Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log Result ofter running combofix


  • This topic is locked This topic is locked
16 replies to this topic

#1 badex09

badex09

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 03 April 2012 - 05:09 AM

Lately my pc has been behaving strangely. I experience dns error while browsing and my sound output om media player scratches while audio output on my smplayer works fine. i have attached the log generated after running combofix.
hope to hear from you soon

Attached Files

  • Attached File  log.txt   22.69KB   3 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 PM

Posted 09 April 2012 - 05:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448670 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 09 April 2012 - 06:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 April 2012 - 07:07 AM

Thank you for your response.
It seems my computer has problem resolving DNS. e.g. I use VPN service and if the VPN "web address" is not changed into IP format, its not going to connect; also some sites (e.g yahoo.com) do not open on my browser (chrome). My audio also makes scratching sound after playing music for a while or when i'm running many applications at the same time.

Here is the log result after running DDS:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Bade at 12:57:17 on 2012-04-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1789.755 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Outlook Messenger\OutlookMessenger.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\Bade\AppData\Roaming\GLO NETPRO\ouc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\GLO NETPRO\GLO NETPRO.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Expat Shield\bin\openvpntray.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Expat Shield\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Expat Shield\bin\fbw.exe
C:\Program Files\Livestation\Livestation.exe
C:\Windows\system32\rundll32.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 213.41.71.164:80
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [OutlookMessenger] "c:\program files\outlook messenger\OutlookMessenger.exe" /m
uRun: [HW_OPENEYE_OUC_GLO NETPRO] "c:\program files\glo netpro\updatedog\ouc.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: Interfaces\{1DFDDE22-09AC-4758-8DDC-EB6A1D75E3F8} : NameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{611D7CB1-9535-42C6-AE41-054F33AD96E2} : NameServer = 0.0.0.0 0.0.0.0
TCP: Interfaces\{AC932B96-3ED9-4893-ABEC-CB659DBA7F08} : NameServer = 10.197.80.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bade\appdata\roaming\mozilla\firefox\profiles\m74pg8v2.default\
FF - prefs.js: browser.search.selectedEngine - Arccosine
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8888
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8888
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8888
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8888
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit phantompdf\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\bade\appdata\local\facebook\messenger\2.0.4447.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\bade\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-18 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R1 WinFLAdrv;WinFLAdrv;c:\windows\system32\WinFLAdrv.sys [2012-3-18 29584]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-18 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-18 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-18 74640]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2012-1-17 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2012-1-5 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-3-16 91936]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [2012-3-18 188176]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-9 1529152]
R2 WinVDEDrv;WinVDEDrv;c:\windows\system32\WinVDEdrv.sys [2012-3-18 228112]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-5 5587456]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 210432]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-3-18 349184]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-3-18 73216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-3-18 102784]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\EXPATTrayService.exe [2012-1-17 77520]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0094.sys [2012-3-30 22000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-3-18 27192]
S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-9-2 13824]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-18 913752]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-5 176128]
S4 FLService;FLService;c:\windows\system32\WinFLService.exe [2012-3-18 91736]
S4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-18 129976]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S4 WinGateEngine;Qbik WinGate Engine; [x]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-04-08 23:39:43 -------- d-----w- c:\users\bade\appdata\local\Zattoo
2012-04-08 20:16:59 -------- d-----w- c:\users\bade\Livestation
2012-04-08 20:16:59 -------- d-----w- c:\users\bade\appdata\roaming\Mchid
2012-04-08 20:16:59 -------- d-----w- c:\users\bade\appdata\roaming\Livestation
2012-04-08 20:16:54 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-08 20:16:54 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-08 20:16:54 -------- d-----w- c:\program files\OpenAL
2012-04-08 20:16:36 -------- d-----w- c:\program files\Livestation
2012-04-08 19:53:36 -------- d-----w- c:\users\bade\appdata\local\InternetTV
2012-04-08 19:33:40 -------- d-----w- c:\program files\P2PFilter
2012-04-08 19:25:40 -------- d-----w- c:\users\bade\appdata\local\Readon_Technology
2012-04-08 13:23:14 -------- d-----w- c:\program files\Conduit
2012-04-08 13:23:13 -------- d-----w- c:\users\bade\appdata\local\Conduit
2012-04-08 13:23:12 -------- d-----w- c:\program files\uTorrentControl2
2012-04-08 13:22:01 -------- d-----w- c:\program files\uTorrent
2012-04-08 13:21:35 -------- d-----w- c:\users\bade\appdata\roaming\uTorrent
2012-04-08 13:16:04 -------- d-----w- c:\users\bade\appdata\roaming\Avant Downloader
2012-04-08 00:57:11 -------- d-----w- c:\program files\VideoLAN
2012-04-07 12:27:28 -------- d-----w- c:\users\bade\appdata\local\Google
2012-04-07 11:14:06 -------- d-----w- c:\users\bade\appdata\local\VNAP_SoftMark
2012-04-07 11:12:12 -------- d-----w- c:\program files\VNAP .NetBuster Proxy Pro
2012-04-06 21:16:27 -------- d-----w- c:\users\bade\appdata\roaming\Creative Software
2012-04-06 21:11:27 -------- d-----w- c:\program files\Hand-Crafted Software
2012-04-05 08:40:30 -------- d-----w- c:\program files\MSECache
2012-04-04 22:36:03 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e78cd5d6-33cc-4d94-a97a-97b3bf3b592e}\mpengine.dll
2012-04-03 08:44:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-03 08:36:22 98816 ----a-w- c:\windows\sed.exe
2012-04-03 08:36:22 518144 ----a-w- c:\windows\SWREG.exe
2012-04-03 08:36:22 256000 ----a-w- c:\windows\PEV.exe
2012-04-03 08:36:22 208896 ----a-w- c:\windows\MBR.exe
2012-04-03 00:14:29 -------- d-----w- c:\users\bade\appdata\roaming\WinBatch
2012-04-01 22:53:01 -------- d-----w- c:\users\bade\appdata\local\MPlayer
2012-04-01 22:51:01 -------- d-----w- c:\users\bade\.smplayer
2012-04-01 22:49:17 -------- d-----w- c:\program files\SMPlayer
2012-04-01 22:46:32 -------- d-----w- c:\users\bade\appdata\roaming\Win7codecs
2012-04-01 22:46:29 -------- d-----w- c:\program files\Win7codecs
2012-04-01 22:45:50 -------- d-----w- c:\programdata\Win7codecs
2012-04-01 19:54:02 -------- d-----w- c:\programdata\Freemake
2012-04-01 19:53:48 -------- d-----w- c:\program files\Freemake
2012-04-01 19:45:33 -------- d-----w- c:\users\bade\appdata\roaming\VS Revo Group
2012-04-01 19:33:30 -------- d-----w- c:\users\bade\appdata\roaming\DVDVideoSoft
2012-04-01 16:44:38 -------- d-----w- c:\users\bade\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2012-04-01 16:43:12 -------- d-----w- c:\users\bade\appdata\local\Adobe
2012-04-01 14:11:54 -------- d-----w- c:\program files\Google Books Downloader
2012-04-01 11:24:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-01 11:24:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 23:01:56 -------- d-----w- c:\users\bade\appdata\roaming\GPass
2012-03-31 20:08:30 -------- d-----w- C:\Expat Shield
2012-03-31 20:08:17 613704 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2012-03-31 20:08:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-03-31 20:08:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-03-31 20:08:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll
2012-03-31 20:08:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll
2012-03-31 20:08:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2012-03-31 20:08:16 -------- d-----w- c:\program files\Expat Shield
2012-03-31 19:52:32 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-30 13:29:01 -------- d-----w- c:\users\bade\appdata\local\wj32
2012-03-30 07:34:55 22000 ----a-w- c:\windows\system32\drivers\Neo_0094.sys
2012-03-29 22:34:54 22000 ----a-w- c:\windows\system32\drivers\Neo_0033.sys
2012-03-29 22:32:34 81920 ----a-w- c:\windows\system32\vpncmd.exe
2012-03-28 23:09:59 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2012-03-27 17:57:03 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-27 17:56:02 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2012-03-27 17:49:06 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2012-03-26 16:04:00 -------- d-----w- c:\users\bade\.swt
2012-03-26 13:34:42 74304 ----a-w- c:\windows\system32\rarepair.exe
2012-03-26 11:29:48 -------- d-----w- c:\windows\1CE60928832549A88B06633E48DD2B67.TMP
2012-03-26 03:02:14 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-26 03:01:32 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2012-03-26 02:58:56 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2012-03-26 02:58:49 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-03-26 02:30:24 -------- d-----w- c:\users\bade\appdata\roaming\TeamViewer
