Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer, Slow, Redirects, Mbam removes then comes back


  • This topic is locked This topic is locked
21 replies to this topic

#1 garylmoore

garylmoore

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 09 September 2013 - 01:23 PM

computer running slow, redirecting going on. I have tried MBAM but the virus comes back.

 

Windows Vista Home Premium Service Pack 1 (build 6001)

GATEWAY FX541S 110
System Serial Number: 1102159029
Enclosure Type: Desktop

 

2.40 gigahertz Intel Core2 Quad
64 kilobyte primary memory cache
4096 kilobyte secondary memory cache
64-bit ready
Multi-core (4 total)
Not hyper-threaded

 

 

Thanks ... Gary

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 12 September 2013 - 12:36 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
It looks like you are running Windows Vista Service Pack (SP) 1?  The latest version is SP2....any reason you have not updated your system?  I don't want you to at this point, but I was just more curious than anything.   :)
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 14 September 2013 - 02:41 AM

# AdwCleaner v3.003 - Report created 14/09/2013 at 02:40:15
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Gary - GARY-PC
# Running from : C:\Users\Gary\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\rc8lligk.default-1378950196075\prefs.js ]


*************************

AdwCleaner[R0].txt - [2973 octets] - [13/09/2013 02:34:17]
AdwCleaner[R1].txt - [713 octets] - [14/09/2013 02:40:15]
AdwCleaner[S0].txt - [3191 octets] - [13/09/2013 02:57:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [832 octets] ##########



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 14 September 2013 - 08:31 AM

Thanks for posting the AdwCleaner log.   :)
 

It looks like you are running Windows Vista Service Pack (SP) 1?  The latest version is SP2....any reason you have not updated your system?  I don't want you to at this point, but I was just more curious than anything.

Don't forget about this.

----------
 
Also...when you get the TDSSKiller log post that as well.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 15 September 2013 - 10:57 AM

I just did a format, so I am not completely updated yet. I had the virus before the format and it came back. It must have infected a my non system drive. I went thru that drive, tossed all the stuff I thought could possibly contain a virus, saved the rest. Ran Malwarebytes again. I did that before the first post here. Maybe the crap I threw away helped, but i figured I would get nowhere without Registry editing, I do not feel comfortable doing that, so here I am.

TDSSkiller found nothing.

The computer seems to be acting better.


Edited by garylmoore, 15 September 2013 - 11:02 AM.


#6 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 15 September 2013 - 11:00 AM

I tried to include the TDSSKILLER log but I would not let me copy or save the report.



#7 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 15 September 2013 - 01:36 PM

No, still not right. Something is most likely examining my firefox searches. There is a delay anytime I change browser pages. I can hit cntrl + alt + del and "task mgr" as soon as this is done, the window resumes activity and the next page opens.

 

This exact behavior is what made me notice the problem in the first place. thanks.. gary



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 15 September 2013 - 02:59 PM

Ok let's see what we can see...
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 15 September 2013 - 03:16 PM

combofix log file

Attached Files



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 15 September 2013 - 07:29 PM

Hi,
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 16 September 2013 - 03:38 AM

Hey there, here is the JRT log.. thanks... Gary

Attached Files

  • Attached File  JRT.txt   845bytes   2 downloads


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 16 September 2013 - 07:07 AM

Good.  How is your system behaving?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 16 September 2013 - 11:10 AM

Still kind of funny, Nothing there huh?

Well, maybe it messed up my system and I need to format the computer again.


Edited by garylmoore, 16 September 2013 - 11:12 AM.


