB6476B&machine_id=f2a65422ec55f8993fc1a078d862d726&browser=FF&os=win&os_version=6.1-x64-SP1&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SolutoService
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Bench Mark Test - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Utilities - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4b Audio book Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis aoTuV Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dMC Sveta Portable Audio - c:\windows\system32\SpoonUninstall.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00l\00\00\00\00\00\00\00\00"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{BD1B5EAC-B420-4d68-9AE4-DB601535D138}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|y]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|y\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0545614F-C77C-6F0C-7E2B-B77892CD81D8}*]
"iabfalmgidfobjhdfo"=hex:6a,61,61,66,6d,6d,63,6b,70,68,6d,65,6e,6e,63,67,6f,6f,
65,6e,00,00
"halfkjiajbellipe"=hex:6a,61,6e,65,6c,61,64,64,6a,65,6b,61,64,6a,63,6e,6b,68,
6e,67,00,01
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A9532A9-77CA-C909-2EC6-83F2C7B57B85}*]
"iajpbiomldkpmcjpfn"=hex:6a,61,6f,65,61,63,70,67,6c,69,68,68,6b,69,70,6d,70,63,
66,65,00,00
"hadalfnjipienomb"=hex:6a,61,6f,65,61,63,70,67,6c,69,68,68,6b,69,70,6d,70,63,
66,65,00,fe
"haehfncjkbnolecn"=hex:61,63,64,65,64,6c,67,6f,62,6b,69,6d,6c,68,69,65,61,64,
62,6c,66,6f,67,6e,69,61,63,64,6f,6e,62,64,69,6e,68,64,61,6d,69,6d,6b,65,64,\
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3B5AB6B-5947-6B66-0CC4-8AD4937071C1}*]
"iadmcdpainokgbokgc"=hex:6a,61,6f,62,69,6c,6c,6f,6c,6b,6e,65,64,63,63,62,6d,6f,
6b,6f,00,01
"hajlabmamofdommh"=hex:6a,61,6f,62,69,6c,6c,6f,6c,6b,6e,65,64,63,63,62,6d,6f,
6b,6f,00,01
"haigohohhlmdmcmm"=hex:64,63,6d,61,6f,69,62,61,65,66,6f,6f,63,68,67,6e,61,67,
6e,67,65,69,68,63,66,69,64,69,68,6f,6b,70,65,6e,6e,70,67,6f,68,6f,6e,6e,66,\
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000_Classes\Wow6432Node\CLSID\{29c2b07e-b6a5-4f90-bfc0-49b60c2fd429}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e7
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):59,98,a1,1f,d5,cd,4d,e0,bc,c8,72,ec,23,39,ff,df,a5,72,1f,8c,0c,
60,04,5e,fa,39,03,dc,25,a8,74,f6,41,81,49,a3,30,b1,17,29,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fc,ea,45,f0,b6,1a,33,22,e6,92,9a,70,84,a2,7b,db,d1,47,b1,b1,ee,
72,0a,15,dd,4b,10,90,a4,15,41,18,45,30,bb,3c,9e,90,13,91,b0,34,4f,ec,f8,89,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0545614F-C77C-6F0C-7E2B-B77892CD81D8}\InProcServer32*]
"japfbmonbgcndenimjac"=hex:6a,61,61,66,6d,6d,63,6b,70,68,6d,65,6e,6e,63,67,6f,
6f,65,6e,00,00
"iapfllahjgheidhgff"=hex:6a,61,6e,65,6c,61,64,64,6a,65,6b,61,64,6a,63,6e,6b,68,
6e,67,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{9A9532A9-77CA-C909-2EC6-83F2C7B57B85}\InProcServer32*]
"jappapihleaamppgnbnp"=hex:6a,61,6f,65,61,63,70,67,6c,69,68,68,6b,69,70,6d,70,
63,66,65,00,00
"iappkpkhgmmlnpifdp"=hex:6a,61,6f,65,61,63,70,67,6c,69,68,68,6b,69,70,6d,70,63,
66,65,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F3B5AB6B-5947-6B66-0CC4-8AD4937071C1}\InProcServer32*]
"janmjbnpngilagmnjhnm"=hex:6a,61,6f,62,69,6c,6c,6f,6c,6b,6e,65,64,63,63,62,6d,
6f,6b,6f,00,01
"ianmpclmffjicopmgo"=hex:6a,61,6f,62,69,6c,6c,6f,6c,6b,6e,65,64,63,63,62,6d,6f,
6b,6f,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fc,ea,45,f0,b6,1a,33,22,e6,92,9a,70,84,a2,7b,db,d1,47,b1,b1,ee,
72,0a,15,dd,4b,10,90,a4,15,41,18,45,30,bb,3c,9e,90,13,91,b0,34,4f,ec,f8,89,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-10 09:54:34
ComboFix-quarantined-files.txt 2011-09-10 13:54
.
Pre-Run: 219,312,087,040 bytes free
Post-Run: 219,438,452,736 bytes free
.
- - End Of File - - D51CEA56E34271DD8B536ADB689A8B20

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 10 September 2011 - 12:40 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
hyykqubu

RegNull::
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0545614F-C77C-6F0C-7E2B-B77892CD81D8}*]
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9A9532A9-77CA-C909-2EC6-83F2C7B57B85}*]
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3B5AB6B-5947-6B66-0CC4-8AD4937071C1}*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0545614F-C77C-6F0C-7E2B-B77892CD81D8}\InProcServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{9A9532A9-77CA-C909-2EC6-83F2C7B57B85}\InProcServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F3B5AB6B-5947-6B66-0CC4-8AD4937071C1}\InProcServer32*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 10 September 2011 - 01:41 PM

Here is 2nd run of combofix -- I "think" the script read, but not sure because the file is now missing from the desktop (after dragging onto CF icon). Not sure if that is normal behavior or not.
Again, the CF program updated to the newer version and reran on its own....I had gotten an error that it could not fins the licence file for iexplorer, so I chose Retry rather than abort or skip and the Combofix ran....upon the reboot I was presented with an error for
C:\Windows\system32\regsvr32.exe "Illegal operation attempted on a registry key that has been marked for deletion"
With no response after a few minutes I did clear that with the OK button and was represented with the same error 3 or 4 times when it then went back to finishing the combofix run. I hope those clicks did not ruin your plan, but had to do so in order to move forward.