2012-03-26 00:50:54 -------- d-----w- c:\users\bade\appdata\local\ElevatedDiagnostics
2012-03-26 00:12:34 -------- d-----w- c:\users\bade\appdata\roaming\Qbik
2012-03-26 00:10:31 -------- d-----w- c:\windows\WinGate
2012-03-24 21:40:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-24 10:07:32 -------- d-----w- c:\users\bade\.tucan
2012-03-23 19:00:01 -------- d-----w- c:\users\bade\appdata\local\freeuser
2012-03-23 17:53:06 -------- d-----w- c:\users\bade\TapinRadio
2012-03-23 17:52:56 -------- d-----w- c:\program files\TapinRadio
2012-03-22 18:01:32 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-22 18:00:40 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-03-22 09:43:50 -------- d-----w- c:\windows\system32\directx
2012-03-21 16:27:07 -------- d-----w- c:\users\bade\appdata\local\Facebook
2012-03-20 12:09:22 -------- d-----w- c:\users\bade\appdata\local\Microsoft Games
2012-03-20 11:14:37 53248 ----a-w- c:\windows\system32\zlib.dll
2012-03-20 11:14:37 495616 ----a-w- c:\windows\system32\Scanner.dll
2012-03-20 11:14:37 4145264 ----a-w- c:\windows\system32\vbcorlib.dll
2012-03-20 11:14:37 24576 ----a-w- c:\windows\system32\CompressZItLib6.dll
2012-03-20 11:14:36 856064 ----a-w- c:\windows\system32\EvoVoIP.dll
2012-03-20 11:14:36 212240 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-03-20 11:14:36 131968 ----a-w- c:\windows\system32\DHTMLED.OCX
2012-03-20 11:14:36 109248 ----a-w- c:\windows\system32\mswinsck.ocx
2012-03-20 11:14:35 115920 ----a-w- c:\windows\system32\msinet.ocx
2012-03-20 11:14:34 -------- d-----w- c:\program files\Outlook Messenger
2012-03-18 22:44:09 -------- d-----w- c:\windows\Panther
2012-03-18 21:06:21 -------- d-----w- c:\users\bade\appdata\roaming\GlarySoft
2012-03-18 21:05:25 -------- d-----w- c:\program files\Glary Utilities
2012-03-18 20:55:03 -------- d-----w- c:\users\bade\appdata\roaming\GLO NETPRO
2012-03-18 20:54:14 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-03-18 20:54:14 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-03-18 20:54:14 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-03-18 20:54:14 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-03-18 20:54:14 349184 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-03-18 20:54:14 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-03-18 20:54:14 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-03-18 20:54:14 194816 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-03-18 20:54:14 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-03-18 20:54:14 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-03-18 20:54:14 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-03-18 20:54:14 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-03-18 20:53:42 -------- d-----w- c:\program files\GLO NETPRO
2012-03-18 20:13:28 -------- d-----w- c:\users\bade\appdata\local\ATI
2012-03-18 20:08:55 -------- d-----w- c:\program files\ATI
2012-03-18 20:08:32 -------- d-----w- c:\program files\ATI Technologies
2012-03-18 19:47:11 29584 ----a-w- c:\windows\system32\WinFLAdrv.sys
2012-03-18 19:47:09 188176 ----a-w- c:\windows\system32\WinVDEdrv6.sys
2012-03-18 19:47:07 228112 ----a-w- c:\windows\system32\WinVDEdrv.sys
2012-03-18 19:46:51 91736 ----a-w- c:\windows\system32\WinFLService.exe
2012-03-18 19:46:50 14936 ----a-w- c:\windows\system32\WinFLMsgService.exe
2012-03-18 19:46:49 40960 ----a-w- c:\windows\system32\nwsftUninstall.exe
2012-03-18 19:46:47 293976 ----a-w- c:\windows\system32\WinFLTray.exe
2012-03-18 19:46:46 293976 ----a-w- c:\windows\system32\WinFLTrayShred.exe
2012-03-18 19:46:45 479832 ----a-w- c:\windows\system32\WinFLCtxMenu.dll
2012-03-18 19:46:42 -------- d-----w- c:\program files\NewSoftware's
2012-03-18 19:44:47 -------- d-----w- C:\pes2010
2012-03-18 19:39:25 -------- d-----w- c:\users\bade\appdata\roaming\TeraCopy
2012-03-18 19:39:15 -------- d-----w- c:\program files\TeraCopy
2012-03-18 17:48:08 -------- d-----w- c:\users\bade\appdata\roaming\Autodesk
2012-03-18 17:48:08 -------- d-----w- c:\program files\AutoCAD 2008
2012-03-18 17:47:09 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2012-03-18 17:47:08 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2012-03-18 17:47:08 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2012-03-18 17:47:08 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2012-03-18 17:47:08 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2012-03-18 17:47:07 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2012-03-18 17:47:03 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2012-03-18 17:46:37 -------- d-----w- c:\users\bade\appdata\local\Autodesk
2012-03-18 17:46:37 -------- d-----w- c:\program files\common files\Autodesk Shared
2012-03-18 17:46:37 -------- d-----w- c:\program files\Autodesk
2012-03-18 17:07:45 -------- d-----w- c:\program files\Investintech.com Inc
2012-03-18 16:50:58 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-03-18 16:50:58 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-03-18 16:49:24 -------- d-----w- c:\program files\common files\L&H
2012-03-18 16:48:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-03-18 16:47:11 -------- d-----w- c:\windows\PCHEALTH
2012-03-18 16:36:43 -------- d-----r- c:\program files\Skype
2012-03-18 16:32:15 -------- d-----w- c:\programdata\Uninstall
2012-03-18 16:31:54 -------- d-----w- c:\users\bade\appdata\roaming\Roxio Log Files
2012-03-18 16:15:23 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-03-18 16:15:20 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-03-18 16:08:54 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-18 16:07:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-03-18 16:05:57 -------- d-----w- c:\users\bade\appdata\roaming\TuneUp Software
2012-03-18 16:05:22 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-03-18 16:04:36 -------- d-----w- c:\programdata\TuneUp Software
2012-03-18 16:04:20 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-18 16:00:11 -------- d-----w- c:\programdata\IObit
2012-03-18 15:59:54 -------- d-----w- c:\users\bade\appdata\roaming\IObit
2012-03-18 15:59:44 -------- d-----w- c:\program files\IObit
2012-03-18 15:57:12 -------- d-----w- c:\users\bade\appdata\local\VS Revo Group
2012-03-18 15:57:08 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-03-18 15:57:06 -------- d-----w- c:\program files\VS Revo Group
2012-03-18 15:55:12 -------- d-----w- c:\users\bade\appdata\roaming\Foxit Software
2012-03-18 15:51:13 -------- d-----w- c:\program files\CCleaner
2012-03-18 15:48:41 -------- d-----w- c:\users\bade\appdata\local\Apple Computer
2012-03-18 15:46:34 -------- d-----w- c:\users\bade\appdata\local\Apple
2012-03-18 15:40:54 -------- d-----w- c:\users\bade\appdata\local\Mozilla
2012-03-18 15:30:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-18 15:30:56 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 15:29:30 -------- d-----w- c:\users\bade\appdata\roaming\Avira
2012-03-18 15:23:47 -------- d-----w- c:\program files\Foxit Software
2012-03-18 15:15:02 -------- d-----w- c:\users\bade\appdata\roaming\IDM
2012-03-18 15:15:02 -------- d-----w- c:\users\bade\appdata\roaming\DMCache
2012-03-18 15:14:56 -------- d-----w- c:\program files\Internet Download Manager
2012-03-18 15:12:36 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-18 15:12:36 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-18 15:12:35 -------- d-----w- c:\programdata\Avira
2012-03-18 15:12:35 -------- d-----w- c:\program files\Avira
2012-03-18 15:02:48 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-18 14:58:13 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-03-18 14:54:53 -------- d-----w- c:\program files\Synaptics
2012-03-18 14:51:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-18 14:51:46 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-18 14:51:46 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-03-18 14:51:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-18 14:51:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-03-18 14:28:21 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-03-18 14:28:10 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-03-18 14:28:10 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-03-18 14:27:54 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-03-18 14:27:42 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-18 14:27:41 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 14:25:59 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-03-18 14:24:59 37376 ----a-w- c:\windows\system32\rtutils.dll
2012-03-18 14:23:54 738816 ----a-w- c:\windows\system32\wmpmde.dll
2012-03-18 14:23:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 14:23:53 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 14:23:53 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 14:19:06 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-18 14:17:15 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-18 14:17:15 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-18 14:17:15 107520 ----a-w- c:\windows\system32\cdd.dll
2012-03-18 14:00:53 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-03-18 14:00:53 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-03-18 13:58:49 -------- d-----w- c:\programdata\DatacardService
2012-03-18 13:54:37 -------- d-----w- c:\windows\system32\wbem\Performance
2012-03-18 13:52:37 -------- d-sh--w- c:\windows\Installer
2012-03-18 13:52:10 -------- d-----w- C:\system.sav
2012-03-16 11:08:36 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-03-15 21:26:18 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-15 06:40:28 4826112 ----a-w- c:\windows\system32\x264vfw.dll
.
==================== Find3M ====================
.
2012-02-15 10:00:00 1287168 ----a-w- c:\windows\system32\VSFilter.dll
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 14:21:20 913920 ----a-w- c:\windows\system32\lameACM.acm
.
============= FINISH: 12:58:19.69 ===============