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:44 AM

Posted 16 September 2013 - 11:15 AM

Well let's get a look with a different tool....   :)
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 garylmoore

garylmoore
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 16 September 2013 - 12:08 PM

DTL logfile

 

OTL logfile created on: 9/16/2013 11:48:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gary\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.46% Memory free
6.22 Gb Paging File | 5.54 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.59 Gb Total Space | 369.28 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 6.26 Gb Free Space | 61.56% Space Free | Partition Type: NTFS
Drive K: | 186.31 Gb Total Space | 183.84 Gb Free Space | 98.68% Space Free | Partition Type: NTFS
 
Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Gary\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.1.4.42918.dll ()
MOD - C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.1.4.42918.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Gary\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\WINDOWS\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NETw2v32) -- C:\WINDOWS\System32\drivers\NETw2v32.sys (Intel® Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX541S
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5987C17A-87D7-481F-BB76-E6C4D370B7FB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYF_enUS552
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2013/09/07 19:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\OKitSpace@Vittalia.es: C:\Users\Gary\AppData\Roaming\okitspace\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Gary\AppData\Roaming\Dashlane\2.1.4.42918\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2013/08/28 10:48:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/09/08 12:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions
[2013/09/09 12:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/09/10 14:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/08 12:07:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 12:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/08 12:07:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/28 10:48:25 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\GARY\APPDATA\ROAMING\DASHLANE\2.1.4.42918\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
 