I await your next steps
Most Grateful
Kevin





ComboFix 11-09-10.03 - Kevin 09/10/2011 14:08:02.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2329 [GMT -4:00]
Running from: c:\users\Kevin\Documents\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Documents\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hyykqubu
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 18:24 . 2011-09-10 18:24 -------- d--h--w- c:\windows\AxInstSV
2011-09-10 18:22 . 2011-09-10 18:22 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-09-09 04:07 . 2011-03-21 09:29 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{614A54BF-BE2B-491B-9E0E-C675D457F636}\gapaengine.dll
2011-09-08 14:27 . 2011-09-08 14:27 -------- d-----w- c:\program files (x86)\WinHex
2011-09-08 05:48 . 2011-09-08 05:48 -------- d-----w- C:\Win Ubu VM Shares
2011-09-07 20:00 . 2011-09-07 20:00 -------- d-----w- c:\program files\zabkat
2011-09-07 19:11 . 2011-09-07 19:17 -------- d-----w- c:\users\Kevin\AppData\Roaming\FileZilla
2011-09-07 19:11 . 2011-09-07 19:11 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-09-07 17:48 . 2011-08-15 18:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-07 17:47 . 2011-08-15 18:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-07 07:54 . 2011-03-26 03:43 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-09-07 07:54 . 2011-03-26 03:43 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-09-07 07:54 . 2011-03-26 03:42 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-09-07 07:53 . 2011-03-26 03:42 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-09-07 07:53 . 2011-03-26 03:41 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-09-07 07:53 . 2011-03-26 03:43 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-09-07 07:53 . 2011-03-26 03:41 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-09-07 07:53 . 2011-03-26 02:27 38512 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-09-07 07:52 . 2011-09-07 07:52 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-09-07 07:51 . 2011-09-07 07:51 -------- d-----w- c:\program files (x86)\VMware
2011-09-07 04:56 . 2011-09-07 04:56 -------- d-----w- c:\users\Kevin\AppData\Roaming\Alien Skin
2011-09-06 15:11 . 2011-09-08 08:51 -------- d-----w- c:\users\Kevin\AppData\Local\VMware
2011-09-06 15:11 . 2011-09-09 18:29 -------- d-----w- c:\users\Kevin\AppData\Roaming\VMware
2011-09-06 15:06 . 2011-09-10 18:24 -------- d-----w- c:\programdata\VMware
2011-09-06 15:03 . 2011-09-06 15:05 -------- d-----w- c:\users\Kevin\AppData\Roaming\Download Manager
2011-09-03 14:01 . 2011-09-03 14:01 -------- d-----w- c:\users\Kevin\AppData\Local\womble
2011-09-03 05:59 . 2009-08-25 01:13 34304 ----a-w- c:\windows\SysWow64\DfSdkBt.exe
2011-09-02 02:25 . 2011-09-02 02:25 -------- d-----w- c:\programdata\Last.fm
2011-09-02 02:25 . 2008-05-13 21:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-09-02 02:24 . 2011-09-02 02:24 -------- d-----w- c:\users\Kevin\AppData\Local\Last.fm
2011-09-02 02:24 . 2011-09-02 02:24 -------- d-----w- c:\program files (x86)\Last.fm
2011-09-01 18:45 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-09-01 18:45 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-09-01 18:45 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-09-01 18:45 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-09-01 18:45 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-09-01 18:45 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-09-01 18:45 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-09-01 18:45 . 2011-09-01 18:45 58704 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{9F153AD3-3523-4542-818E-AE2F92249667}\ARPPRODUCTICON.exe
2011-08-31 21:54 . 2011-08-31 20:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-31 20:06 . 2011-08-31 20:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 20:04 . 2011-08-31 20:04 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-31 20:04 . 2011-08-31 20:04 -------- d-----w- c:\programdata\Lavasoft
2011-08-31 16:03 . 2011-09-01 18:52 -------- d-----w- c:\users\Kevin\AppData\Local\ElevatedDiagnostics
2011-08-30 23:58 . 2011-08-30 23:58 -------- d-----w- c:\users\Kevin\AppData\Local\My_MP4Box_GUI
2011-08-30 23:54 . 2011-09-01 23:50 -------- d-----w- c:\program files\My MP4Box GUI
2011-08-30 21:58 . 2011-08-30 21:58 -------- d-----w- c:\users\Kevin\AppData\Roaming\JAM Software
2011-08-30 21:58 . 2011-08-30 21:58 -------- d-----w- c:\program files (x86)\JAM Software
2011-08-30 18:35 . 2011-08-30 18:35 -------- d-----w- c:\programdata\FLEXnet
2011-08-30 18:34 . 2011-08-30 18:34 -------- d-----w- c:\programdata\Sonic
2011-08-30 18:34 . 2011-09-01 06:13 -------- d-----w- c:\users\Kevin\AppData\Roaming\DivX
2011-08-30 18:33 . 2011-08-30 18:34 -------- d-----w- c:\program files\DivX
2011-08-30 18:33 . 2011-08-30 18:34 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-08-30 18:33 . 2011-08-31 16:27 -------- d-----w- c:\programdata\DivX
2011-08-30 18:33 . 2011-08-31 16:27 -------- d-----w- c:\program files (x86)\DivX
2011-08-30 18:27 . 2011-08-31 16:36 -------- d-----w- c:\programdata\Roxio
2011-08-30 18:27 . 2011-08-30 18:27 -------- d-----w- c:\programdata\Macrovision
2011-08-30 18:21 . 2011-08-30 18:38 -------- d-----w- c:\users\Kevin\AppData\Roaming\Roxio Log Files
2011-08-30 17:22 . 2011-09-09 08:21 -------- d-----w- C:\MoTemp
2011-08-30 12:49 . 2011-08-30 13:02 -------- d-----w- c:\users\Kevin\AppData\Local\StreamingFileProcessing
2011-08-30 12:49 . 2011-08-30 13:02 -------- d-----w- c:\users\Kevin\AppData\Roaming\Music Organizer
2011-08-30 12:49 . 2011-08-30 14:13 -------- d-----w- c:\program files (x86)\Music Organizer
2011-08-30 11:53 . 2011-09-03 18:11 -------- d-----w- c:\users\Kevin\AppData\Roaming\xtools
2011-08-30 11:43 . 2011-08-30 11:43 -------- d-----w- c:\users\Kevin\AppData\Roaming\Aminsoft
2011-08-30 11:43 . 2011-08-30 11:43 -------- d-----w- c:\program files (x86)\Aminsoft
2011-08-30 11:42 . 2010-03-29 20:57 -------- d-----w- C:\xtools
2011-08-30 11:27 . 2011-08-30 11:27 -------- d-----w- c:\programdata\DVDCoverPlus
2011-08-30 10:23 . 2011-08-30 10:23 -------- d-----w- c:\program files\Dell Photo AIO Printer 944
2011-08-30 10:16 . 2011-08-30 10:16 -------- d-----w- c:\windows\en
2011-08-30 10:14 . 2011-08-30 10:14 -------- d-----w- c:\program files\Windows Live
2011-08-29 09:02 . 2011-08-29 10:29 -------- d-----w- c:\programdata\install_clap
2011-08-29 06:55 . 2011-08-29 06:55 -------- d-----w- c:\users\Kevin\AppData\Roaming\WindowsUpdates
2011-08-27 00:00 . 2011-08-28 03:43 -------- d-----w- c:\users\Kevin\AppData\Local\CoverEditor
2011-08-27 00:00 . 2011-08-28 03:43 -------- d-----w- c:\program files (x86)\TBS Cover Editor
2011-08-26 15:10 . 2011-09-09 03:37 -------- d-----w- c:\users\Kevin\AppData\Roaming\Hardcoded Software
2011-08-25 05:21 . 2011-08-25 05:21 -------- d-----w- c:\users\Kevin\AppData\Roaming\Peter Souza IV
2011-08-24 07:04 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 07:04 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 23:42 . 2011-09-01 01:16 -------- d-----w- c:\users\Kevin\AppData\Local\sabnzbd
2011-08-23 23:40 . 2011-08-23 23:40 -------- d-----w- c:\program files (x86)\SABnzbd
2011-08-23 21:46 . 2011-09-09 03:37 -------- d-----w- c:\users\Kevin\AppData\Local\Hardcoded Software
2011-08-23 21:46 . 2011-09-09 03:18 -------- d-----w- c:\program files (x86)\Hardcoded Software
2011-08-23 18:19 . 2010-05-25 07:59 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-08-23 18:19 . 2010-05-25 07:59 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-08-23 18:18 . 2011-08-23 18:18 -------- d-----w- c:\program files\SAMSUNG
2011-08-23 18:18 . 2011-08-23 18:18 -------- d-----w- c:\programdata\Samsung
2011-08-23 11:08 . 2011-08-23 11:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 6 - Patterns
2011-08-23 11:07 . 2011-08-23 11:08 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 4 - Distortions
2011-08-23 07:20 . 2011-08-23 07:20 -------- d-----w- c:\program files (x86)\Microsoft Expression
2011-08-22 05:21 . 2011-08-27 23:46 -------- d-----w- c:\users\Kevin\AppData\Roaming\NCH Software
2011-08-22 05:21 . 2011-08-22 05:32 -------- d-----w- c:\programdata\NCH Software
2011-08-22 04:35 . 2011-08-27 23:47 -------- d-----w- c:\program files (x86)\NCH Software
2011-08-22 04:34 . 2011-08-22 04:37 -------- d-----w- c:\programdata\NCH Swift Sound
2011-08-22 04:34 . 2011-08-27 23:48 -------- d-----w- c:\program files (x86)\NCH Swift Sound
2011-08-22 01:23 . 2011-06-26 00:56 33888 ----a-w- c:\windows\system32\drivers\appliand.sys
2011-08-22 01:22 . 2011-08-22 01:22 -------- d-----w- c:\program files (x86)\Applian Technologies
2011-08-22 01:22 . 2011-08-22 01:22 -------- d-----w- c:\users\Kevin\AppData\Roaming\Replay Media Catcher 4
2011-08-20 05:31 . 2011-08-23 10:30 -------- d-----r- C:\cygwin
2011-08-20 04:38 . 2011-08-20 04:38 -------- d-----w- c:\program files\7-Zip
2011-08-19 14:41 . 2011-08-19 14:41 -------- d-----w- c:\users\Kevin\AppData\Roaming\Totusoft
2011-08-19 14:41 . 2011-08-19 14:45 -------- d-----w- c:\program files (x86)\LAN Speed Test
2011-08-18 09:56 . 2011-08-18 09:56 -------- d-----w- c:\users\Kevin\AppData\Roaming\Adobe Mini Bridge CS5.1
2011-08-18 03:06 . 2011-08-18 03:06 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-08-18 02:16 . 2011-08-03 00:48 2469248 ----a-w- c:\windows\SysWow64\BootMan.exe
2011-08-18 02:16 . 2011-08-03 00:48 3320192 ----a-w- c:\windows\system32\BootMan.exe
2011-08-18 02:16 . 2011-07-29 17:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2011-08-18 02:16 . 2011-07-29 17:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2011-08-18 02:16 . 2011-07-29 17:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-08-18 02:16 . 2011-07-29 17:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2011-08-18 02:16 . 2011-07-29 17:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2011-08-18 02:16 . 2011-07-29 17:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2011-08-17 17:58 . 2011-09-07 18:25 -------- d-----w- c:\users\Kevin\DocumentsNYDoc
2011-08-17 15:10 . 2011-08-17 15:15 -------- d-----w- c:\users\Kevin\AppData\Roaming\NetMeter
2011-08-17 15:10 . 2011-08-20 11:48 -------- d-----w- c:\program files (x86)\NetMeter
2011-08-16 18:02 . 2011-08-16 18:02 -------- d-----w- c:\users\Kevin\AppData\Local\Apple Computer
2011-08-16 06:19 . 2011-08-26 12:38 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge 3
2011-08-16 06:18 . 2011-08-16 06:19 -------- d-----w- c:\program files (x86)\Filter Forge 3
2011-08-16 06:00 . 2011-08-16 06:00 -------- d-----w- c:\programdata\ViceVersa PRO 2
2011-08-16 05:40 . 2011-08-16 05:45 -------- d-----w- c:\users\Kevin\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
2011-08-16 00:11 . 2011-09-06 17:01 -------- d-----w- C:\WDTV Emulator
2011-08-15 18:32 . 2011-08-15 18:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 18:32 . 2011-08-15 18:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-15 17:47 . 2011-08-15 17:47 -------- d-----w- c:\program files\Applian Technologies
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 18:24 . 2011-08-07 19:27 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2011-08-30 10:14 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-25 10:26 . 2011-03-23 01:14 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-08-18 03:05 . 2011-03-19 14:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-18 03:05 . 2003-02-21 08:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-14 21:36 . 2011-05-15 20:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 04:10 . 2011-03-21 09:45 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-04 01:54 . 2011-08-04 01:54 434688 ----a-w- c:\windows\SysWow64\ss2uinst.exe
2011-08-01 19:59 . 2011-08-01 19:59 45416 ----a-w- c:\windows\system32\drivers\point64.sys
2011-07-26 23:34 . 2011-06-03 01:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-26 23:34 . 2011-03-22 09:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-26 23:34 . 2011-03-20 00:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-22 05:42 . 2011-08-11 00:29 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 00:29 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 00:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 00:29 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 00:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 00:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 22:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 22:22 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 22:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 22:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 22:22 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 22:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 22:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 22:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 22:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 22:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 22:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 22:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 22:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 22:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 22:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-07-27 17:23 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-11 20:45 . 2011-06-06 00:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-07-11 20:45 . 2011-03-21 21:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-11 20:45 . 2011-03-20 22:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-11 20:45 . 2011-06-19 21:34 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-09 02:46 . 2011-08-10 22:22 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 23:52 . 2011-07-01 03:35 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-07-01 03:35 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:14 . 2011-08-08 17:46 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-06-29 23:57 . 2011-06-06 00:24 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-24 05:34 . 2011-08-10 22:22 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 05:25 . 2011-08-10 22:22 338432 ----a-w- c:\windows\system32\conhost.exe
2011-06-24 05:19 . 2011-06-24 05:19 1867264 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{09AD6FBB-2843-4644-B669-DEC30A75E8A3}\AppIcon.exe
2011-06-23 05:43 . 2011-08-10 22:22 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-10_13.51.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-09-10 14:07 35068 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-19 14:12 . 2011-09-10 14:07 24096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-479026946-3727890073-4004865074-1000_UserData.bin
+ 2011-03-19 08:00 . 2011-09-10 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-19 08:00 . 2011-09-08 06:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-19 08:00 . 2011-09-10 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-19 08:00 . 2011-09-08 06:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-10 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-08 06:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-08 04:01 . 2011-09-08 04:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-10 18:23 . 2011-09-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-08 04:01 . 2011-09-08 04:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-10 18:23 . 2011-09-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-19 14:12 . 2011-09-10 14:07 135522 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:01 . 2011-09-08 03:59 543452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-10 18:22 543452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-21 08:20 . 2011-09-10 18:23 52999656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-479026946-3727890073-4004865074-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-08 3417496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 136176]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 BOTService;BOTService;c:\program files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-31 2151640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-31 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\Kevin\AppData\Local\Temp\HBCD\FindAndMount\slicedisk-x64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-07-15 74384]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CLKMSVC10_90970B6B;CyberLink Product - 2011/06/04 15:33;c:\program files (x86)\Cyberlink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-09 246256]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [x]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/21 12:15];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 01:29 146928]
S2 {BD1B5EAC-B420-4d68-9AE4-DB601535D138};Power Control [2011/07/24 21:36];c:\program files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl [2010-07-30 19:29 146928]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe [2007-01-17 566768]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2011-05-17 253952]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Jasmio.MediaCenter.Service;Media Center Support Service;c:\program files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe [2008-11-28 81920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 16:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 16:07 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-23 15:53]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 15:54]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 15:54]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 00:10]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 00:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF8940.3XE" [2010-11-20 345088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{73526E5A-FD53-4BE7-B5E2-D3C89D7413DC}"= "c:\windows\W7FBC\dll.dll" [2011-04-13 211968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: google.com\mail
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z083&partner_id=335&product_id=477&affiliate_id=&channel=Fileserve01&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110810&user_guid=D962FDDDBEBC45728EC959CD9DB6476B&machine_id=f2a65422ec55f8993fc1a078d862d726&browser=FF&os=win&os_version=6.1-x64-SP1&q=
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00l\00\00\00\00\00\00\00\00"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{BD1B5EAC-B420-4d68-9AE4-DB601535D138}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|y]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*|y\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000_Classes\Wow6432Node\CLSID\{29c2b07e-b6a5-4f90-bfc0-49b60c2fd429}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e7
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-479026946-3727890073-4004865074-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):59,98,a1,1f,d5,cd,4d,e0,bc,c8,72,ec,23,39,ff,df,a5,72,1f,8c,0c,
60,04,5e,fa,39,03,dc,25,a8,74,f6,41,81,49,a3,30,b1,17,29,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fc,ea,45,f0,b6,1a,33,22,e6,92,9a,70,84,a2,7b,db,d1,47,b1,b1,ee,
72,0a,15,dd,4b,10,90,a4,15,41,18,45,30,bb,3c,9e,90,13,91,b0,34,4f,ec,f8,89,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fc,ea,45,f0,b6,1a,33,22,e6,92,9a,70,84,a2,7b,db,d1,47,b1,b1,ee,
72,0a,15,dd,4b,10,90,a4,15,41,18,45,30,bb,3c,9e,90,13,91,b0,34,4f,ec,f8,89,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\windows\SysWOW64\astsrv.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
.
**************************************************************************
.
Completion time: 2011-09-10 14:31:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 18:31
ComboFix2.txt 2011-09-10 13:54
.
Pre-Run: 217,399,218,176 bytes free
Post-Run: 216,861,413,376 bytes free
.
- - End Of File - - EE4C75AB12557C484896CB77E5D2F26F