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 09 April 2012 - 07:19 AM

Hi,

thanks for the explanation. I do need the OTL logs though, not the DDS one. :wink: Have you checked your DNS settings? Some of them seem to be set to 0.0.0.0.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 April 2012 - 07:32 AM

OTL REPORT


OTL.TXT


OTL logfile created on: 4/9/2012 1:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = D:\Softwares\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 36.30% Memory free
3.49 Gb Paging File | 1.87 Gb Available in Paging File | 53.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.04 Gb Total Space | 17.86 Gb Free Space | 44.60% Space Free | Partition Type: NTFS
Drive D: | 257.95 Gb Total Space | 123.09 Gb Free Space | 47.72% Space Free | Partition Type: NTFS
Drive F: | 22.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OMOTAYO | User Name: Bade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/09 13:13:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Softwares\Downloads\OTL.exe
PRC - [2012/04/09 13:10:54 | 000,302,592 | ---- | M] () -- D:\Softwares\Downloads\chmzdj5m.exe
PRC - [2012/03/26 03:18:05 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2012/03/18 21:53:53 | 000,122,880 | ---- | M] () -- C:\Program Files\GLO NETPRO\GLO NETPRO.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/02/09 14:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/02/09 14:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/17 22:20:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
PRC - [2012/01/17 22:15:44 | 000,331,608 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpnas.exe
PRC - [2012/01/17 22:14:42 | 000,599,880 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpn.exe
PRC - [2012/01/05 00:02:10 | 000,873,288 | ---- | M] () -- C:\Program Files\Expat Shield\bin\fbw.exe
PRC - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\hsswd.exe
PRC - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/02 17:31:12 | 007,237,632 | ---- | M] (Srimax Software System) -- C:\Program Files\Outlook Messenger\OutlookMessenger.exe
PRC - [2010/06/24 20:08:40 | 004,657,152 | ---- | M] (Livestation) -- C:\Program Files\Livestation\Livestation.exe
PRC - [2010/05/25 13:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Bade\AppData\Roaming\GLO NETPRO\ouc.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/09 13:10:54 | 000,302,592 | ---- | M] () -- D:\Softwares\Downloads\chmzdj5m.exe
MOD - [2012/04/05 07:21:43 | 000,441,840 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\ppgooglenaclpluginchrome.dll
MOD - [2012/04/05 07:21:42 | 003,921,904 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\pdf.dll
MOD - [2012/04/05 07:20:27 | 000,553,456 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\libglesv2.dll
MOD - [2012/04/05 07:20:26 | 000,117,744 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\libegl.dll
MOD - [2012/04/05 07:20:16 | 000,138,752 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\avutil-51.dll
MOD - [2012/04/05 07:20:15 | 000,235,008 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\avformat-54.dll
MOD - [2012/04/05 07:20:14 | 002,240,512 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\avcodec-54.dll
MOD - [2012/04/05 06:25:47 | 008,743,584 | ---- | M] () -- C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\gcswf32.dll
MOD - [2012/04/04 23:43:03 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012/04/04 23:42:59 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/04/04 23:42:51 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/03/18 21:53:53 | 000,122,880 | ---- | M] () -- C:\Program Files\GLO NETPRO\GLO NETPRO.exe
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/01/17 22:21:26 | 000,009,544 | ---- | M] () -- C:\Program Files\Expat Shield\bin\lang\gui-eng.dll
MOD - [2012/01/17 22:20:26 | 000,653,640 | ---- | M] () -- C:\Program Files\Expat Shield\bin\openvpntray.exe
MOD - [2012/01/05 00:02:10 | 000,873,288 | ---- | M] () -- C:\Program Files\Expat Shield\bin\fbw.exe
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/10/26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2010/05/12 02:20:18 | 004,691,987 | ---- | M] () -- C:\Program Files\Livestation\avcodec-52.dll
MOD - [2010/05/12 02:20:18 | 000,730,643 | ---- | M] () -- C:\Program Files\Livestation\avformat-52.dll
MOD - [2010/05/12 02:20:18 | 000,209,427 | ---- | M] () -- C:\Program Files\Livestation\swscale-0.dll
MOD - [2010/05/12 02:20:18 | 000,079,891 | ---- | M] () -- C:\Program Files\Livestation\avutil-50.dll
MOD - [2009/12/14 17:55:06 | 000,163,840 | ---- | M] () -- C:\Program Files\GLO NETPRO\SMSPlugin.dll
MOD - [2009/12/14 17:55:06 | 000,061,440 | ---- | M] () -- C:\Program Files\GLO NETPRO\XCodec.dll
MOD - [2009/12/14 17:55:04 | 000,585,728 | ---- | M] () -- C:\Program Files\GLO NETPRO\atcomm.dll
MOD - [2009/12/14 17:55:04 | 000,167,936 | ---- | M] () -- C:\Program Files\GLO NETPRO\DetectDev.dll
MOD - [2009/12/14 17:55:04 | 000,143,360 | ---- | M] () -- C:\Program Files\GLO NETPRO\LocaleMgrPlugin.dll
MOD - [2009/12/14 17:55:04 | 000,139,264 | ---- | M] () -- C:\Program Files\GLO NETPRO\NetInfoPlugin.dll
MOD - [2009/12/14 17:55:04 | 000,090,112 | ---- | M] () -- C:\Program Files\GLO NETPRO\FileManager.dll
MOD - [2009/12/14 17:55:04 | 000,090,112 | ---- | M] () -- C:\Program Files\GLO NETPRO\DialUpPlugin.dll
MOD - [2009/12/14 17:55:04 | 000,073,728 | ---- | M] () -- C:\Program Files\GLO NETPRO\CallPlugin.dll
MOD - [2009/12/14 17:55:04 | 000,061,440 | ---- | M] () -- C:\Program Files\GLO NETPRO\DeviceOperate.dll
MOD - [2009/12/14 17:55:04 | 000,061,440 | ---- | M] () -- C:\Program Files\GLO NETPRO\ConfigFilePlugin.dll
MOD - [2009/12/14 17:55:04 | 000,032,768 | ---- | M] () -- C:\Program Files\GLO NETPRO\NotifyServicePlugin.dll
MOD - [2009/12/14 17:55:04 | 000,014,848 | ---- | M] () -- C:\Program Files\GLO NETPRO\isaputrace.dll
MOD - [2009/12/10 15:04:22 | 000,229,376 | ---- | M] () -- C:\Program Files\GLO NETPRO\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 15:03:00 | 000,114,688 | ---- | M] () -- C:\Program Files\GLO NETPRO\DeviceMgrPlugin.dll
MOD - [2009/12/10 15:02:10 | 000,991,232 | ---- | M] () -- C:\Program Files\GLO NETPRO\NDISAPI.dll
MOD - [2009/11/15 23:41:56 | 002,121,728 | ---- | M] () -- C:\Program Files\Livestation\QtCore4.dll
MOD - [2009/11/04 15:11:32 | 000,536,576 | ---- | M] () -- C:\Program Files\Livestation\live555.dll
MOD - [2009/04/22 14:35:14 | 000,025,600 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qico4.dll
MOD - [2009/04/22 14:35:04 | 000,290,816 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qtiff4.dll
MOD - [2009/04/22 14:34:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qsvg4.dll
MOD - [2009/04/22 14:34:44 | 000,233,472 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qmng4.dll
MOD - [2009/04/22 14:34:24 | 000,021,504 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qgif4.dll
MOD - [2009/04/22 14:34:20 | 000,135,168 | ---- | M] () -- C:\Program Files\Livestation\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/22 14:30:12 | 009,187,328 | ---- | M] () -- C:\Program Files\Livestation\QtWebKit4.dll
MOD - [2009/04/22 13:13:34 | 000,266,240 | ---- | M] () -- C:\Program Files\Livestation\QtSvg4.dll
MOD - [2009/04/22 13:12:44 | 000,258,048 | ---- | M] () -- C:\Program Files\Livestation\phonon4.dll
MOD - [2009/04/22 13:07:14 | 000,446,464 | ---- | M] () -- C:\Program Files\Livestation\QtOpenGL4.dll
MOD - [2009/04/22 12:58:12 | 007,745,536 | ---- | M] () -- C:\Program Files\Livestation\QtGui4.dll
MOD - [2009/04/22 12:43:42 | 000,913,408 | ---- | M] () -- C:\Program Files\Livestation\QtNetwork4.dll
MOD - [2009/04/22 12:42:20 | 000,344,064 | ---- | M] () -- C:\Program Files\Livestation\QtXml4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WinGateEngine)
SRV - [2012/04/08 01:49:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/01 12:24:45 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/18 20:46:51 | 000,091,736 | ---- | M] (NewSoftwares.net, Inc.) [Disabled | Stopped] -- C:\Windows\System32\WinFLService.exe -- (FLService)
SRV - [2012/03/18 18:50:46 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 14:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/02/09 14:13:18 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/17 22:22:02 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/17 22:15:44 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/08/05 00:22:34 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bade\AppData\Local\Temp\uxtdapow.sys -- (uxtdapow)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bade\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/30 08:34:55 | 000,022,000 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Neo_0094.sys -- (Neo_VPN)
DRV - [2012/03/18 20:47:11 | 000,029,584 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\WinFLAdrv.sys -- (WinFLAdrv)
DRV - [2012/03/18 20:47:09 | 000,188,176 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinVDEdrv6.sys -- (NEWDRIVER)
DRV - [2012/03/18 20:47:07 | 000,228,112 | ---- | M] (NewSoftwares.net, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\WinVDEdrv.sys -- (WinVDEDrv)
DRV - [2012/03/15 22:26:18 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/02/08 02:13:32 | 000,091,936 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/20 11:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/07 13:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/05/31 17:10:22 | 000,349,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2011/05/03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/09/02 08:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 08:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/08/11 17:43:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/08/05 00:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/05 00:51:46 | 005,587,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 23:47:02 | 000,210,432 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/09 18:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 9F 22 69 5C 0F CD 01 [binary data]
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.41.71.164:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Arccosine"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://www.arccosine.com/search.php?q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bade\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Bade\AppData\Local\Facebook\Messenger\2.0.4447.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/08 01:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bade\AppData\Roaming\IDM\idmmzcc5 [2012/03/18 16:15:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bade\AppData\Roaming\IDM\idmmzcc5 [2012/03/18 16:15:07 | 000,000,000 | ---D | M]