O1 HOSTS File: ([2013/09/15 15:10:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Dashlane] C:\Users\Gary\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F268AE-B1E6-428C-8A61-375F03E4F0DC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/16 11:38:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/09/16 03:31:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/16 03:30:02 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Gary\Desktop\JRT.exe
[2013/09/15 15:11:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/15 15:11:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/15 15:11:48 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\temp
[2013/09/15 15:04:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/15 15:04:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/15 15:04:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/15 15:04:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/15 15:04:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/15 15:03:29 | 005,126,233 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2013/09/15 11:26:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Apps
[2013/09/15 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\OneNote Notebooks
[2013/09/13 02:33:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/11 20:44:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JimsList
[2013/09/11 20:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\JimsList
[2013/09/11 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Jim's Cheap Software
[2013/09/11 20:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JimsList
[2013/09/10 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\spinrite
[2013/09/10 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\sharepod
[2013/09/10 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\928
[2013/09/10 13:57:24 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\2011-07-06
[2013/09/10 13:57:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\2011-07-28
[2013/09/10 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\2011-07-13
[2013/09/10 13:34:00 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Motive
[2013/09/10 13:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2013/09/10 13:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2013/09/09 13:29:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Logfiles
[2013/09/09 10:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/09/08 12:14:55 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/09/08 12:14:35 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Dashlane
[2013/09/08 12:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/08 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/09/08 12:05:27 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Mozilla
[2013/09/08 11:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2013/09/08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Apple Computer
[2013/09/08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Apple Computer
[2013/09/08 11:40:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/09/08 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/08 11:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/09/08 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Apple
[2013/09/08 11:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/09/08 11:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/09/08 11:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/09/08 11:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/09/08 09:29:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/07 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Macromedia
[2013/09/07 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Macromedia
[2013/09/07 21:24:05 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/07 21:24:05 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/07 20:41:43 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2013/09/07 20:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/07 20:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/07 20:41:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/09/07 20:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/07 20:37:36 | 005,470,720 | ---- | C] (Jeffrey Harris) -- C:\Users\Gary\Desktop\SharePod.exe
[2013/09/07 19:43:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013/09/07 19:43:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013/09/07 19:43:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013/09/07 19:42:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013/09/07 19:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/09/07 16:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/09/07 16:10:17 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/09/07 15:49:48 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013/09/07 15:49:48 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/09/07 15:49:48 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013/09/07 15:49:48 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013/09/07 15:49:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013/09/07 15:49:46 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013/09/07 15:45:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013/09/07 15:45:11 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013/09/07 15:43:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2013/09/07 15:40:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/09/07 15:40:25 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/09/07 15:40:24 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/07 15:40:23 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/07 15:40:23 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/07 15:40:23 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/09/07 15:40:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/07 15:40:23 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/09/07 15:40:23 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/07 15:40:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/07 15:40:22 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/07 15:40:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013/09/07 15:40:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/07 15:39:54 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2013/09/07 15:39:54 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2013/09/07 15:39:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2013/09/07 15:39:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2013/09/07 15:39:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2013/09/07 15:39:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2013/09/07 15:39:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2013/09/07 15:39:27 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013/09/07 15:39:27 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013/09/07 15:39:27 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013/09/07 15:39:27 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2013/09/07 15:39:25 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013/09/07 15:39:25 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2013/09/07 15:39:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2013/09/07 15:39:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2013/09/07 15:39:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2013/09/07 15:39:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/09/07 15:38:49 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2013/09/07 15:38:46 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2013/09/07 15:38:38 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013/09/07 15:38:04 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2013/09/07 15:38:04 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2013/09/07 15:37:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013/09/07 15:37:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013/09/07 15:37:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013/09/07 15:37:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2013/09/07 15:37:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2013/09/07 15:37:54 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013/09/07 15:37:54 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013/09/07 15:37:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013/09/07 15:37:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013/09/07 15:37:35 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013/09/07 15:37:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/09/07 15:37:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/09/07 15:37:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013/09/07 15:37:25 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013/09/07 