#6 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 10 September 2011 - 01:46 PM

oops -- I forgot to add that I still can not use the Firefox main address bar for searching...I still get the same message the page was unable to load and firefox could not connect with the server at www.startnow.com. It is fine in Chrome and Microsoft and I could swith to Chrome as a primary browser if I had to but thought you should know.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 10 September 2011 - 04:30 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 10 September 2011 - 06:22 PM

Gringo:
Nothing found using TDSSKiller -- here is the report:
After the download completed I went to the directory the download manager places the file in via a right click (in order for me to move to desktop) and I was presented with the illegal operation error again but this time it was for windows explorer that performing the illegal operation on the file set for deletion. After the report ran, I have not been able to replicate it.
Next move?
Kevin



2011/09/10 19:15:35.0418 5748 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 19:15:35.0683 5748 ================================================================================
2011/09/10 19:15:35.0683 5748 SystemInfo:
2011/09/10 19:15:35.0683 5748
2011/09/10 19:15:35.0683 5748 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/10 19:15:35.0683 5748 Product type: Workstation
2011/09/10 19:15:35.0683 5748 ComputerName: SX2800
2011/09/10 19:15:35.0683 5748 UserName: Kevin
2011/09/10 19:15:35.0683 5748 Windows directory: C:\Windows
2011/09/10 19:15:35.0683 5748 System windows directory: C:\Windows
2011/09/10 19:15:35.0683 5748 Running under WOW64
2011/09/10 19:15:35.0683 5748 Processor architecture: Intel x64
2011/09/10 19:15:35.0683 5748 Number of processors: 4
2011/09/10 19:15:35.0683 5748 Page size: 0x1000
2011/09/10 19:15:35.0683 5748 Boot type: Normal boot
2011/09/10 19:15:35.0683 5748 ================================================================================
2011/09/10 19:15:40.0659 5748 Initialize success
2011/09/10 19:15:48.0023 7860 ================================================================================
2011/09/10 19:15:48.0023 7860 Scan started
2011/09/10 19:15:48.0038 7860 Mode: Manual;
2011/09/10 19:15:48.0038 7860 ================================================================================
2011/09/10 19:15:48.0272 7860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/10 19:15:48.0335 7860 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2011/09/10 19:15:48.0381 7860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/10 19:15:48.0413 7860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/10 19:15:48.0475 7860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/10 19:15:48.0537 7860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/10 19:15:48.0569 7860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/10 19:15:48.0647 7860 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/10 19:15:48.0725 7860 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/09/10 19:15:48.0771 7860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/10 19:15:48.0803 7860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/10 19:15:48.0818 7860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/10 19:15:48.0834 7860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/10 19:15:48.0865 7860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/10 19:15:48.0912 7860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/10 19:15:48.0943 7860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/10 19:15:48.0974 7860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/10 19:15:49.0021 7860 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
2011/09/10 19:15:49.0083 7860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/10 19:15:49.0146 7860 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
2011/09/10 19:15:49.0193 7860 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
2011/09/10 19:15:49.0224 7860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/10 19:15:49.0255 7860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/10 19:15:49.0333 7860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/10 19:15:49.0395 7860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/10 19:15:49.0442 7860 ATIAVPCI (598a515246b5737aefcae575db5f7b42) C:\Windows\system32\DRIVERS\atinavrr.sys
2011/09/10 19:15:49.0505 7860 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2011/09/10 19:15:49.0551 7860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/10 19:15:49.0583 7860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/10 19:15:49.0629 7860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/10 19:15:49.0692 7860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/10 19:15:49.0754 7860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/10 19:15:49.0785 7860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/10 19:15:49.0801 7860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/10 19:15:49.0863 7860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/10 19:15:49.0895 7860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/10 19:15:49.0910 7860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/10 19:15:49.0926 7860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/10 19:15:49.0941 7860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/10 19:15:50.0004 7860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/10 19:15:50.0066 7860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/10 19:15:50.0113 7860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/10 19:15:50.0129 7860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/10 19:15:50.0253 7860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/10 19:15:50.0285 7860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/10 19:15:50.0316 7860 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/10 19:15:50.0347 7860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/10 19:15:50.0378 7860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/10 19:15:50.0456 7860 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
2011/09/10 19:15:50.0503 7860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/10 19:15:50.0581 7860 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
2011/09/10 19:15:50.0628 7860 DefragFS (cec7f24e28b40829c0fd2d523e72b5d3) C:\Windows\system32\drivers\DefragFS.sys
2011/09/10 19:15:50.0690 7860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/10 19:15:50.0721 7860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/10 19:15:50.0768 7860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/10 19:15:50.0846 7860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/10 19:15:50.0940 7860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/10 19:15:51.0018 7860 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
2011/09/10 19:15:51.0111 7860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/10 19:15:51.0205 7860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/10 19:15:51.0267 7860 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/09/10 19:15:51.0345 7860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/10 19:15:51.0408 7860 EUBAKUP (09a6390583c629532407ca7af026ff91) C:\Windows\system32\drivers\eubakup.sys
2011/09/10 19:15:51.0455 7860 EUBKMON (29f22c20748e3696af0d57dc71cc6a10) C:\Windows\system32\drivers\EUBKMON.sys
2011/09/10 19:15:51.0501 7860 EUDISK (97cd68db973de9c17be205dd2de21563) C:\Windows\system32\drivers\eudisk.sys
2011/09/10 19:15:51.0548 7860 EUDSKACS (449070112444b188cf755add0627cd00) C:\Windows\system32\drivers\eudskacs.sys
2011/09/10 19:15:51.0579 7860 EUFS (6791502d2e6cb3ca67e43fe003e29e0a) C:\Windows\system32\drivers\eufs.sys
2011/09/10 19:15:51.0626 7860 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/09/10 19:15:51.0689 7860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/10 19:15:51.0704 7860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/10 19:15:51.0751 7860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/10 19:15:51.0782 7860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/10 19:15:51.0798 7860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/10 19:15:51.0845 7860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/10 19:15:51.0876 7860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/10 19:15:51.0923 7860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/10 19:15:51.0954 7860 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/10 19:15:51.0985 7860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/10 19:15:52.0016 7860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/10 19:15:52.0094 7860 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
2011/09/10 19:15:52.0110 7860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/10 19:15:52.0188 7860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/09/10 19:15:52.0235 7860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/10 19:15:52.0235 7860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/10 19:15:52.0266 7860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/10 19:15:52.0313 7860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/10 19:15:52.0359 7860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/10 19:15:52.0391 7860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/10 19:15:52.0437 7860 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/09/10 19:15:52.0500 7860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/10 19:15:52.0562 7860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/10 19:15:52.0609 7860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/10 19:15:52.0671 7860 iaStor (756879fa65978df948437ce3fd1eaccd) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/10 19:15:52.0734 7860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/10 19:15:52.0812 7860 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
2011/09/10 19:15:52.0999 7860 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/10 19:15:53.0186 7860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/10 19:15:53.0295 7860 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/10 19:15:53.0405 7860 IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
2011/09/10 19:15:53.0467 7860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/10 19:15:53.0498 7860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/10 19:15:53.0545 7860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/10 19:15:53.0576 7860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/10 19:15:53.0607 7860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/10 19:15:53.0654 7860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/10 19:15:53.0670 7860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/10 19:15:53.0685 7860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/10 19:15:53.0748 7860 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/09/10 19:15:53.0826 7860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/10 19:15:53.0857 7860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/10 19:15:53.0888 7860 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/10 19:15:53.0919 7860 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/10 19:15:53.0935 7860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/10 19:15:54.0029 7860 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/09/10 19:15:54.0091 7860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/10 19:15:54.0153 7860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/10 19:15:54.0185 7860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/10 19:15:54.0200 7860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/10 19:15:54.0231 7860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/10 19:15:54.0247 7860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/10 19:15:54.0325 7860 LVcKap64 (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
2011/09/10 19:15:54.0434 7860 LVMVDrv (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/09/10 19:15:54.0543 7860 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
2011/09/10 19:15:54.0621 7860 LVPr2Mon (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/09/10 19:15:54.0684 7860 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/09/10 19:15:54.0731 7860 lvsels64 (99bcd802fe1c480e94dcb29d904f56cc) C:\Windows\system32\DRIVERS\lvsels64.sys
2011/09/10 19:15:54.0793 7860 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\DRIVERS\LVUSBS64.sys
2011/09/10 19:15:54.0902 7860 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/09/10 19:15:55.0027 7860 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/09/10 19:15:55.0105 7860 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/10 19:15:55.0199 7860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/10 19:15:55.0230 7860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/10 19:15:55.0245 7860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/10 19:15:55.0292 7860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/10 19:15:55.0339 7860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/10 19:15:55.0386 7860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/10 19:15:55.0448 7860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/10 19:15:55.0511 7860 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/09/10 19:15:55.0542 7860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/10 19:15:55.0573 7860 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/09/10 19:15:55.0604 7860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/10 19:15:55.0667 7860 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
2011/09/10 19:15:55.0713 7860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/10 19:15:55.0760 7860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/10 19:15:55.0791 7860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/10 19:15:55.0823 7860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/10 19:15:55.0838 7860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/10 19:15:55.0869 7860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/10 19:15:55.0963 7860 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/09/10 19:15:55.0979 7860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/10 19:15:56.0025 7860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/10 19:15:56.0041 7860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/10 19:15:56.0088 7860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/10 19:15:56.0150 7860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/10 19:15:56.0181 7860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/10 19:15:56.0228 7860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/10 19:15:56.0244 7860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/10 19:15:56.0275 7860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/10 19:15:56.0291 7860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/10 19:15:56.0322 7860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/10 19:15:56.0384 7860 NAL (4cf5be64c2ecd3dd346a3a85128cc62e) C:\Windows\system32\Drivers\iqvw64e.sys
2011/09/10 19:15:56.0447 7860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/10 19:15:56.0509 7860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/10 19:15:56.0571 7860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/10 19:15:56.0618 7860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/10 19:15:56.0665 7860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/10 19:15:56.0712 7860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/10 19:15:56.0743 7860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/10 19:15:56.0790 7860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/10 19:15:56.0821 7860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/10 19:15:57.0008 7860 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/09/10 19:15:57.0149 7860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/10 19:15:57.0180 7860 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/09/10 19:15:57.0242 7860 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/09/10 19:15:57.0273 7860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/10 19:15:57.0305 7860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/10 19:15:57.0367 7860 ntcdrdrv (b9d4056cd02e2b18413bcbc43b0bae65) C:\Windows\system32\DRIVERS\ntcdrdrv.sys
2011/09/10 19:15:57.0429 7860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/10 19:15:57.0476 7860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/10 19:15:57.0539 7860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/10 19:15:57.0570 7860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/10 19:15:57.0601 7860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/10 19:15:57.0632 7860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/10 19:15:57.0663 7860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/10 19:15:57.0695 7860 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/10 19:15:57.0773 7860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/10 19:15:57.0788 7860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/10 19:15:57.0819 7860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/10 19:15:57.0866 7860 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/09/10 19:15:57.0897 7860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/10 19:15:57.0960 7860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/10 19:15:58.0069 7860 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
2011/09/10 19:15:58.0147 7860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/10 19:15:58.0163 7860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/10 19:15:58.0225 7860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/10 19:15:58.0256 7860 PTSimBus (225d3660f926fe761bc8ce10c512aa02) C:\Windows\system32\DRIVERS\PTSimBus.sys
2011/09/10 19:15:58.0287 7860 PTSimHid (bd2194786abaf4860f41118c0c103e7b) C:\Windows\system32\DRIVERS\PTSimHid.sys
2011/09/10 19:15:58.0350 7860 pwdrvio (da3964d8fb8798dc741abaca9ed1b99d) C:\Windows\system32\pwdrvio.sys
2011/09/10 19:15:58.0428 7860 pwdspio (a55ed5a63d0178a41ea05ac50a60f89a) C:\Windows\system32\pwdspio.sys
2011/09/10 19:15:58.0490 7860 PxHlpa64 (f2eecf8977bd3fe4e38743ddcfbecd20) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/10 19:15:58.0521 7860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/10 19:15:58.0584 7860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/10 19:15:58.0599 7860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/10 19:15:58.0631 7860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/10 19:15:58.0677 7860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/10 19:15:58.0724 7860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/10 19:15:58.0755 7860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/10 19:15:58.0802 7860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/10 19:15:58.0849 7860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/10 19:15:58.0865 7860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/10 19:15:58.0896 7860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/10 19:15:58.0943 7860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/10 19:15:58.0958 7860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/10 19:15:59.0005 7860 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/10 19:15:59.0052 7860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/10 19:15:59.0145 7860 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/09/10 19:15:59.0192 7860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/10 19:15:59.0301 7860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/10 19:15:59.0348 7860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/10 19:15:59.0411 7860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/10 19:15:59.0457 7860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/10 19:15:59.0489 7860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/10 19:15:59.0520 7860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/10 19:15:59.0567 7860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/10 19:15:59.0582 7860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/10 19:15:59.0598 7860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/10 19:15:59.0629 7860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/10 19:15:59.0676 7860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/10 19:15:59.0691 7860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/10 19:15:59.0863 7860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/10 19:15:59.0925 7860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/10 19:15:59.0988 7860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/10 19:16:00.0003 7860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/10 19:16:00.0035 7860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/10 19:16:00.0097 7860 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/09/10 19:16:00.0144 7860 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/09/10 19:16:00.0191 7860 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/09/10 19:16:00.0237 7860 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/10 19:16:00.0284 7860 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/09/10 19:16:00.0331 7860 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/09/10 19:16:00.0378 7860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/10 19:16:00.0440 7860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/10 19:16:00.0549 7860 TClass2k (530a7f0966493dd437e4342f12ccd63b) C:\Windows\system32\DRIVERS\TClass2k.sys
2011/09/10 19:16:00.0627 7860 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/10 19:16:00.0737 7860 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/10 19:16:00.0783 7860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/10 19:16:00.0815 7860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/10 19:16:00.0815 7860 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/10 19:16:00.0861 7860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/10 19:16:00.0877 7860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/10 19:16:00.0955 7860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/10 19:16:01.0002 7860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/10 19:16:01.0049 7860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/10 19:16:01.0064 7860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/10 19:16:01.0095 7860 UCTblHid (01662b4865fdb282677b11cf416757ce) C:\Windows\system32\DRIVERS\UCTblHid.sys
2011/09/10 19:16:01.0142 7860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/10 19:16:01.0205 7860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/10 19:16:01.0251 7860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/10 19:16:01.0267 7860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/10 19:16:01.0361 7860 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/10 19:16:01.0407 7860 usbbus (e4eb7dd07eeca792a2982ce4622be04b) C:\Windows\system32\DRIVERS\lgx64bus.sys
2011/09/10 19:16:01.0439 7860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/10 19:16:01.0501 7860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/10 19:16:01.0563 7860 UsbDiag (b4074dd520e0e66bd122d510ebf94468) C:\Windows\system32\DRIVERS\lgx64diag.sys
2011/09/10 19:16:01.0595 7860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/10 19:16:01.0641 7860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/10 19:16:01.0704 7860 USBModem (52870ddcf2ad4f8c451ba1c0cf3bf838) C:\Windows\system32\DRIVERS\lgx64modem.sys
2011/09/10 19:16:01.0719 7860 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/10 19:16:01.0766 7860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/10 19:16:01.0829 7860 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/10 19:16:01.0860 7860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/10 19:16:01.0907 7860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/10 19:16:01.0953 7860 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/10 19:16:02.0016 7860 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/10 19:16:02.0078 7860 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/09/10 19:16:02.0109 7860 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/09/10 19:16:02.0156 7860 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/09/10 19:16:02.0203 7860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/10 19:16:02.0234 7860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/10 19:16:02.0265 7860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/10 19:16:02.0297 7860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/10 19:16:02.0312 7860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/10 19:16:02.0375 7860 vmci (312aec23a85424543af898a59209b479) C:\Windows\system32\drivers\vmci.sys
2011/09/10 19:16:02.0421 7860 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
2011/09/10 19:16:02.0468 7860 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/09/10 19:16:02.0531 7860 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/09/10 19:16:02.0577 7860 VMnetuserif (56d547bfc3f1619fa82ec9ef5d24e802) C:\Windows\system32\drivers\vmnetuserif.sys
2011/09/10 19:16:02.0640 7860 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
2011/09/10 19:16:02.0702 7860 vmx86 (62cd5a87fde14701506d4e0dd8f13d2e) C:\Windows\system32\drivers\vmx86.sys
2011/09/10 19:16:02.0733 7860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/10 19:16:02.0780 7860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/10 19:16:02.0811 7860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/10 19:16:02.0843 7860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/10 19:16:02.0967 7860 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
2011/09/10 19:16:02.0999 7860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/10 19:16:03.0030 7860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/10 19:16:03.0077 7860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/10 19:16:03.0092 7860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/10 19:16:03.0170 7860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/10 19:16:03.0186 7860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/10 19:16:03.0279 7860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/10 19:16:03.0311 7860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/10 19:16:03.0404 7860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/10 19:16:03.0467 7860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/10 19:16:03.0529 7860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/10 19:16:03.0591 7860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/10 19:16:03.0607 7860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/10 19:16:03.0716 7860 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/09/10 19:16:03.0872 7860 {BD1B5EAC-B420-4d68-9AE4-DB601535D138} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\000.fcl
2011/09/10 19:16:03.0888 7860 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
2011/09/10 19:16:03.0950 7860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/09/10 19:16:03.0966 7860 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk5\DR5
2011/09/10 19:16:03.0981 7860 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk7\DR7
2011/09/10 19:16:03.0997 7860 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk8\DR8
2011/09/10 19:16:04.0013 7860 Boot (0x1200) (4643f5704130f852cba1fb35a65502f3) \Device\Harddisk0\DR0\Partition0
2011/09/10 19:16:04.0028 7860 Boot (0x1200) (1026d1815c9dc38d92cfcaafc4b4a45f) \Device\Harddisk1\DR1\Partition0
2011/09/10 19:16:04.0044 7860 Boot (0x1200) (c5aba78d30379543a0aebd9c765e354b) \Device\Harddisk1\DR1\Partition1
2011/09/10 19:16:04.0059 7860 Boot (0x1200) (28f5d32e8db83daa8e6b9e25001fd2f7) \Device\Harddisk5\DR5\Partition0
2011/09/10 19:16:04.0075 7860 Boot (0x1200) (c4f4692469f70c9a68991dbde2392415) \Device\Harddisk7\DR7\Partition0
2011/09/10 19:16:04.0091 7860 Boot (0x1200) (1442c1e0adc67fac6cde5d8d5e521133) \Device\Harddisk8\DR8\Partition0
2011/09/10 19:16:04.0091 7860 ================================================================================
2011/09/10 19:16:04.0091 7860 Scan finished
2011/09/10 19:16:04.0091 7860 ================================================================================
2011/09/10 19:16:04.0106 8560 Detected object count: 0
2011/09/10 19:16:04.0106 8560 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 11 September 2011 - 04:33 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 11 September 2011 - 05:49 PM

Gringo:
Here is the OTL
************************************************************************************
OTL logfile created on: 9/11/2011 6:00:50 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Kevin\Documents\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 34.13% Memory free
7.93 Gb Paging File | 5.18 Gb Available in Paging File | 65.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 214.31 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
Drive K: | 931.28 Gb Total Space | 143.52 Gb Free Space | 15.41% Space Free | Partition Type: FAT32
Drive Q: | 596.07 Gb Total Space | 214.31 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
Drive U: | 913.09 Gb Total Space | 228.65 Gb Free Space | 25.04% Space Free | Partition Type: NTFS
Drive W: | 596.07 Gb Total Space | 214.31 Gb Free Space | 35.95% Space Free | Partition Type: NTFS
Drive Y: | 931.28 Gb Total Space | 143.52 Gb Free Space | 15.41% Space Free | Partition Type: FAT32
Drive Z: | 931.28 Gb Total Space | 143.52 Gb Free Space | 15.41% Space Free | Partition Type: FAT32

Computer Name: SX2800 | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Kevin\Documents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Droid Explorer\SDK\tools\adb.exe ()
PRC - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vprintproxy.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (SFX TEAM)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\sigc-2.0.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\glibmm-2.4.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\libcurl.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\liblber.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\libldap_r.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Workstation\libcds.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (DroidExplorerService) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe (Ryan Conrad)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\Drivers\WTSRV.EXE (Tablet Driver)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (Jasmio.MediaCenter.Service) -- C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe ()
SRV:64bit: - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV:64bit: - (LVPrcS64) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (dlcd_device) -- C:\Windows\SysNative\dlcdcoms.exe ( )
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EASEUS Agent) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (CLKMSVC10_90970B6B) -- C:\Program Files (x86)\Cyberlink\PowerProducer\BDSDK\NavFilter\kmsvc.exe (CyberLink)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (dlcd_device) -- C:\Windows\SysWow64\dlcdcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (PDFSFilter) -- C:\Windows\SysNative\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUFS) -- C:\Windows\SysNative\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUDISK) -- C:\Windows\SysNative\drivers\eudisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (ntcdrdrv) -- C:\Windows\SysNative\drivers\ntcdrdrv.sys (NoteBurn Software)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (LVUVC64) QuickCam Orbit/Sphere MP(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (lvsels64) -- C:\Windows\SysNative\drivers\lvsels64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ATIAVPCI) -- C:\Windows\SysNative\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2Mon.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\drivers\LVMVdrv.sys (Logitech Inc.)
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\drivers\LVCKap64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - ({BD1B5EAC-B420-4d68-9AE4-DB601535D138}) -- C:\Program Files (x86)\Cyberlink\PowerProducer\BDSDK\000.fcl (CyberLink Corp.)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 94 DD 91 0A E8 CB 01 [binary data]
IE - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/08/17 23:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/08/17 23:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/17 23:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/03/28 21:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/10 20:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/30 14:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/09/09 22:47:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/08/17 23:06:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kevin\AppData\Roaming\IDM\idmmzcc5 [2011/09/11 14:51:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Kevin\AppData\Roaming\IDM\idmmzcc5 [2011/09/11 14:51:58 | 000,000,000 | ---D | M]