[2012/03/18 16:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bade\AppData\Roaming\Mozilla\Extensions
[2012/04/08 20:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\m74pg8v2.default\extensions
[2012/04/08 14:23:16 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\m74pg8v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/03/31 21:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 21:08:16 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012/04/08 01:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/03/18 16:15:07 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BADE\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\BADE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M74PG8V2.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\BADE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M74PG8V2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/08 01:49:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/01 15:11:51 | 000,005,142 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\arccosine.xml
[2012/03/15 14:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 14:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bade\AppData\Local\Google\Chrome\Application\19.0.1084.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.118\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Foxit PhantomPDF Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Bade\AppData\Local\Facebook\Messenger\2.0.4447.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bade\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: Mini Notepad = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjhdoaiejppfmijnkopdcpjcngdlffj\5.0.1_0\
CHR - Extension: YouTube = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Bypass Surveys = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\
CHR - Extension: Bypass Surveys = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg\1.1_0\~
CHR - Extension: Hide My Ass! Web Proxy = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.4_0\
CHR - Extension: Google Search = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Do Not Track Plus = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.1.0.327_0\
CHR - Extension: Chrome Notepad = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp\3.7_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Linkbucks skip = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjpndobkiolgpnpagkhnknhinnpoajmd\1.6_0\
CHR - Extension: Cookie Manager = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.0_0\
CHR - Extension: BugMeNot Lite = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.9_0\
CHR - Extension: AdF.LY Bypasser = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkodfcemgpingfbgaobjfpifalkgjmid\1.0.0_0\
CHR - Extension: Currency Converter = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg\0.5.0_0\
CHR - Extension: bypassRDTO = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolhafjlghmjmjkfmcooocoaelndcgka\0.4.4_0\
CHR - Extension: My Chrome Theme = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.0.1_0\
CHR - Extension: Gmail = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: CPALead Remover = C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppngfcaklnhpiafkholeoojmccpngecg\1.0.12.3_0\