15:37:25 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2013/09/07 15:37:25 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013/09/07 15:37:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2013/09/07 15:37:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013/09/07 15:37:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2013/09/07 15:37:24 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2013/09/07 15:37:22 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013/09/07 15:37:21 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/09/07 15:37:18 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/09/07 15:37:17 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/09/07 15:37:15 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013/09/07 15:37:14 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013/09/07 15:37:09 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/09/07 15:37:08 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013/09/07 15:37:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013/09/07 15:37:07 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013/09/07 15:37:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013/09/07 15:36:57 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2013/09/07 15:36:55 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013/09/07 15:36:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2013/09/07 15:36:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2013/09/07 15:36:28 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2013/09/07 15:36:28 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2013/09/07 15:36:26 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/09/07 15:36:24 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/09/07 15:36:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/09/07 15:36:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/09/07 15:36:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/09/07 15:36:16 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013/09/07 15:36:16 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013/09/07 15:36:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013/09/07 15:36:16 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013/09/07 15:36:07 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/07 15:35:57 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013/09/07 15:35:45 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013/09/07 15:35:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/09/07 15:35:42 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013/09/07 15:35:39 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013/09/07 15:35:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2013/09/07 15:35:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013/09/07 15:35:28 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/07 15:35:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/09/07 15:35:27 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013/09/07 15:35:26 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013/09/07 15:35:14 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013/09/07 15:35:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013/09/07 15:35:10 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013/09/07 15:35:06 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013/09/07 15:35:05 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013/09/07 15:35:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/09/07 15:26:24 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Mozilla
[2013/09/07 15:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/07 15:25:55 | 003,014,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/09/07 15:25:55 | 002,555,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013/09/07 15:25:55 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/09/07 15:25:54 | 004,119,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/09/07 15:25:54 | 000,223,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/09/07 15:24:54 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/09/07 15:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/09/07 15:23:16 | 000,892,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013/09/07 15:23:16 | 000,154,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013/09/07 15:23:16 | 000,028,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013/09/07 15:23:15 | 020,542,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/09/07 15:23:15 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/09/07 15:23:15 | 015,040,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/09/07 15:23:15 | 012,918,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/09/07 15:23:15 | 008,950,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/09/07 15:23:15 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/09/07 15:23:15 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/09/07 15:23:15 | 002,730,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/09/07 15:23:15 | 002,537,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/09/07 15:23:15 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/09/07 15:23:15 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231416.dll
[2013/09/07 15:23:15 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231416.dll
[2013/09/07 15:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/09/07 15:22:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/09/07 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Google
[2013/09/07 15:21:32 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2013/09/07 15:21:32 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2013/09/07 15:21:32 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2013/09/07 15:21:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2013/09/07 15:21:31 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2013/09/07 15:21:30 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013/09/07 15:21:30 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2013/09/07 15:21:30 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2013/09/07 15:21:29 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2013/09/07 15:21:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2013/09/07 15:21:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2013/09/07 15:21:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2013/09/07 15:21:27 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2013/09/07 15:21:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2013/09/07 15:21:26 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2013/09/07 15:21:26 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2013/09/07 15:21:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/09/07 15:21:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2013/09/07 15:21:25 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2013/09/07 15:21:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2013/09/07 15:21:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2013/09/07 15:21:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2013/09/07 15:21:23 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2013/09/07 15:21:23 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2013/09/07 15:21:23 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2013/09/07 15:21:22 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2013/09/07 15:21:22 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2013/09/07 15:21:22 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2013/09/07 15:21:22 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2013/09/07 15:21:21 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2013/09/07 15:21:21 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2013/09/07 15:21:21 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2013/09/07 15:21:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2013/09/07 15:21:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2013/09/07 15:21:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2013/09/07 15:21:20 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2013/09/07 15:21:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/09/07 15:21:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/09/07 15:21:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/09/07 15:21:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/09/07 15:21:17 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2013/09/07 15:21:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2013/09/07 15:21:17 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2013/09/07 15:21:16 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2013/09/07 15:21:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2013/09/07 15:21:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2013/09/07 15:21:15 