[2011/03/21 02:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2011/09/08 00:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\extensions
[2011/08/11 22:56:22 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/09/08 00:02:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/13 00:34:15 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2011/07/24 23:49:38 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\eij5owu3.default\extensions\support@lastpass.com
[2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM

O1 HOSTS File: ([2011/09/10 17:27:11 | 000,000,107 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3:64bit: - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/05/31 19:01:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-479026946-3727890073-4004865074-1000\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60A47C2D-5828-4877-9B13-992B516C6B11}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O22:64bit: - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\W7FBC\dll.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 17:56:02 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Documents\Desktop\OTL.exe
[2011/09/11 07:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2011/09/11 07:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2011/09/10 23:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/09/10 23:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/09/10 23:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Raxco
[2011/09/10 23:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco
[2011/09/10 19:12:11 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Documents\Desktop\tdsskiller.exe
[2011/09/10 14:56:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/10 09:35:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/10 09:35:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/10 09:35:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/10 09:34:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/10 09:34:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/09 22:51:23 | 004,201,507 | R--- | C] (Swearware) -- C:\Users\Kevin\Documents\Desktop\ComboFix.exe
[2011/09/09 19:46:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Desktop\WorkingReelTime 2f
[2011/09/08 23:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
[2011/09/08 10:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinHex
[2011/09/08 10:24:32 | 000,143,984 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2011/09/08 01:48:40 | 000,000,000 | ---D | C] -- C:\Win Ubu VM Shares
[2011/09/07 16:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[2011/09/07 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\zabkat
[2011/09/07 15:11:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\FileZilla
[2011/09/07 15:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/09/07 15:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/09/07 14:48:42 | 000,079,888 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2011/09/07 12:20:18 | 000,268,552 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\PDBoot.exe
[2011/09/07 08:42:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{0A5B4BF5-A538-4413-99F0-524DF43192D8}
[2011/09/07 08:42:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{4E61F852-EF70-4C40-BB01-F1380530E30A}
[2011/09/07 03:54:38 | 000,081,008 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/09/07 03:54:36 | 000,068,720 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/09/07 03:54:03 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/09/07 03:53:59 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/09/07 03:53:59 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/09/07 03:53:46 | 000,968,816 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/09/07 03:53:21 | 000,031,856 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011/09/07 03:53:19 | 000,038,512 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/09/07 03:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/09/07 03:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/09/07 03:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2011/09/07 00:56:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Alien Skin
[2011/09/06 16:56:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Documents\Desktop\dds.scr
[2011/09/06 11:13:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Virtual Machines
[2011/09/06 11:11:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VMware
[2011/09/06 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\VMware
[2011/09/06 11:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011/09/06 11:03:26 | 109,212,672 | ---- | C] (VMware, Inc.) -- C:\Users\Kevin\Documents\VMware-player-3.1.4-385536.exe
[2011/09/06 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Download Manager
[2011/09/06 09:59:23 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kevin\Documents\Desktop\GooredFix.exe
[2011/09/06 09:56:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Desktop\osd2
[2011/09/03 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\womble
[2011/09/03 09:40:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{36F453F1-3EEF-4FA1-85E8-74D231731200}
[2011/09/03 09:40:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{BC4DDE31-A712-446E-8A56-76BBFC1FDFC9}
[2011/09/03 01:59:22 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysWow64\DfSdkBt.exe
[2011/09/02 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E3051C1B-9246-41E0-A70D-037C35FA119F}
[2011/09/02 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{14F1D398-07A4-4024-9CDF-D3183128F80A}
[2011/09/01 22:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/09/01 22:24:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Last.fm
[2011/09/01 22:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/09/01 22:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2011/09/01 14:45:57 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011/09/01 14:45:57 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011/09/01 14:45:57 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011/09/01 14:45:57 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011/09/01 14:45:57 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011/09/01 14:45:57 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011/09/01 14:45:57 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011/08/31 16:06:39 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/31 16:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/31 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/08/31 16:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/31 12:10:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Registry Backups
[2011/08/31 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics
[2011/08/30 19:58:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\My_MP4Box_GUI
[2011/08/30 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\My MP4Box GUI
[2011/08/30 17:58:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\JAM Software
[2011/08/30 17:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional
[2011/08/30 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software
[2011/08/30 17:57:48 | 007,969,400 | ---- | C] (JAM Software ) -- C:\Users\Kevin\Documents\Desktop\setup_pro.exe
[2011/08/30 14:48:35 | 000,000,000 | R--D | C] -- C:\Users\Public\Desktop\Installation Log Files
[2011/08/30 14:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/08/30 14:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2011/08/30 14:34:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DivX
[2011/08/30 14:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/08/30 14:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/30 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/08/30 14:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/08/30 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/08/30 14:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/08/30 14:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2011/08/30 14:21:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Roxio Log Files
[2011/08/30 13:22:10 | 000,000,000 | ---D | C] -- C:\MoTemp
[2011/08/30 08:49:38 | 000,000,000 | --SD | C] -- C:\Users\Kevin\Documents\Desktop\Music Organizer Source folder
[2011/08/30 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\StreamingFileProcessing
[2011/08/30 08:49:36 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Music Organizer
[2011/08/30 08:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Music Organizer
[2011/08/30 07:53:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\xtools
[2011/08/30 07:44:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Add-in Express
[2011/08/30 07:43:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Aminsoft
[2011/08/30 07:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aminsoft
[2011/08/30 07:42:34 | 000,000,000 | ---D | C] -- C:\xtools
[2011/08/30 07:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DVDCoverPlus
[2011/08/30 07:24:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{2B04E64B-EEE1-421A-A282-7B464CFF36DF}
[2011/08/30 07:24:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{AE46E16E-0BD9-42FD-90B8-CA6047021869}
[2011/08/30 06:24:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F9D932F4-AE9A-4B33-9C2D-E7E1C7756C00}
[2011/08/30 06:24:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A543308B-B746-47DA-9172-E5B532C43788}
[2011/08/30 06:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Photo AIO Printer 944
[2011/08/30 06:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Photo AIO Printer 944
[2011/08/30 06:22:48 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdserv.dll
[2011/08/30 06:22:48 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdusb1.dll
[2011/08/30 06:22:48 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdhcp.dll
[2011/08/30 06:22:48 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdinpa.dll
[2011/08/30 06:22:48 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdiesc.dll
[2011/08/30 06:22:47 | 000,983,092 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dlcdgf.dll
[2011/08/30 06:22:47 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdhbn3.dll
[2011/08/30 06:22:47 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdlmpm.dll
[2011/08/30 06:22:47 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdpmui.dll
[2011/08/30 06:22:47 | 000,233,968 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdih.exe
[2011/08/30 06:22:47 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdprox.dll
[2011/08/30 06:22:47 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdpplc.dll
[2011/08/30 06:22:46 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdcomc.dll
[2011/08/30 06:22:46 | 000,566,768 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdcoms.exe
[2011/08/30 06:22:46 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdcomm.dll
[2011/08/30 06:22:46 | 000,236,528 | ---- | C] ( ) -- C:\Windows\SysNative\dlcdcfg.exe
[2011/08/30 06:16:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/30 06:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/08/30 06:02:53 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E4F0E0AB-2E40-43B3-B25D-5B1DACF0DCAD}
[2011/08/30 06:02:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{D53AB188-CAD7-4699-8078-B9DEE291EEC3}
[2011/08/29 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Expression
[2011/08/29 05:16:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Cyberlink
[2011/08/29 05:13:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Avatar
[2011/08/29 05:04:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Youcam
[2011/08/29 05:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2011/08/29 02:55:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WindowsUpdates
[2011/08/29 00:30:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop
[2011/08/28 02:27:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Desktop\RT2_MUSIC CD_590x600
[2011/08/28 02:27:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Desktop\RT2_MUSIC CD_1280x720
[2011/08/26 20:00:40 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\CoverEditor
[2011/08/26 20:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TBS Cover Editor
[2011/08/26 12:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick 3D Cover
[2011/08/26 11:10:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Hardcoded Software
[2011/08/25 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2011/08/25 01:21:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Peter Souza IV
[2011/08/25 00:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{6C3D43BC-96F8-49A9-91CB-74AAEE07DF34}
[2011/08/25 00:04:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F0618AFA-0334-4BCB-9D12-A541914FFCA8}
[2011/08/23 19:43:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Downloads
[2011/08/23 19:42:42 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\sabnzbd
[2011/08/23 19:40:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
[2011/08/23 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2011/08/23 17:46:39 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Hardcoded Software
[2011/08/23 17:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru Music Edition
[2011/08/23 17:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hardcoded Software
[2011/08/23 14:19:03 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01005.dll
[2011/08/23 14:19:03 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01005.dll
[2011/08/23 14:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2011/08/23 14:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011/08/23 07:08:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 6 - Patterns
[2011/08/23 07:07:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 4 - Distortions
[2011/08/23 03:57:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Desktop\Games
[2011/08/23 03:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/08/23 03:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
[2011/08/22 01:21:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\NCH Software
[2011/08/22 01:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/22 00:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/08/22 00:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2011/08/22 00:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slice Audio File Splitter
[2011/08/22 00:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2011/08/22 00:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt
[2011/08/21 21:23:04 | 000,033,888 | ---- | C] (Applian Technologies Inc.) -- C:\Windows\SysNative\drivers\appliand.sys
[2011/08/21 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2011/08/21 21:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2011/08/21 21:22:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Replay Media Catcher 4
[2011/08/20 03:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Singular CAS
[2011/08/20 03:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2011/08/20 03:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
[2011/08/20 01:31:34 | 000,000,000 | R--D | C] -- C:\cygwin
[2011/08/20 00:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/20 00:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/19 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Totusoft
[2011/08/19 10:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAN Speed Test
[2011/08/18 09:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{ADAEF640-4C3F-4B9A-9B43-B549CBB58140}
[2011/08/18 09:37:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{0381D7B6-19C0-4808-A273-1A7820AE905C}
[2011/08/18 05:56:59 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe Mini Bridge CS5.1
[2011/08/18 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/18 03:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/17 23:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/08/17 22:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.0.0 Professional Edition
[2011/08/17 13:58:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\DocumentsNYDoc
[2011/08/17 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\NetMeter
[2011/08/17 11:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter
[2011/08/17 01:32:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BookCAT
[2011/08/16 14:13:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E936510D-4F1B-4D3E-9924-25A934747E4F}
[2011/08/16 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E91EE474-1186-4726-895A-5ACC4796467A}
[2011/08/16 14:02:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Apple Computer