O1 HOSTS File: ([2012/04/03 09:42:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000..\Run: [HW_OPENEYE_OUC_GLO NETPRO] C:\Program Files\GLO NETPRO\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000..\Run: [OutlookMessenger] C:\Program Files\Outlook Messenger\OutlookMessenger.exe (Srimax Software System)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFDDE22-09AC-4758-8DDC-EB6A1D75E3F8}: NameServer = 0.0.0.0 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{611D7CB1-9535-42C6-AE41-054F33AD96E2}: NameServer = 0.0.0.0 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC932B96-3ED9-4893-ABEC-CB659DBA7F08}: NameServer = 10.197.80.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/21 10:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/12 16:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WinFLAdrv.sys - C:\Windows\System32\WinFLAdrv.sys ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45CBD5D1-60B2-93DC-BDDD-B139BE991DB1} - Browser Customizations
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4BA5EDB6-A879-EA8A-494D-0BB35E9CA114} - Microsoft Windows Media Player
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E258A0F5-CFDA-BEB2-8127-38A2F5D0FB94} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.aacacm - C:\Windows\System32\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Zattoo
[2012/04/09 00:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012/04/08 21:16:59 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Mchid
[2012/04/08 21:16:59 | 000,000,000 | ---D | C] -- C:\Users\Bade\Livestation
[2012/04/08 21:16:59 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Livestation
[2012/04/08 21:16:54 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/04/08 21:16:54 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/04/08 21:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2012/04/08 21:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestation
[2012/04/08 21:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Livestation
[2012/04/08 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\InternetTV
[2012/04/08 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\P2PFilter
[2012/04/08 20:25:40 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Readon_Technology
[2012/04/08 20:25:40 | 000,000,000 | ---D | C] -- C:\Users\Bade\Documents\Readon Player
[2012/04/08 14:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/08 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Conduit
[2012/04/08 14:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl2
[2012/04/08 14:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/08 14:21:35 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\uTorrent
[2012/04/08 14:16:04 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Avant Downloader
[2012/04/08 01:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/07 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/07 13:27:28 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Google
[2012/04/07 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\VNAP_SoftMark
[2012/04/07 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VNAP .NetBuster Proxy Pro
[2012/04/07 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\VNAP .NetBuster Proxy Pro
[2012/04/06 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Creative Software
[2012/04/06 22:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hand-Crafted Software
[2012/04/05 09:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/04/03 09:44:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/03 09:44:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/03 09:36:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/03 09:36:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/03 09:36:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/03 09:36:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/03 09:35:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/03 01:14:29 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\WinBatch
[2012/04/01 23:53:01 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\MPlayer
[2012/04/01 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Bade\.smplayer
[2012/04/01 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
[2012/04/01 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2012/04/01 23:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[2012/04/01 23:46:32 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Win7codecs
[2012/04/01 23:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Win7codecs
[2012/04/01 23:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2012/04/01 20:54:03 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/04/01 20:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/04/01 20:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/04/01 20:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/04/01 20:45:33 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\VS Revo Group
[2012/04/01 20:33:30 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\DVDVideoSoft
[2012/04/01 19:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/04/01 19:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/01 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/01 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/04/01 17:43:12 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Adobe
[2012/04/01 17:02:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/01 15:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
[2012/04/01 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Google Books Downloader
[2012/04/01 12:24:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/01 12:24:24 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/01 00:01:56 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\GPass
[2012/03/31 21:08:30 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2012/03/31 21:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
[2012/03/31 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2012/03/31 20:51:41 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/03/31 20:51:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/03/31 20:51:02 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/03/31 20:51:02 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/03/30 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\wj32
[2012/03/30 12:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012/03/30 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/03/30 08:34:55 | 000,022,000 | ---- | C] (SoftEther Corporation) -- C:\Windows\System32\drivers\Neo_0094.sys
[2012/03/29 23:34:54 | 000,022,000 | ---- | C] (SoftEther Corporation) -- C:\Windows\System32\drivers\Neo_0033.sys
[2012/03/29 23:32:34 | 000,081,920 | ---- | C] (SoftEther Corporation) -- C:\Windows\System32\vpncmd.exe
[2012/03/26 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Bade\.swt
[2012/03/26 14:34:42 | 000,074,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rarepair.exe
[2012/03/26 03:30:24 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\TeamViewer
[2012/03/26 01:50:54 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\ElevatedDiagnostics
[2012/03/26 01:12:34 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Qbik
[2012/03/26 01:10:31 | 000,000,000 | ---D | C] -- C:\Windows\WinGate
[2012/03/24 22:40:27 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/03/24 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\Bade\.tucan
[2012/03/23 20:00:01 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\freeuser
[2012/03/23 18:53:06 | 000,000,000 | ---D | C] -- C:\Users\Bade\TapinRadio
[2012/03/23 18:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\TapinRadio
[2012/03/22 10:43:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/03/21 17:27:07 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Facebook
[2012/03/20 13:09:22 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Microsoft Games
[2012/03/20 12:14:51 | 000,000,000 | ---D | C] -- C:\Users\Bade\Documents\OMessenger
[2012/03/20 12:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Messenger
[2012/03/20 12:14:37 | 004,145,264 | ---- | C] (Kelly Ethridge) -- C:\Windows\System32\vbcorlib.dll
[2012/03/20 12:14:37 | 000,495,616 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Scanner.dll
[2012/03/20 12:14:37 | 000,024,576 | ---- | C] (vbAccelerator) -- C:\Windows\System32\CompressZItLib6.dll
[2012/03/20 12:14:36 | 000,856,064 | ---- | C] (Conaito) -- C:\Windows\System32\EvoVoIP.dll
[2012/03/20 12:14:36 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2012/03/20 12:14:36 | 000,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHTMLED.OCX
[2012/03/20 12:14:36 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswinsck.ocx
[2012/03/20 12:14:35 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.ocx
[2012/03/20 12:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Messenger
[2012/03/20 01:15:42 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Users\Bade\Desktop\hjsplit.exe
[2012/03/18 23:44:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/03/18 23:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012/03/18 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\Bade\Documents\KONAMI
[2012/03/18 22:45:30 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/18 22:44:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/18 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\GlarySoft
[2012/03/18 22:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/03/18 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/03/18 21:55:03 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\GLO NETPRO
[2012/03/18 21:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GLO NETPRO
[2012/03/18 21:54:14 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/03/18 21:54:14 | 000,349,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2012/03/18 21:54:14 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/03/18 21:54:14 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2012/03/18 21:54:14 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012/03/18 21:54:14 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012/03/18 21:54:14 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012/03/18 21:54:14 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012/03/18 21:54:14 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012/03/18 21:54:14 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/03/18 21:54:14 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012/03/18 21:54:14 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/03/18 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\GLO NETPRO
[2012/03/18 21:13:28 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\ATI
[2012/03/18 21:13:28 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\ATI
[2012/03/18 21:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/18 21:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/18 21:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/18 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/18 20:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Lock
[2012/03/18 20:47:07 | 000,228,112 | ---- | C] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinVDEdrv.sys
[2012/03/18 20:46:51 | 000,091,736 | ---- | C] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLService.exe
[2012/03/18 20:46:47 | 000,293,976 | ---- | C] ( NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLTray.exe
[2012/03/18 20:46:46 | 000,293,976 | ---- | C] ( NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLTrayShred.exe
[2012/03/18 20:46:45 | 000,479,832 | ---- | C] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLCtxMenu.dll
[2012/03/18 20:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoftware's
[2012/03/18 20:44:47 | 000,000,000 | ---D | C] -- C:\pes2010
[2012/03/18 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\TeraCopy
[2012/03/18 20:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/03/18 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/03/18 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\Bade\Documents\PLU250
[2012/03/18 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Autodesk
[2012/03/18 18:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/03/18 18:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2008
[2012/03/18 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/03/18 18:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/03/18 18:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/03/18 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Autodesk
[2012/03/18 18:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/03/18 18:46:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/03/18 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Able2Extract
[2012/03/18 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc
[2012/03/18 17:50:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2012/03/18 17:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/18 17:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/03/18 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/03/18 17:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/18 17:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/03/18 17:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/03/18 17:47:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/03/18 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/18 17:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/18 17:36:51 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Skype
[2012/03/18 17:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/18 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/18 17:36:43 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/18 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/03/18 17:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2012/03/18 17:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2012/03/18 17:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/03/18 17:31:54 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Roxio Log Files
[2012/03/18 17:15:23 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/03/18 17:15:20 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012/03/18 17:08:54 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/03/18 17:07:08 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/03/18 17:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/03/18 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\TuneUp Software
[2012/03/18 17:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/03/18 17:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/03/18 17:04:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/03/18 17:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/03/18 16:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/03/18 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\IObit