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2013/09/07 15:21:15 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2013/09/07 15:21:14 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2013/09/07 15:21:14 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2013/09/07 15:21:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2013/09/07 15:21:14 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2013/09/07 15:21:13 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2013/09/07 15:21:13 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2013/09/07 15:21:11 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2013/09/07 15:21:11 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2013/09/07 15:21:11 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2013/09/07 15:21:10 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2013/09/07 15:21:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2013/09/07 15:21:09 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2013/09/07 15:21:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2013/09/07 15:21:08 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2013/09/07 15:21:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2013/09/07 15:21:08 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2013/09/07 15:21:08 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2013/09/07 15:21:07 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2013/09/07 15:21:07 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013/09/07 15:21:06 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2013/09/07 15:21:05 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2013/09/07 15:21:05 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2013/09/07 15:21:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2013/09/07 15:21:04 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2013/09/07 15:21:04 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2013/09/07 15:21:03 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013/09/07 15:21:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2013/09/07 15:21:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013/09/07 15:21:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013/09/07 15:21:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013/09/07 15:21:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013/09/07 15:21:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013/09/07 15:21:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013/09/07 15:21:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013/09/07 15:21:00 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013/09/07 15:20:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013/09/07 15:20:54 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013/09/07 15:20:54 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013/09/07 15:20:54 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013/09/07 15:20:53 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013/09/07 15:20:53 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013/09/07 15:20:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013/09/07 15:20:52 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013/09/07 15:20:52 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013/09/07 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Adobe
[2013/09/07 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Adobe
[2013/09/07 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\New Folder (6)
[2013/09/07 15:17:24 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\New Folder (3)
[2013/09/07 15:17:24 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\New Folder (2)
[2013/09/07 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\My Google Gadgets
[2013/09/07 15:15:51 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Google
[2013/09/07 15:15:18 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/07 15:15:18 | 000,000,000 | R--D | C] -- C:\Users\Gary\Searches
[2013/09/07 15:15:18 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/07 15:15:08 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Identities
[2013/09/07 15:15:06 | 000,000,000 | R--D | C] -- C:\Users\Gary\Contacts
[2013/09/07 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\VirtualStore
[2013/09/07 15:15:00 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\SampleView
[2013/09/07 15:14:57 | 000,000,000 | --SD | C] -- C:\Users\Gary\AppData\Roaming\Microsoft
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Videos
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Saved Games
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Pictures
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Music
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Links
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Favorites
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Downloads
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Documents
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Desktop
[2013/09/07 15:14:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Temporary Internet Files
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Templates
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Start Menu
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\SendTo
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Recent
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\PrintHood
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\NetHood
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Videos
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Pictures
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Music
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\My Documents
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Local Settings
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\History
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Cookies
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Application Data
[2013/09/07 15:14:57 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Application Data
[2013/09/07 15:14:57 | 000,000,000 | -H-D | C] -- C:\Users\Gary\AppData
[2013/09/07 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Microsoft
[2013/09/07 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Media Center Programs
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2013/09/07 15:12:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2013/09/07 06:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/07 06:00:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/09/07 05:59:56 | 000,364,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraiins.dll
[2013/09/07 05:59:56 | 000,364,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraidco.dll
[2013/09/07 05:30:41 | 000,131,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvrd32.sys
[2013/09/07 05:30:41 | 000,110,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2013/09/07 05:30:41 | 000,000,000 | ---D | C] -- C:\Windows\i386
[2013/09/07 05:26:59 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2013/09/07 03:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2013/09/07 03:24:01 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/09/07 03:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway Documentation
[2013/09/07 03:23:46 | 000,000,000 | ---D | C] -- C:\Documents
[2013/09/07 03:23:44 | 000,000,000 | ---D | C] -- C:\google
[2013/09/07 03:23:43 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\Windows\System32\BAE.dll
[2013/09/07 03:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2013/09/07 03:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2013/09/07 03:23:14 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2013/09/07 03:23:14 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2013/09/07 03:23:14 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2013/09/07 03:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/09/07 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/07 03:22:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/09/07 03:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/09/07 03:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/09/07 03:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/09/07 03:22:15 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2013/09/07 03:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/09/07 03:21:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/09/07 03:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/09/07 03:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/09/07 03:20:26 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/09/07 03:20:13 | 000,007,168 | ---- | C] (BigFix, Inc.) -- C:\Windows\BigFixClientOverride.dll
[2013/09/07 03:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