[2011/08/16 13:52:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{C1B5627C-405F-4CA5-A701-9D4AF8A93BF8}
[2011/08/16 02:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 3
[2011/08/16 02:19:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Filter Forge 3
[2011/08/16 02:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Filter Forge 3
[2011/08/16 02:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ViceVersa PRO 2
[2011/08/16 01:40:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/08/15 20:11:48 | 000,000,000 | ---D | C] -- C:\WDTV Emulator
[2011/08/15 14:32:08 | 000,320,816 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
[2011/08/15 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/08/15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My eBooks
[2011/08/15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mobipocket
[2011/08/15 13:17:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2011/08/15 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobipocket.com
[2011/08/13 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\VidCoder
[2011/08/13 13:21:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VidCoder
[2011/08/13 11:28:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Wicked Murney
[2011/08/12 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Google Book
[2011/08/12 18:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Plugin Site
[2011/08/12 18:25:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ThePluginSite
[2011/08/12 18:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThePluginSite
[2011/08/12 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/08/12 18:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/06/04 23:12:46 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdhcp.dll
[2011/06/04 23:12:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdpmui.dll
[2011/06/04 23:12:45 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdinpa.dll
[2011/06/04 23:12:45 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdiesc.dll
[2011/06/04 23:12:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdserv.dll
[2011/06/04 23:12:44 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdusb1.dll
[2011/06/04 23:12:44 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdhbn3.dll
[2011/06/04 23:12:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdlmpm.dll
[2011/06/04 23:12:44 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdih.exe
[2011/06/04 23:12:44 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdppls.exe
[2011/06/04 23:12:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdprox.dll
[2011/06/04 23:12:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdpplc.dll
[2011/06/04 23:12:43 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdcomc.dll
[2011/06/04 23:12:43 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdcoms.exe
[2011/06/04 23:12:43 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdcomm.dll
[2011/06/04 23:12:43 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcdcfg.exe
[2011/05/11 22:43:10 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kevin\AppData\Roaming\pcouffin.sys
[2011/03/12 19:29:56 | 597,789,096 | ---- | C] (VMware, Inc.) -- C:\Users\Kevin\AppData\Roaming\VMware-workstation-full-7.1.3-324285.exe
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 17:56:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Documents\Desktop\OTL.exe
[2011/09/11 17:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000UA.job
[2011/09/11 17:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/11 16:53:09 | 000,022,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 16:53:09 | 000,022,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 13:14:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/09/11 13:04:43 | 000,001,025 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Dropbox.lnk
[2011/09/11 13:04:43 | 000,000,999 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/11 13:03:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 13:02:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 13:02:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/09/11 07:50:02 | 000,002,042 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\CrystalDiskInfo.lnk
[2011/09/11 03:54:02 | 000,000,218 | ---- | M] () -- C:\Users\Kevin\.recently-used.xbel
[2011/09/10 23:06:02 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 12.lnk
[2011/09/10 21:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-479026946-3727890073-4004865074-1000Core.job
[2011/09/10 20:17:33 | 000,874,096 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/10 20:17:33 | 000,728,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/10 20:17:33 | 000,145,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/10 19:13:23 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Documents\Desktop\tdsskiller.exe
[2011/09/10 17:27:11 | 000,000,107 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/10 16:06:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/10 16:06:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/10 14:51:13 | 1084,686,336 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Reunion.iso
[2011/09/10 14:26:38 | 000,030,649 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\regserv error.PNG
[2011/09/10 14:06:33 | 000,027,459 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\combofix error.PNG
[2011/09/10 14:05:03 | 004,201,507 | R--- | M] (Swearware) -- C:\Users\Kevin\Documents\Desktop\ComboFix.exe
[2011/09/09 16:13:20 | 000,014,705 | ---- | M] () -- C:\Users\Kevin\Documents\Print Order # 400192930 - Grasscity.pdf
[2011/09/09 13:30:03 | 069,780,598 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Just Fiddling Around - Silly [09;23;01].wav
[2011/09/09 13:29:53 | 069,119,302 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Celebration - Invitation [03;23;03].wav
[2011/09/09 13:29:53 | 039,002,462 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Lavender Waltz - Memories [00;00;00].wav
[2011/09/09 04:13:33 | 000,002,950 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\gourmania3.exe - Shortcut.lnk
[2011/09/08 23:18:10 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\dupeGuru.lnk
[2011/09/08 16:22:19 | 186,051,992 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Family Reuniuon.aiff
[2011/09/08 10:12:20 | 000,143,984 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2011/09/07 18:57:45 | 000,028,216 | ---- | M] () -- C:\Users\Kevin\Documents\xplorer2backup.reg
[2011/09/07 16:10:35 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011/09/07 16:00:48 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/09/07 15:11:42 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/09/07 14:48:42 | 000,079,888 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2011/09/07 14:33:53 | 001,453,512 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Family Reuniuon.aiff.sfk
[2011/09/07 12:20:18 | 000,268,552 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\PDBoot.exe
[2011/09/07 03:54:42 | 000,001,084 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/09/07 03:52:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/09/07 03:52:53 | 000,886,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/07 03:52:48 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/09/06 16:56:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Documents\Desktop\dds.scr
[2011/09/06 12:54:49 | 003,715,072 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\kevin.osd.bin
[2011/09/06 11:05:50 | 109,212,672 | ---- | M] (VMware, Inc.) -- C:\Users\Kevin\Documents\VMware-player-3.1.4-385536.exe
[2011/09/06 09:59:27 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kevin\Documents\Desktop\GooredFix.exe
[2011/09/05 23:13:19 | 000,060,928 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 20:54:06 | 082,153,680 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Lavender Waltz - Memories.wav
[2011/09/05 15:16:18 | 000,000,107 | ---- | M] () -- C:\Windows\IfoEdit.INI
[2011/09/05 11:49:00 | 000,001,456 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/03 09:56:58 | 000,000,763 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Fausolds_3_956-58620.EDL
[2011/09/03 09:36:22 | 000,238,841 | ---- | M] () -- C:\Users\Kevin\Documents\PDR.dmp
[2011/09/02 22:40:10 | 001,583,296 | ---- | M] () -- C:\Users\Kevin\Documents\Copy of VTS_01_1.mpeg.sfk
[2011/09/02 22:40:10 | 000,000,242 | ---- | M] () -- C:\Users\Kevin\Documents\Copy of VTS_01_1.mpeg.sfl
[2011/09/02 21:58:45 | 000,007,667 | ---- | M] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg
[2011/09/02 21:01:14 | 000,010,767 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Fausold Memories DVDs - Shortcut.lnk
[2011/09/02 02:25:31 | 000,000,106 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/02 02:24:25 | 000,001,288 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Helium Music Manager 8.lnk
[2011/09/02 02:24:25 | 000,001,270 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Helium Music Manager 8.lnk
[2011/09/01 22:24:37 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/09/01 16:12:33 | 005,298,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/31 23:51:01 | 000,596,607 | ---- | M] () -- C:\Users\Kevin\Documents\Mouse red round icon.psd
[2011/08/31 23:31:34 | 000,208,838 | ---- | M] () -- C:\Users\Kevin\Documents\My Android Token.psd
[2011/08/31 22:32:32 | 000,243,025 | ---- | M] () -- C:\Users\Kevin\Documents\Mouse face icon square.psd
[2011/08/31 16:06:39 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/31 16:06:38 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/31 16:04:54 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/31 13:19:54 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/08/31 12:27:33 | 000,001,617 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\DivX Movies.lnk
[2011/08/30 07:58:55 | 000,374,029 | ---- | M] () -- C:\Users\Kevin\Documents\ReportStep1__Create.xml
[2011/08/30 06:32:29 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.lnk
[2011/08/30 06:26:13 | 000,016,604 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011/08/30 05:22:44 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/30 01:41:23 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/08/29 21:24:01 | 000,002,260 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Gourmania.lnk
[2011/08/28 03:49:45 | 005,384,899 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\ReelTime Music.psd
[2011/08/27 19:08:56 | 000,039,172 | ---- | M] () -- C:\Users\Kevin\Documents\medical-cards.jpg
[2011/08/26 22:17:50 | 000,036,813 | ---- | M] () -- C:\Users\Kevin\Documents\TBS Cover.drc
[2011/08/26 12:59:13 | 000,001,350 | ---- | M] () -- C:\Users\Kevin\Documents\new simple.q2d
[2011/08/26 12:22:58 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Quick 3D Cover.lnk
[2011/08/26 00:41:30 | 000,001,921 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\coverXP.lnk
[2011/08/25 23:54:20 | 000,275,903 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\stark cd.png
[2011/08/25 23:54:20 | 000,000,132 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/25 20:48:02 | 000,061,440 | ---- | M] () -- C:\Users\Kevin\Documents\Book 1.indb
[2011/08/25 06:27:29 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/08/25 06:27:11 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/08/25 06:26:59 | 004,022,504 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/08/25 06:26:58 | 000,017,950 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/08/25 06:26:21 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/08/25 05:41:00 | 000,034,138 | ---- | M] () -- C:\Users\Kevin\Documents\kmf medical cards.jpg
[2011/08/25 05:18:40 | 000,002,901 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/08/25 05:18:26 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.bmp
[2011/08/25 05:13:43 | 000,003,071 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/08/25 05:12:41 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2011/08/25 00:42:11 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/08/24 22:09:35 | 000,005,061 | ---- | M] () -- C:\Users\Kevin\Documents\ny.ncor
[2011/08/24 11:29:45 | 004,132,566 | ---- | M] () -- C:\Users\Kevin\Documents\Cylent 590 x 600 placement screen.psd
[2011/08/23 19:40:41 | 000,001,047 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\SABnzbd.lnk
[2011/08/23 17:46:25 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\dupeGuru ME.lnk
[2011/08/23 14:20:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/08/23 12:46:33 | 001,062,040 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\imandix cover sheet.psd
[2011/08/22 21:06:39 | 042,519,739 | ---- | M] () -- C:\Users\Kevin\Documents\FolderSizes Scan Data.xml
[2011/08/22 08:36:06 | 000,004,280 | ---- | M] () -- C:\Users\Kevin\Documents\WDTB bin creation.rtf
[2011/08/21 21:23:03 | 000,001,357 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2011/08/20 03:22:01 | 000,000,602 | ---- | M] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011/08/20 03:18:18 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Singular (Emacs and X-Server).lnk
[2011/08/20 03:18:17 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\Singular (rxvt).lnk
[2011/08/20 03:18:17 | 000,000,673 | ---- | M] () -- C:\Users\Public\Desktop\Singular (Terminal).lnk
[2011/08/20 01:25:58 | 000,015,295 | ---- | M] () -- C:\Users\Kevin\Documents\WDTB%20bin%20creation.rtf_0.odt
[2011/08/19 21:55:23 | 000,526,597 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\welcome_background_bg.png
[2011/08/19 20:03:57 | 000,424,017 | ---- | M] () -- C:\Users\Kevin\Documents\StyleiT Samples.pdf
[2011/08/17 23:06:21 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011/08/17 23:05:40 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011/08/17 23:05:40 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011/08/17 23:05:32 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/08/17 22:16:39 | 000,001,542 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.0.0 Professional Edition.lnk
[2011/08/17 11:52:26 | 000,000,600 | ---- | M] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2011/08/15 14:32:08 | 000,320,816 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll
[2011/08/15 13:17:16 | 000,003,073 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\Mobipocket Reader.lnk
[2011/08/15 11:20:13 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/08/15 03:49:51 | 000,020,039 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\a D Knight pig-hole.jpg
[2011/08/14 21:21:28 | 028,343,676 | ---- | M] () -- C:\Users\Kevin\Documents\TAL Aug 14 443.mp3
[2011/08/14 19:24:27 | 000,000,000 | -H-- | M] () -- C:\Users\Kevin\.BridgeLabelsAndRatings
[2011/08/14 17:36:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/13 11:28:01 | 000,005,077 | ---- | M] () -- C:\Users\Kevin\Documents\Wicked Murney.ncor
[2011/08/13 04:25:15 | 000,000,664 | ---- | M] () -- C:\Users\Kevin\Documents\Desktop\eXtreme Movie Manager.lnk
[2011/08/13 00:08:52 | 000,557,568 | ---- | M] () -- C:\Windows\SysWow64\qeditold.dll
[2011/08/12 22:59:34 | 000,001,745 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2011/08/12 22:59:24 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.bmp
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 07:50:02 | 000,002,042 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\CrystalDiskInfo.lnk
[2011/09/11 03:54:02 | 000,000,218 | ---- | C] () -- C:\Users\Kevin\.recently-used.xbel
[2011/09/10 23:01:56 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 12.lnk
[2011/09/10 23:01:56 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\PerfectDisk 12.lnk
[2011/09/10 21:29:52 | 000,092,436 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\welcome_background_bg_New1.jpg
[2011/09/10 14:50:50 | 1084,686,336 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Reunion.iso
[2011/09/10 14:26:38 | 000,030,649 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\regserv error.PNG
[2011/09/10 14:06:33 | 000,027,459 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\combofix error.PNG
[2011/09/10 09:35:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/10 09:35:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/10 09:35:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/10 09:35:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/10 09:35:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/09 16:13:20 | 000,014,705 | ---- | C] () -- C:\Users\Kevin\Documents\Print Order # 400192930 - Grasscity.pdf
[2011/09/09 13:29:21 | 069,780,598 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Just Fiddling Around - Silly [09;23;01].wav