[2012/03/18 16:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/03/18 16:57:12 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\VS Revo Group
[2012/03/18 16:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/03/18 16:57:08 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/03/18 16:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/18 16:55:12 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Foxit Software
[2012/03/18 16:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
[2012/03/18 16:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/18 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/18 16:50:51 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\WinRAR
[2012/03/18 16:50:51 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/18 16:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/18 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/03/18 16:48:41 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Apple Computer
[2012/03/18 16:48:40 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Apple Computer
[2012/03/18 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Macromedia
[2012/03/18 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Adobe
[2012/03/18 16:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/03/18 16:46:34 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Apple
[2012/03/18 16:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/18 16:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/03/18 16:40:54 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Mozilla
[2012/03/18 16:40:54 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Mozilla
[2012/03/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/03/18 16:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/03/18 16:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/03/18 16:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/18 16:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/18 16:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/18 16:30:56 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/03/18 16:30:56 | 000,567,696 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/03/18 16:30:56 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/03/18 16:30:56 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/03/18 16:30:56 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/03/18 16:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/18 16:29:30 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Avira
[2012/03/18 16:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012/03/18 16:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/03/18 16:15:02 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\IDM
[2012/03/18 16:15:02 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\DMCache
[2012/03/18 16:14:59 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/03/18 16:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/03/18 16:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/03/18 16:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/03/18 16:12:36 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/03/18 16:12:36 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/03/18 16:12:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/03/18 16:12:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/03/18 16:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/03/18 16:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/03/18 15:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/03/18 15:51:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/03/18 15:51:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/03/18 15:51:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/03/18 15:34:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/18 15:34:41 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/18 15:34:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/18 15:34:41 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/18 15:34:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/18 15:34:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/18 15:34:41 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/18 15:34:41 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/18 15:34:41 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/18 15:34:41 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/18 15:34:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/18 15:34:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/18 15:34:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/18 15:34:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/18 15:34:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/18 15:34:41 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/18 15:34:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/18 15:34:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/18 15:34:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/18 15:34:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/18 15:34:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/18 15:34:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/18 15:34:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/18 15:34:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/18 15:34:41 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/18 15:34:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/18 15:34:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/18 15:34:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/18 15:34:41 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/18 15:34:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/18 15:34:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/18 15:34:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/18 15:34:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/18 15:34:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/18 15:34:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/18 15:34:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/18 15:34:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/18 15:28:10 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/03/18 15:27:42 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/18 15:27:41 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/18 15:26:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/03/18 15:26:40 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/03/18 15:26:40 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/03/18 15:26:39 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/03/18 15:26:37 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/03/18 15:26:37 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/03/18 15:26:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/03/18 15:26:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/03/18 15:26:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/03/18 15:26:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/03/18 15:26:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/03/18 15:26:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/03/18 15:26:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/03/18 15:26:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/03/18 15:26:20 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/03/18 15:26:19 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/03/18 15:26:06 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/03/18 15:26:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/03/18 15:26:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/03/18 15:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/18 15:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/03/18 15:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/03/18 15:26:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/03/18 15:26:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/03/18 15:26:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/03/18 15:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/18 15:26:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/18 15:26:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/18 15:26:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/03/18 15:26:03 | 002,341,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/18 15:26:02 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/18 15:26:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/18 15:26:02 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/18 15:26:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/18 15:26:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/18 15:26:00 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/03/18 15:25:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/03/18 15:25:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/03/18 15:25:56 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/03/18 15:25:56 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/03/18 15:25:56 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/03/18 15:25:55 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/03/18 15:25:55 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/03/18 15:25:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/03/18 15:25:35 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/03/18 15:25:35 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/03/18 15:25:35 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/03/18 15:25:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/03/18 15:25:29 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/03/18 15:25:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/03/18 15:25:28 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/03/18 15:25:28 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/03/18 15:25:28 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/03/18 15:25:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/03/18 15:25:26 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/18 15:25:22 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/03/18 15:25:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/03/18 15:25:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/03/18 15:25:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/03/18 15:24:56 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2012/03/18 15:24:56 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/03/18 15:24:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/03/18 15:24:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/03/18 15:24:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/03/18 15:24:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/03/18 15:24:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/03/18 15:24:52 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/03/18 15:24:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/03/18 15:24:51 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/03/18 15:24:51 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/03/18 15:24:51 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/03/18 15:24:51 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/03/18 15:24:51 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/03/18 15:24:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/03/18 15:24:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/03/18 15:24:50 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/03/18 15:24:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/03/18 15:24:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/03/18 15:24:43 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/03/18 15:24:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/03/18 15:24:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/03/18 15:24:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/03/18 15:24:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/03/18 15:24:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/03/18 15:24:36 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/03/18 15:24:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/03/18 15:24:32 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/03/18 15:24:09 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/18 15:24:02 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/03/18 15:24:02 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/03/18 15:24:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/03/18 15:24:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/03/18 15:23:54 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/03/18 15:23:53 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/18 15:23:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/18 15:23:53 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/18 15:19:06 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/03/18 15:17:15 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/03/18 15:17:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/03/18 15:01:44 | 000,000,000 | ---D | C] -- C:\Users\Bade\Desktop\freegate
[2012/03/18 15:00:53 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2012/03/18 15:00:53 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
[2012/03/18 14:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012/03/18 14:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/03/18 14:52:37 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/03/18 14:52:10 | 000,000,000 | ---D | C] -- C:\system.sav
[2012/03/18 14:51:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/18 14:51:00 | 000,000,000 | R--D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/18 14:51:00 | 000,000,000 | R--D | C] -- C:\Users\Bade\Searches
[2012/03/18 14:51:00 | 000,000,000 | R--D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/18 14:50:59 | 000,000,000 | -H-D | C] -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/18 14:50:50 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Identities
[2012/03/18 14:50:48 | 000,000,000 | R--D | C] -- C:\Users\Bade\Contacts
[2012/03/18 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\VirtualStore
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\AppData\Local\Temporary Internet Files
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Templates
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Start Menu
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\SendTo
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Recent
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\PrintHood
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\NetHood
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Documents\My Videos
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Documents\My Pictures
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Documents\My Music
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\My Documents
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Local Settings
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\AppData\Local\History
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Cookies
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\Application Data