[2013/09/07 03:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013/09/07 03:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/07 03:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/09/07 03:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/09/07 03:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/09/07 03:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2013/09/07 03:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/09/07 03:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway Recovery Center
[2013/09/07 03:16:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/09/07 03:16:09 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2013/09/07 03:16:08 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/09/07 03:16:08 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/09/07 03:16:07 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2013/09/07 03:16:07 | 000,563,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/09/07 03:16:07 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/09/07 03:16:07 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/09/07 03:16:07 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/09/07 03:16:06 | 004,669,440 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2013/09/07 03:16:06 | 002,048,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/09/07 03:16:06 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/09/07 03:16:06 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2013/09/07 03:16:06 | 000,017,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2013/09/07 03:15:54 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013/09/07 03:15:54 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2013/09/07 03:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/09/07 03:10:33 | 000,098,816 | ---- | C] (Realtek Corporation                                            ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2013/09/07 03:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/09/07 03:10:32 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/09/07 03:10:16 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvusmb.exe
[2013/09/07 03:09:58 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2013/09/07 03:09:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/09/07 03:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/09/07 03:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/09/07 03:07:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/16 11:38:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2013/09/16 10:56:03 | 000,635,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/16 10:56:03 | 000,116,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/16 10:51:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 10:51:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 10:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/16 10:51:38 | 3220,516,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/16 03:30:02 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Gary\Desktop\JRT.exe
[2013/09/15 15:10:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/15 15:03:35 | 005,126,233 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2013/09/15 13:33:21 | 000,000,318 | ---- | M] () -- C:\Users\Gary\Desktop\Infected computer,.URL
[2013/09/15 11:18:47 | 000,001,122 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/09/13 02:33:00 | 001,037,278 | ---- | M] () -- C:\Users\Gary\Desktop\AdwCleaner.exe
[2013/09/13 01:26:25 | 000,000,237 | ---- | M] () -- C:\Users\Gary\Desktop\Soundgarden - Fell On Black Days (Lyrics) - YouTube.URL
[2013/09/11 23:39:36 | 000,000,308 | ---- | M] () -- C:\Users\Gary\Desktop\duplicate emails.URL
[2013/09/11 22:05:55 | 000,000,248 | ---- | M] () -- C:\Users\Gary\Desktop\2005 Z71 Chevy Tahoe.URL
[2013/09/11 21:31:35 | 000,000,245 | ---- | M] () -- C:\Users\Gary\Desktop\2003 Chevy Tahoe 4x4 Loaded!.URL
[2013/09/11 20:44:23 | 000,000,815 | ---- | M] () -- C:\Users\Gary\Desktop\JimsList.lnk
[2013/09/11 19:06:39 | 000,000,227 | ---- | M] () -- C:\Users\Gary\Desktop\JeepsUnlimited.com Forums - Powered by vBulletin.URL
[2013/09/09 13:24:02 | 000,000,291 | ---- | M] () -- C:\Users\Gary\Desktop\Infected computer.URL
[2013/09/08 12:14:55 | 000,001,927 | ---- | M] () -- C:\Users\Gary\Desktop\Dashlane.lnk
[2013/09/08 11:47:11 | 000,001,936 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/09/08 11:47:11 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/09/08 10:55:05 | 000,720,402 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2013/09/08 10:49:11 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/07 21:24:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/07 21:24:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/07 20:41:36 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 19:40:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/09/07 16:34:52 | 000,293,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/07 15:37:35 | 000,031,232 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/07 15:21:30 | 000,000,954 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 15:15:42 | 000,000,680 | ---- | M] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat
[2013/09/07 15:14:23 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG
[2013/09/07 15:11:38 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/09/07 03:22:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\GATEWAY_FX541S_1.0_1102159029.MRK
[2013/09/07 03:16:09 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2013/09/07 03:15:54 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2013/09/07 03:07:10 | 000,000,002 | RHS- | M] () -- C:\USER
[2013/09/07 02:07:39 | 000,000,542 | ---- | M] () -- C:\Users\Gary\Desktop\blueberry cheesecake topping - Shortcut (2).lnk
[2013/09/07 02:07:39 | 000,000,507 | ---- | M] () -- C:\Users\Gary\Desktop\mandarin orange salad - Shortcut (2).lnk
[2013/09/07 02:07:39 | 000,000,299 | ---- | M] () -- C:\Users\Gary\Desktop\HD Factory Workshop Manuals - Harley Davidson Forums Harley Davidson Motorcycle Forum (2).URL
[2013/09/07 02:07:39 | 000,000,244 | ---- | M] () -- C:\Users\Gary\Desktop\United Auto Workers Local 1268 Committeeperson and Chief Stewards (2).URL
[2013/09/07 02:07:39 | 000,000,241 | ---- | M] () -- C:\Users\Gary\Desktop\Street_Motorcycle_Tips_2010.pdf (2).URL
[2013/09/07 02:07:39 | 000,000,233 | ---- | M] () -- C:\Users\Gary\Desktop\Urban Dictionary awnry (2).URL
[2013/09/07 02:07:39 | 000,000,230 | ---- | M] () -- C:\Users\Gary\Desktop\1974 HARLEY FLH ELECTRA GLIDE. TRADES (2).URL
[2013/09/07 02:07:39 | 000,000,215 | ---- | M] () -- C:\Users\Gary\Desktop\PUA Articles PUA Forums (2).URL
[2013/09/07 02:06:06 | 000,000,857 | ---- | M] () -- C:\Users\Gary\Desktop\firefox.lnk
[2013/09/07 02:06:06 | 000,000,542 | ---- | M] () -- C:\Users\Gary\Desktop\blueberry cheesecake topping - Shortcut.lnk
[2013/09/07 02:06:06 | 000,000,532 | ---- | M] () -- C:\Users\Gary\Desktop\cheesecake fall prevention - Shortcut.lnk
[2013/09/07 02:06:06 | 000,000,366 | ---- | M] () -- C:\Users\Gary\Desktop\Harley-Davidson Other in Harley-Davidson eBay Motorcycles.URL
[2013/09/07 02:06:06 | 000,000,356 | ---- | M] () -- C:\Users\Gary\Desktop\Vintage Harley Davidson Panhead Shovelhead Hard Saddlebags Mounting Brackets eBay.URL
[2013/09/07 02:06:06 | 000,000,284 | ---- | M] () -- C:\Users\Gary\Desktop\eBay checkout - Success.URL
[2013/09/07 02:06:06 | 000,000,257 | ---- | M] () -- C:\Users\Gary\Desktop\GOMEZ Jersey; 2011-2013 Germany 23 GOMEZ Home Jersey.URL
[2013/09/07 02:06:06 | 000,000,252 | ---- | M] () -- C:\Users\Gary\Desktop\61103 Weather Forecast from Weather Underground.URL
[2013/09/07 02:06:06 | 000,000,241 | ---- | M] () -- C:\Users\Gary\Desktop\Street_Motorcycle_Tips_2010.pdf.URL
[2013/09/07 02:06:06 | 000,000,233 | ---- | M] () -- C:\Users\Gary\Desktop\Urban Dictionary awnry - Copy.URL
[2013/09/07 02:06:06 | 000,000,233 | ---- | M] () -- C:\Users\Gary\Desktop\1971 Harley Davidson FLH.URL
[2013/09/07 02:06:06 | 000,000,230 | ---- | M] () -- C:\Users\Gary\Desktop\1974 HARLEY FLH ELECTRA GLIDE. TRADES.URL
[2013/09/07 02:06:06 | 000,000,215 | ---- | M] () -- C:\Users\Gary\Desktop\PUA Articles PUA Forums.URL
[2013/09/07 02:06:06 | 000,000,206 | ---- | M] () -- C:\Users\Gary\Desktop\Facebook.URL
[2013/09/07 02:06:06 | 000,000,104 | ---- | M] () -- C:\Users\Gary\Desktop\Computer - Shortcut - Copy.lnk
[2013/08/31 17:57:44 | 000,000,343 | ---- | M] () -- C:\Users\Gary\Desktop\Harley-Davidson Touring in Harley-Davidson eBay Motorcycles.URL
[2013/08/29 11:42:22 | 000,037,528 | ---- | M] () -- C:\Users\Gary\Desktop\00a0a_b4h8YTfgSJF_600x450.jpg
[2013/08/29 11:41:15 | 000,039,305 | ---- | M] () -- C:\Users\Gary\Desktop\00V0V_9UDIwRkiBaX_600x450.jpg
[2013/08/28 14:25:11 | 001,093,702 | ---- | M] () -- C:\Users\Gary\Desktop\20130820_130540_1.jpeg
 