[2011/09/09 13:29:02 | 069,119,302 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Celebration - Invitation [03;23;03].wav
[2011/09/09 13:28:52 | 039,002,462 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Lavender Waltz - Memories [00;00;00].wav
[2011/09/09 04:13:33 | 000,002,950 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\gourmania3.exe - Shortcut.lnk
[2011/09/08 23:18:10 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\dupeGuru.lnk
[2011/09/08 10:27:16 | 000,001,065 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk
[2011/09/07 18:57:45 | 000,028,216 | ---- | C] () -- C:\Users\Kevin\Documents\xplorer2backup.reg
[2011/09/07 16:00:48 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/09/07 15:11:42 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/09/07 14:29:04 | 001,453,512 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Family Reuniuon.aiff.sfk
[2011/09/07 03:54:42 | 000,001,084 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2011/09/07 03:52:48 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/09/06 22:11:33 | 186,051,992 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Family Reuniuon.aiff
[2011/09/06 12:54:49 | 003,715,072 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\kevin.osd.bin
[2011/09/06 11:07:07 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/09/05 20:18:19 | 082,153,680 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Lavender Waltz - Memories.wav
[2011/09/03 16:06:59 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/03 16:06:59 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/03 09:56:58 | 000,000,763 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Fausolds_3_956-58620.EDL
[2011/09/03 09:38:04 | 977,399,808 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Fausolds.mpeg
[2011/09/02 22:23:03 | 000,000,242 | ---- | C] () -- C:\Users\Kevin\Documents\Copy of VTS_01_1.mpeg.sfl
[2011/09/02 22:02:29 | 001,583,296 | ---- | C] () -- C:\Users\Kevin\Documents\Copy of VTS_01_1.mpeg.sfk
[2011/09/02 21:53:25 | 1071,501,312 | ---- | C] () -- C:\Users\Kevin\Documents\Copy of VTS_01_1.mpeg
[2011/09/02 21:01:14 | 000,010,767 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Fausold Memories DVDs - Shortcut.lnk
[2011/09/02 02:25:31 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/01 22:24:37 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2011/09/01 16:15:08 | 000,000,999 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/08/31 23:51:01 | 000,596,607 | ---- | C] () -- C:\Users\Kevin\Documents\Mouse red round icon.psd
[2011/08/31 23:31:34 | 000,208,838 | ---- | C] () -- C:\Users\Kevin\Documents\My Android Token.psd
[2011/08/31 22:20:01 | 000,243,025 | ---- | C] () -- C:\Users\Kevin\Documents\Mouse face icon square.psd
[2011/08/31 17:54:16 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/31 16:04:54 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/31 13:19:54 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/08/31 12:27:33 | 000,001,617 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\DivX Movies.lnk
[2011/08/30 07:58:45 | 000,374,029 | ---- | C] () -- C:\Users\Kevin\Documents\ReportStep1__Create.xml
[2011/08/30 06:32:29 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Dell Printer Supplies - Inkjet.lnk
[2011/08/30 06:22:48 | 000,619,008 | ---- | C] () -- C:\Windows\SysNative\dlcdutil.dll
[2011/08/30 06:22:48 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\dlcdinst.dll
[2011/08/30 06:22:47 | 000,257,112 | ---- | C] () -- C:\Windows\SysNative\dlcdhelp.chm
[2011/08/30 06:22:47 | 000,218,624 | ---- | C] () -- C:\Windows\SysNative\dlcdins.dll
[2011/08/30 06:22:47 | 000,160,768 | ---- | C] () -- C:\Windows\SysNative\dlcdinsb.dll
[2011/08/30 06:22:47 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dlcdjswr.dll
[2011/08/30 06:22:47 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\dlcdcu.dll
[2011/08/30 06:22:47 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\dlcdinsr.dll
[2011/08/30 06:22:47 | 000,068,608 | ---- | C] () -- C:\Windows\SysNative\dlcdcub.dll
[2011/08/30 06:22:47 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\dlcdcur.dll
[2011/08/30 06:22:46 | 000,059,392 | ---- | C] () -- C:\Windows\SysNative\dlcdcfg.dll
[2011/08/30 06:22:46 | 000,002,123 | ---- | C] () -- C:\Windows\SysNative\dlcd.loc
[2011/08/30 05:22:44 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/30 01:41:23 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Rio.lnk
[2011/08/29 21:24:01 | 000,002,260 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Gourmania.lnk
[2011/08/28 02:57:28 | 005,384,899 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\ReelTime Music.psd
[2011/08/27 19:08:56 | 000,039,172 | ---- | C] () -- C:\Users\Kevin\Documents\medical-cards.jpg
[2011/08/27 17:42:05 | 000,034,138 | ---- | C] () -- C:\Users\Kevin\Documents\kmf medical cards.jpg
[2011/08/26 22:17:50 | 000,036,813 | ---- | C] () -- C:\Users\Kevin\Documents\TBS Cover.drc
[2011/08/26 12:59:13 | 000,001,350 | ---- | C] () -- C:\Users\Kevin\Documents\new simple.q2d
[2011/08/26 12:22:58 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Quick 3D Cover.lnk
[2011/08/26 00:41:30 | 000,001,921 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\coverXP.lnk
[2011/08/25 23:54:18 | 000,275,903 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\stark cd.png
[2011/08/25 20:48:02 | 000,061,440 | ---- | C] () -- C:\Users\Kevin\Documents\Book 1.indb
[2011/08/24 22:09:34 | 000,005,061 | ---- | C] () -- C:\Users\Kevin\Documents\ny.ncor
[2011/08/24 11:23:26 | 004,132,566 | ---- | C] () -- C:\Users\Kevin\Documents\Cylent 590 x 600 placement screen.psd
[2011/08/23 19:40:41 | 000,001,047 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\SABnzbd.lnk
[2011/08/23 17:46:25 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\dupeGuru ME.lnk
[2011/08/23 14:20:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/08/23 12:46:31 | 001,062,040 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\imandix cover sheet.psd
[2011/08/22 21:06:32 | 042,519,739 | ---- | C] () -- C:\Users\Kevin\Documents\FolderSizes Scan Data.xml
[2011/08/21 22:19:07 | 000,015,295 | ---- | C] () -- C:\Users\Kevin\Documents\WDTB%20bin%20creation.rtf_0.odt
[2011/08/21 21:23:03 | 000,001,357 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2011/08/20 03:22:01 | 000,000,602 | ---- | C] () -- C:\Users\Public\Desktop\Cygwin.lnk
[2011/08/20 03:18:18 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Singular (Emacs and X-Server).lnk
[2011/08/20 03:18:17 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\Singular (rxvt).lnk
[2011/08/20 03:18:17 | 000,000,673 | ---- | C] () -- C:\Users\Public\Desktop\Singular (Terminal).lnk
[2011/08/20 00:52:49 | 000,004,280 | ---- | C] () -- C:\Users\Kevin\Documents\WDTB bin creation.rtf
[2011/08/19 21:55:22 | 000,526,597 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\welcome_background_bg.png
[2011/08/19 20:03:53 | 000,424,017 | ---- | C] () -- C:\Users\Kevin\Documents\StyleiT Samples.pdf
[2011/08/17 22:16:39 | 000,001,542 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.0.0 Professional Edition.lnk
[2011/08/17 22:16:37 | 003,320,192 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2011/08/17 22:16:37 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/08/17 22:16:37 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2011/08/17 22:16:37 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/08/17 22:16:37 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2011/08/17 22:16:36 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/08/17 22:16:36 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2011/08/17 22:16:36 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/08/17 22:16:36 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2011/08/17 22:16:36 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/08/15 21:47:24 | 000,323,499 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\ZZZwelcome_background_bg.png
[2011/08/15 13:17:16 | 000,003,073 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\Mobipocket Reader.lnk
[2011/08/15 03:52:00 | 000,020,039 | ---- | C] () -- C:\Users\Kevin\Documents\Desktop\a D Knight pig-hole.jpg
[2011/08/14 21:21:27 | 028,343,676 | ---- | C] () -- C:\Users\Kevin\Documents\TAL Aug 14 443.mp3
[2011/08/14 19:24:27 | 000,000,000 | -H-- | C] () -- C:\Users\Kevin\.BridgeLabelsAndRatings
[2011/08/13 11:28:01 | 000,005,077 | ---- | C] () -- C:\Users\Kevin\Documents\Wicked Murney.ncor
[2011/08/13 00:17:11 | 000,557,568 | ---- | C] () -- C:\Windows\SysWow64\qeditold.dll
[2011/08/12 01:07:38 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\favorites.dat
[2011/08/12 01:07:04 | 000,000,138 | ---- | C] () -- C:\Windows\SysWow64\diacchars.dat
[2011/08/08 07:23:41 | 000,000,000 | ---- | C] () -- C:\Windows\SUFDesign.INI
[2011/06/28 13:11:43 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2011/06/11 05:45:15 | 000,000,120 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\FixVTS.ini
[2011/06/10 16:32:29 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2011/06/07 02:24:00 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011/06/07 02:24:00 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011/06/07 02:24:00 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011/06/07 02:24:00 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011/06/07 02:24:00 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011/06/07 02:09:53 | 000,000,631 | ---- | C] () -- C:\Windows\checkip.dat
[2011/06/06 05:17:51 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2011/06/04 23:12:46 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcdinst.dll
[2011/06/04 23:12:45 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\dlcdutil.dll
[2011/06/04 23:12:45 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcdinsb.dll
[2011/06/04 23:12:45 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\dlcdins.dll
[2011/06/04 23:12:45 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\dlcdjswr.dll
[2011/06/04 23:12:45 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcdinsr.dll
[2011/06/04 23:12:45 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcdcub.dll
[2011/06/04 23:12:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcdcu.dll
[2011/06/04 23:12:45 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcdcur.dll
[2011/06/04 23:12:43 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dlcdcfg.dll
[2011/05/26 12:41:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/23 06:15:59 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND
[2011/05/21 14:30:00 | 000,004,704 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/05/21 14:30:00 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\2DB95839D8.sys
[2011/05/21 10:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2011/05/20 19:50:13 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/16 23:16:17 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/05/11 22:44:01 | 000,001,189 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\vso_ts_preview.xml
[2011/05/11 22:43:10 | 000,007,859 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.cat
[2011/05/11 22:43:10 | 000,001,167 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.inf
[2011/05/11 11:13:00 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/05/11 05:41:04 | 000,003,117 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/05/11 05:36:17 | 000,002,915 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Bench Mark Test.dat
[2011/05/11 05:35:21 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/05/11 05:34:50 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/05/10 16:29:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/05/04 10:57:01 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2011/05/02 19:51:20 | 000,001,265 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
[2011/05/02 19:50:06 | 000,003,334 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2011/04/29 08:02:41 | 000,003,627 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2011/04/23 22:33:53 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/04/19 08:57:53 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/04/02 01:13:39 | 000,000,067 | ---- | C] () -- C:\Windows\ProductKeyExplorer.INI
[2011/04/02 00:39:26 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\v3shrtkgn.dll
[2011/04/01 21:37:34 | 000,002,918 | ---- | C] () -- C:\Windows\Tablet10000x6583M.ini
[2011/03/29 02:20:11 | 000,001,456 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/28 20:01:47 | 000,060,928 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 11:40:38 | 000,290,816 | ---- | C] () -- C:\Windows\Uninstall.exe
[2011/03/28 11:40:38 | 000,057,344 | ---- | C] () -- C:\Windows\HAJEInstall.dll
[2011/03/28 02:21:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/28 02:21:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/27 17:55:57 | 000,000,132 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/26 13:14:27 | 000,196,408 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/03/22 23:37:59 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/03/22 23:35:25 | 000,003,921 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis aoTuV Encoder.dat
[2011/03/22 23:29:55 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/22 23:29:12 | 000,003,181 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2011/03/22 22:43:41 | 000,011,062 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dMC Sveta Portable Audio.dat
[2011/03/22 22:42:06 | 000,005,477 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/03/22 22:40:21 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2011/03/22 22:40:18 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/22 22:40:17 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/22 22:40:16 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/22 22:40:09 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/03/22 22:40:08 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/22 22:40:01 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/22 22:39:55 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/03/22 22:39:49 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/22 22:39:42 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/22 22:39:36 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/22 21:14:41 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/22 21:14:37 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/22 21:14:37 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/21 04:42:35 | 000,007,667 | ---- | C] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg
[2011/03/21 02:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/19 11:31:16 | 000,886,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/03 12:49:18 | 000,011,057 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp2824.jpg
[2010/10/03 12:49:08 | 000,016,965 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp2823.jpg
[2010/10/03 12:29:22 | 000,022,777 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp2812.jpg
[2010/10/03 12:27:28 | 000,029,169 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp2802.jpg
[2010/10/03 12:25:40 | 000,021,000 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp27F1.jpg
[2010/10/03 12:18:38 | 000,024,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp27AF.jpg
[2010/10/03 12:18:18 | 000,022,310 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp27CF.jpg
[2010/10/03 12:18:00 | 000,022,209 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp278D.jpg
[2010/10/03 12:17:40 | 000,021,375 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp279E.jpg
[2010/10/03 12:16:50 | 000,027,839 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp27DF.jpg
[2010/10/03 12:16:36 | 000,027,303 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp27F0.jpg
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/01 10:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\SysWow64\whlpdms32a.dll
[2010/04/14 16:20:06 | 000,029,871 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp277D.png
[2010/03/14 09:52:50 | 000,029,754 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp78A5.bmp
[2010/03/14 09:52:50 | 000,029,754 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Temptmp351.bmp
[2009/10/06 14:46:44 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2009/08/06 13:48:30 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/05/10 11:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe
[2003/10/06 04:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[1998/05/05 22:19:58 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll

========== Files - Unicode (All) ==========
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4???????????????????????????4??????????????????????????????????3??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㌲ⴠ传⁨片慥⁴潇⁤晏倠睯牥䴭湡档獥整⁲湅汧湡⁤剛灥楲敳⁝牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4????????????????????????????????????????????4????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㔳ⴠ吠敨䘠敬桳䘠楡畬敲⵳祅獥䰠潯潙牵䰠獡⵴敌⁴桔⁥畓桓湩⁥湉ⴠ䈠潲摡慷⁹敒楶慶慃瑳洮㍰Ȁ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㤲ⴠ䘠畯⁲捓牯ⵥ扁敩䈠扡⁹牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㜲ⴠ䴠湩敵⵴晁楲慣牄浵⁳牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝ㄳⴠ吠牨敥䘭癩ⵥ敚潲娭牥牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4????????????????????????????????????????????????3????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㌳ⴠ䜠潯⁤潍湲湩⁧瑓牡桳湩⁥牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4???????????????????????????4??????????????????????????????????3??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㌲ⴠ传⁨片慥⁴潇⁤晏倠睯牥䴭湡档獥整⁲湅汧湡⁤剛灥楲敳⁝牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4????????????????????????????????????????????4????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㔳ⴠ吠敨䘠敬桳䘠楡畬敲⵳祅獥䰠潯潙牵䰠獡⵴敌⁴桔⁥畓桓湩⁥湉ⴠ䈠潲摡慷⁹敒楶慶慃瑳洮㍰Ȁ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㤲ⴠ䘠畯⁲捓牯ⵥ扁敩䈠扡⁹牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㜲ⴠ䴠湩敵⵴晁楲慣牄浵⁳牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4???????????????????????????????????????????????3?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝ㄳⴠ吠牨敥䘭癩ⵥ敚潲娭牥牂慯睤祡删癥癩污䌠獡⹴灭3圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:33 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4????????????????????????????????????????????????3????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㌳ⴠ䜠潯⁤潍湲湩⁧瑓牡桳湩⁥牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:32 | 000,001,202 | ---- | M] ()(C:\Windows\SysNative\??????4??????????????????????????????????????????????3??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㤰ⴠ䄠湩琧䜠瑯丠片獡⁳牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk
[2011/04/18 21:15:32 | 000,001,202 | ---- | C] ()(C:\Windows\SysNative\??????4??????????????????????????????????????????????3??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.??.lnk) -- C:\Windows\SysNative\㩈䵜獵捩䍜獡⁴敒潣摲湩獧䡜楡⁲呛敨㈠〰牂慯睤祡删癥癩污屝㤰ⴠ䄠湩琧䜠瑯丠片獡⁳牂慯睤祡删癥癩污䌠獡⹴灭3Ƀ圸Ƀ器Ƀ喘Ƀ哈Ƀ司Ƀ匨Ƀ剘Ƀ冈Ƀ傸Ƀ俨Ƀ䵸Ƀ优Ƀ么Ƀ䯘Ƀ䲨Ƀ煸ɂ炨ɂ漈ɂ濘ɂ游ɂ浨ɂ沘ɂ毈ɂ櫸ɂ樨ɂ楘ɂ梈ɂ枸ɂ曨ɂ昘ɂ效ɂ摸ɂ胄祼鿨蠀䄱㈱㐰㔲㌫㘴㈱⬴㜳ㄫ〵ㄫ㤴㐶㈫㔴ㄹ㈫㘸㜷㌫〳ㄸ㌫㔸㐵㐫㤳㘲㐫㠸㔲㔫㌴〶㘫㔲㘴㘫㈹〴㜫㘲〹㠫㌶㠷㤫㄰ㄲ㤫㈹ㄷㄫ㌱㠹⬷㈱㤱㌳ㄫ㔳㤷⬶㐱〵㈲ㄫ㐵ㄱ⬱㜱㜱.胧祼.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DEDEE4A9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0CE7F3C9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C5760A8B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FBFE8C4E
@Alternate Data Stream - 1194 bytes -> C:\ProgramData\Microsoft:mTf5qGvGeQ4AEIQrpFenpF
@Alternate Data Stream - 1000 bytes -> C:\ProgramData\Microsoft:ukYwsOZWS9PRUigVgLloVQoKa