[2012/03/18 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Bade\AppData\Local\Application Data
[2012/03/18 14:50:35 | 000,000,000 | R--D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/18 14:50:35 | 000,000,000 | R--D | C] -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/18 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Temp
[2012/03/18 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Local\Microsoft
[2012/03/18 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\Bade\AppData\Roaming\Media Center Programs
[2012/03/18 14:50:34 | 000,000,000 | --SD | C] -- C:\Users\Bade\AppData\Roaming\Microsoft
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Videos
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Saved Games
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Pictures
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Music
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Links
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Favorites
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Downloads
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Documents
[2012/03/18 14:50:34 | 000,000,000 | R--D | C] -- C:\Users\Bade\Desktop
[2012/03/18 14:50:34 | 000,000,000 | -H-D | C] -- C:\Users\Bade\AppData
[2012/03/18 14:50:24 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/03/16 12:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/03/15 22:26:18 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 12:58:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 11:43:13 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 11:43:13 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 11:38:35 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 11:38:35 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 11:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/09 11:33:39 | 1406,582,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 00:41:37 | 000,017,408 | ---- | M] () -- C:\Users\Bade\AppData\Local\WebpageIcons.db
[2012/04/08 23:42:29 | 000,021,845 | ---- | M] () -- C:\Users\Bade\Desktop\servers.pbk
[2012/04/08 21:16:54 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012/04/08 21:16:54 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2012/04/08 14:22:02 | 000,000,901 | ---- | M] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/06 22:49:17 | 000,314,584 | ---- | M] () -- C:\Users\Bade\Documents\Print - ALL NETWORKS ACCESS POINT (APN) AND IP ADDRESS.pdf
[2012/04/04 20:37:30 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2012/04/03 09:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/03 08:56:52 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1268921209-2765377157-3684263045-1000UA.job
[2012/04/03 08:56:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1268921209-2765377157-3684263045-1000Core.job
[2012/04/02 16:36:01 | 000,307,405 | ---- | M] () -- C:\Users\Bade\Documents\JAMB 2012 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page.pdf
[2012/04/02 12:38:08 | 000,229,286 | ---- | M] () -- C:\Users\Bade\Documents\dana.pdf
[2012/04/01 23:46:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/01 23:46:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/01 23:39:31 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2012/04/01 12:24:45 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/01 12:24:45 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/31 21:08:41 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Expat Shield Launch.lnk
[2012/03/31 13:03:38 | 000,000,107 | ---- | M] () -- C:\Users\Bade\SecurityKISSTunnel.config
[2012/03/30 10:46:06 | 001,060,283 | ---- | M] () -- C:\Users\Bade\Documents\Print - Flexcharge NCHC100, 100A 12V Charge Controller Charge Controllers.pdf
[2012/03/30 08:34:55 | 000,022,000 | ---- | M] (SoftEther Corporation) -- C:\Windows\System32\drivers\Neo_0094.sys
[2012/03/29 23:34:54 | 000,022,000 | ---- | M] (SoftEther Corporation) -- C:\Windows\System32\drivers\Neo_0033.sys
[2012/03/29 23:32:40 | 000,001,466 | ---- | M] () -- C:\Windows\System32\mmcss_backup.dat
[2012/03/29 23:32:34 | 000,081,920 | ---- | M] (SoftEther Corporation) -- C:\Windows\System32\vpncmd.exe
[2012/03/26 12:30:37 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012/03/26 04:04:55 | 000,001,593 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2012/03/26 01:51:54 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/03/23 02:54:39 | 000,000,700 | -HS- | M] () -- C:\Users\Bade\AppData\Local\systemFL7.dat
[2012/03/23 02:54:34 | 000,003,465 | -HS- | M] () -- C:\Users\Bade\AppData\Local\win_stlthdb_sys.dat
[2012/03/22 19:01:32 | 000,079,360 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/22 19:00:40 | 000,048,128 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
[2012/03/18 23:29:06 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/03/18 22:48:05 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/03/18 20:49:36 | 000,000,693 | -HS- | M] () -- C:\Windows\System32\win_lockerdb_sys.dat
[2012/03/18 20:49:36 | 000,000,693 | -HS- | M] () -- C:\Users\Bade\AppData\Local\win_lockerdb_sys.dat
[2012/03/18 20:48:15 | 000,003,465 | -HS- | M] () -- C:\Windows\System32\win_stlthdb_sys.dat
[2012/03/18 20:48:15 | 000,002,568 | -HS- | M] () -- C:\ProgramData\win_mpwd_sys.dat
[2012/03/18 20:47:13 | 000,002,215 | ---- | M] () -- C:\Windows\System32\FolderLockAdrv.inf
[2012/03/18 20:47:11 | 000,029,584 | ---- | M] () -- C:\Windows\System32\WinFLAdrv.sys
[2012/03/18 20:47:09 | 000,188,176 | ---- | M] () -- C:\Windows\System32\WinVDEdrv6.sys
[2012/03/18 20:47:07 | 000,228,112 | ---- | M] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinVDEdrv.sys
[2012/03/18 20:46:51 | 000,091,736 | ---- | M] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLService.exe
[2012/03/18 20:46:50 | 000,014,936 | ---- | M] () -- C:\Windows\System32\WinFLMsgService.exe
[2012/03/18 20:46:49 | 000,040,960 | ---- | M] () -- C:\Windows\System32\nwsftUninstall.exe
[2012/03/18 20:46:47 | 000,293,976 | ---- | M] ( NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLTray.exe
[2012/03/18 20:46:46 | 000,293,976 | ---- | M] ( NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLTrayShred.exe
[2012/03/18 20:46:45 | 000,479,832 | ---- | M] (NewSoftwares.net, Inc.) -- C:\Windows\System32\WinFLCtxMenu.dll
[2012/03/18 19:58:25 | 000,231,868 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/03/18 19:23:47 | 000,481,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/18 18:03:00 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/03/18 16:57:10 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/03/18 16:30:47 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/03/18 16:30:47 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/03/18 16:30:47 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/03/18 16:30:47 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/03/18 16:30:47 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/03/18 16:06:46 | 000,001,411 | ---- | M] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/18 16:02:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/03/18 15:54:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/18 15:34:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/18 15:34:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/18 15:34:41 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/18 15:34:41 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/18 15:34:41 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/18 15:34:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/18 15:34:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/18 15:34:41 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/18 15:34:41 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/18 15:34:41 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/18 15:34:41 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/18 15:34:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/18 15:34:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/18 15:34:41 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/18 15:34:41 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/18 15:34:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/18 15:34:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/18 15:34:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/18 15:34:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/18 15:34:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/18 15:34:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/18 15:34:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/18 15:34:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/18 15:34:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/18 15:34:41 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/18 15:34:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/18 15:34:41 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/18 15:34:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/18 15:34:41 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/18 15:34:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/03/18 15:34:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/18 15:34:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/18 15:34:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/18 15:34:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/18 15:34:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/18 15:34:41 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/18 15:34:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/18 15:34:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/18 15:00:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/03/18 14:58:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/15 22:26:18 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2012/03/15 07:40:28 | 004,826,112 | ---- | M] () -- C:\Windows\System32\x264vfw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 13:06:41 | 000,002,995 | ---- | C] () -- C:\Users\Bade\Documents\Attach.zip
[2012/04/09 00:39:42 | 000,017,408 | ---- | C] () -- C:\Users\Bade\AppData\Local\WebpageIcons.db
[2012/04/08 14:22:02 | 000,000,901 | ---- | C] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/08 14:00:38 | 000,021,845 | ---- | C] () -- C:\Users\Bade\Desktop\servers.pbk
[2012/04/06 22:49:15 | 000,314,584 | ---- | C] () -- C:\Users\Bade\Documents\Print - ALL NETWORKS ACCESS POINT (APN) AND IP ADDRESS.pdf
[2012/04/04 20:37:30 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2012/04/03 09:36:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/03 09:36:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/03 09:36:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/03 09:36:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/03 09:36:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 16:35:59 | 000,307,405 | ---- | C] () -- C:\Users\Bade\Documents\JAMB 2012 Unified Tertiary Matriculation Examination e-Registration - Result Slip Page.pdf
[2012/04/02 12:38:07 | 000,229,286 | ---- | C] () -- C:\Users\Bade\Documents\dana.pdf
[2012/04/01 23:46:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/01 23:46:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/01 23:39:31 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2012/04/01 12:24:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 21:08:41 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Expat Shield Launch.lnk
[2012/03/31 13:02:36 | 000,000,107 | ---- | C] () -- C:\Users\Bade\SecurityKISSTunnel.config
[2012/03/30 11:19:05 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1268921209-2765377157-3684263045-1000UA.job
[2012/03/30 11:19:04 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1268921209-2765377157-3684263045-1000Core.job
[2012/03/30 10:45:59 | 001,060,283 | ---- | C] () -- C:\Users\Bade\Documents\Print - Flexcharge NCHC100, 100A 12V Charge Controller Charge Controllers.pdf
[2012/03/29 23:32:40 | 000,001,466 | ---- | C] () -- C:\Windows\System32\mmcss_backup.dat
[2012/03/26 12:29:50 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2012/03/26 04:04:12 | 000,001,593 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2012/03/26 01:50:38 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/03/22 19:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/22 19:00:40 | 000,048,128 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2012/03/20 12:14:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/03/18 23:29:06 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/03/18 22:48:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/18 22:47:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/18 22:44:43 | 1406,582,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/18 20:49:36 | 000,000,693 | -HS- | C] () -- C:\Windows\System32\win_lockerdb_sys.dat
[2012/03/18 20:49:36 | 000,000,693 | -HS- | C] () -- C:\Users\Bade\AppData\Local\win_lockerdb_sys.dat
[2012/03/18 20:48:15 | 000,003,465 | -HS- | C] () -- C:\Windows\System32\win_stlthdb_sys.dat
[2012/03/18 20:48:15 | 000,003,465 | -HS- | C] () -- C:\Users\Bade\AppData\Local\win_stlthdb_sys.dat
[2012/03/18 20:48:15 | 000,002,568 | -HS- | C] () -- C:\ProgramData\win_mpwd_sys.dat
[2012/03/18 20:47:54 | 000,000,700 | -HS- | C] () -- C:\Users\Bade\AppData\Local\systemFL7.dat
[2012/03/18 20:47:13 | 000,002,215 | ---- | C] () -- C:\Windows\System32\FolderLockAdrv.inf
[2012/03/18 20:47:11 | 000,029,584 | ---- | C] () -- C:\Windows\System32\WinFLAdrv.sys
[2012/03/18 20:47:09 | 000,188,176 | ---- | C] () -- C:\Windows\System32\WinVDEdrv6.sys
[2012/03/18 20:46:50 | 000,014,936 | ---- | C] () -- C:\Windows\System32\WinFLMsgService.exe
[2012/03/18 20:46:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nwsftUninstall.exe
[2012/03/18 17:51:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/18 17:07:04 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/03/18 16:57:10 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/03/18 16:48:57 | 000,231,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/18 16:46:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/18 16:35:06 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/18 16:06:46 | 000,001,417 | ---- | C] () -- C:\Users\Bade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/18 16:02:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/18 15:54:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/18 15:34:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/03/18 15:00:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/03/18 14:58:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/18 14:51:41 | 000,001,411 | ---- | C] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/18 14:50:35 | 000,000,290 | ---- | C] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/18 14:50:35 | 000,000,272 | ---- | C] () -- C:\Users\Bade\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/15 07:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/02 13:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >



EXTRAS.TXT

OTL Extras logfile created on: 4/9/2012 1:14:35 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = D:\Softwares\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 36.30% Memory free
3.49 Gb Paging File | 1.87 Gb Available in Paging File | 53.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.04 Gb Total Space | 17.86 Gb Free Space | 44.60% Space Free | Partition Type: NTFS
Drive D: | 257.95 Gb Total Space | 123.09 Gb Free Space | 47.72% Space Free | Partition Type: NTFS
Drive F: | 22.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OMOTAYO | User Name: Bade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.0
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{4DB153F6-9B77-47A5-A29D-893B84B016D4}" = Facebook Messenger 2.0.4447.0
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A436BE6E-A20F-41B8-ABD7-851AAD42FF8D}" = Livestation
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1" = Able2Extract Professional 7.0
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D9273F52-B929-E315-D82B-EDF384D53924}" = ATI Catalyst Install Manager
"{DA35F4DF-8DE9-47DB-07C7-A176B2C54878}" = ccc-utility
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FB47AD33-ED6C-446A-8AC7-A5E841B1DA49}" = Foxit PhantomPDF
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ExpatShield" = Expat Shield 2.25
"Folder Lock" = Folder Lock
"Foxit Reader_is1" = Foxit Reader 5.1
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities Pro 2.43.0.1419
"GLO NETPRO" = GLO NETPRO
"Internet Download Manager" = Internet Download Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"OutlookMessenger_is1" = OutlookMessenger V6
"P2PFilter" = P2PFilter 3.0.5
"SMPlayer" = SMPlayer 0.7.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TapinRadio_is1" = TapinRadio 1.57.1
"TeraCopy_is1" = TeraCopy 2.22
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VNAP .NetBuster Proxy Pro3.00.00 Beta" = VNAP .NetBuster Proxy Pro
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1268921209-2765377157-3684263045-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 5:13:45 PM | Computer Name = Omotayo | Source = VSS | ID = 8194
Description =

Error - 4/6/2012 6:20:29 PM | Computer Name = Omotayo | Source = RasClient | ID = 20227
Description =

Error - 4/7/2012 8:25:28 AM | Computer Name = Omotayo | Source = VSS | ID = 8194
Description =

Error - 4/7/2012 8:59:43 PM | Computer Name = Omotayo | Source = VSS | ID = 8194
Description =

Error - 4/8/2012 9:06:58 AM | Computer Name = Omotayo | Source = RasClient | ID = 20227
Description =

Error - 4/8/2012 9:20:58 AM | Computer Name = Omotayo | Source = VSS | ID = 8194
Description =

Error - 4/8/2012 7:45:00 PM | Computer Name = Omotayo | Source = VSS | ID = 8194
Description =

Error - 4/9/2012 6:44:22 AM | Computer Name = Omotayo | Source = RasClient | ID = 20227
Description =

Error - 4/9/2012 6:44:33 AM | Computer Name = Omotayo | Source = RasClient | ID = 20227
Description =

Error - 4/9/2012 7:43:37 AM | Computer Name = Omotayo | Source = Application Error | ID = 1000
Description = Faulting application name: Livestation.exe, version: 1.0.0.1, time
stamp: 0x4c231286 Faulting module name: QtCore4.dll, version: 4.5.1.0, time stamp:
0x49ee67da Exception code: 0xc0000005 Fault offset: 0x001027a6 Faulting process id:
0xc0 Faulting application start time: 0x01cd163eab81e6d1 Faulting application path:
C:\Program Files\Livestation\Livestation.exe Faulting module path: C:\Program Files\Livestation\QtCore4.dll
Report
Id: 3e2c05c8-8239-11e1-8a03-001e101f8924

[ Media Center Events ]
Error - 3/28/2012 2:51:28 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 7:50:37 PM - Failed to retrieve MCEClientUX (Error: The operation
has timed out)

Error - 3/28/2012 2:52:14 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 7:52:14 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 3/28/2012 2:52:37 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 7:52:34 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 3/28/2012 2:53:48 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 7:53:36 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 3/28/2012 3:54:59 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 8:54:59 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 3/28/2012 3:56:25 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 8:56:25 PM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 3/28/2012 4:16:30 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 9:16:24 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 3/28/2012 5:16:39 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 10:16:39 PM - Error connecting to the internet. 10:16:39 PM - Unable
to contact server..

Error - 3/28/2012 5:16:49 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 10:16:46 PM - Error connecting to the internet. 10:16:46 PM - Unable
to contact server..

Error - 3/28/2012 7:13:31 PM | Computer Name = Omotayo | Source = MCUpdate | ID = 0
Description = 12:13:23 AM - Failed to retrieve Broadband (Error: The operation has
timed out)

[ System Events ]
Error - 4/8/2012 6:08:00 AM | Computer Name = Omotayo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 4/8/2012 9:06:55 AM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 9:07:29 AM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 9:08:53 AM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 9:11:27 AM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 9:38:53 AM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 1:15:53 PM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 6:42:21 PM | Computer Name = Omotayo | Source = RasSstp | ID = 1
Description =

Error - 4/8/2012 7:01:19 PM | Computer Name = Omotayo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt

Error - 4/9/2012 6:34:32 AM | Computer Name = Omotayo | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vflt


< End of report >

#7 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 April 2012 - 07:34 AM

Yes i do have windows 7 dvd available

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 09 April 2012 - 07:48 AM

Hi,

do you know what this file is: D:\Softwares\Downloads\chmzdj5m.exe?

Could you set up opendns as your dns server and let me know if that helps with the issues you have with DNS: https://store.opendns.com/setup/operatingsystem/windows-7

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 April 2012 - 08:18 AM

do you know what this file is: D:\Softwares\Downloads\chmzdj5m.exe? - Yes i do.

I have used opendns before but the problem persists if i enter the vpn web address rather than the ip address.

I have attached a picture to explain what i mean.

What about the problem i have with my sound output? It makes scratching sound after playing for some time (windows media player or livestation) or when you run other programs concurrently.

Thanks for your help.

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 09 April 2012 - 08:33 AM

Hi,

I would try reinstalling Windows Media Player to see if that fixes the issue.

Regarding the DNS issue: Do you have the issue when you're connected through the VPN or when you're not connected to the VPN?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 09 April 2012 - 09:13 AM

Not just media player but other sound applications.

Before connecting to vpn, you do have to enter the vpn address (vpn server web address); the system does not resolve the address except you change it to ip format. After connecting to vpn, websites sites such as yahoo do not open. I guess this is due to the particular vpn server, since if i connect to a different vpn server it will open yahoo but i may not load some other sites eg gmail.

Thanks for your response

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 09 April 2012 - 10:11 AM

Hi,

do you know that you were previously infected and this is the aftermath? Or do you think you have been infected because of these issues?

When did this start? and did you recently install something/make major changes on the PC?

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 11 April 2012 - 04:57 PM

Thanks for your help. It seems ill have to run several softwares after each other. I think ill just format and re-install. That will be quicker.
I really do appreciate your assistance. You guys are doing a great job here.
Thank you.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:53 PM

Posted 12 April 2012 - 04:35 AM

Hi,

ok, that' usually the safest way to go anyways.

For safety measures, since it isn't clear what is breaking/what is still active on your machine in terms of malware, I would advise to only back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you want to use a flash drive, I would recommend running FlashDisinfector (only compatible with XP) or the comparable tool from Panda: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/ to vaccine your flash drives. (Vaccinating the PC isn't necessary if all flash drives are vaccinated.)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 badex09

badex09
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 12 April 2012 - 01:18 PM

I don't know how much to thank you for your help but i will keep in in my prayers. I'm in Nigeria and there is no way to donate to the wonderful assistance you are doing here. God bless you. I'll forever be in your debt. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users