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 September 2011 - 07:33 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - Reg Error: Key error. File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O34 - HKLM BootExecute: (PDBoot.exe) - File not found
    O34 - HKLM BootExecute: (lsdelete) - File not found
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DEDEE4A9
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0CE7F3C9
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C5760A8B
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FBFE8C4E
    @Alternate Data Stream - 1194 bytes -> C:\ProgramData\Microsoft:mTf5qGvGeQ4AEIQrpFenpF
    @Alternate Data Stream - 1000 bytes -> C:\ProgramData\Microsoft:ukYwsOZWS9PRUigVgLloVQoKa
    FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/08/17 23:06:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/08/17 23:06:58 | 000,000,000 | ---D | M]
    [2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
    [2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
    [2011/05/16 06:35:14 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY] 
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS] 
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Edited by gringo_pr, 12 September 2011 - 12:34 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 12 September 2011 - 10:17 AM

Gringo:
This has been running for close to 90 minutes with the bottom of the window status reading
Processing PRC - file not found
The program also indicates it is Not Responding but I know oftem programs are running when Windows tell you otherwise.

I ask because I did ran the first OTL and then had dinner and not sure how long the run took.
Thanks
Kevin

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 September 2011 - 12:35 PM

ok stop it and rerun the script I have removed that part and see if it moves on



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kmf07302

kmf07302
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 12 September 2011 - 12:55 PM

It certainly did move on.....here you are:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\Windows\SysNative\igfxdev.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:PDBoot.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
ADS C:\ProgramData\sdpsenv.dat:naughtypirates deleted successfully.
ADS C:\ProgramData\Temp:DEDEE4A9 deleted successfully.
ADS C:\ProgramData\Temp:0CE7F3C9 deleted successfully.
ADS C:\ProgramData\Temp:C5760A8B deleted successfully.
ADS C:\ProgramData\Temp:FBFE8C4E deleted successfully.
ADS C:\ProgramData\Microsoft:mTf5qGvGeQ4AEIQrpFenpF deleted successfully.
ADS C:\ProgramData\Microsoft:ukYwsOZWS9PRUigVgLloVQoKa deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components not found.
File HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins not found.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc\components folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform\WINNT_x86-msvc folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\platform folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM folder moved successfully.
127.0.0.1 activate.adobe.com removed from HOSTS file successfully
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kevin\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\Kevin\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Kevin
->Temp folder emptied: 97263495 bytes
->Temporary Internet Files folder emptied: 63921945 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57760800 bytes
->Google Chrome cache emptied: 354839515 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 73115 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 434176 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5138432 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 725470 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3351029 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 557.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Kevin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09122011_134522

Files\Folders moved on Reboot...
C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3256.log moved successfully.
File move failed. C:\Windows\temp\adb.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:45 AM

Posted 12 September 2011 - 03:14 PM

Hello

How are things running now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users