========== Files Created - No Company Name ==========
 
[2013/09/15 15:04:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/15 15:04:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/15 15:04:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/15 15:04:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/15 15:04:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/15 13:33:21 | 000,000,318 | ---- | C] () -- C:\Users\Gary\Desktop\Infected computer,.URL
[2013/09/15 11:18:47 | 000,001,122 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/09/13 02:33:00 | 001,037,278 | ---- | C] () -- C:\Users\Gary\Desktop\AdwCleaner.exe
[2013/09/13 01:26:25 | 000,000,237 | ---- | C] () -- C:\Users\Gary\Desktop\Soundgarden - Fell On Black Days (Lyrics) - YouTube.URL
[2013/09/11 23:39:36 | 000,000,308 | ---- | C] () -- C:\Users\Gary\Desktop\duplicate emails.URL
[2013/09/11 22:05:55 | 000,000,248 | ---- | C] () -- C:\Users\Gary\Desktop\2005 Z71 Chevy Tahoe.URL
[2013/09/11 21:31:35 | 000,000,245 | ---- | C] () -- C:\Users\Gary\Desktop\2003 Chevy Tahoe 4x4 Loaded!.URL
[2013/09/11 20:44:23 | 000,000,815 | ---- | C] () -- C:\Users\Gary\Desktop\JimsList.lnk
[2013/09/11 19:06:39 | 000,000,227 | ---- | C] () -- C:\Users\Gary\Desktop\JeepsUnlimited.com Forums - Powered by vBulletin.URL
[2013/09/10 14:08:14 | 000,001,783 | ---- | C] () -- C:\Users\Gary\Desktop\Amazing Slow Downer.lnk
[2013/09/09 13:24:02 | 000,000,291 | ---- | C] () -- C:\Users\Gary\Desktop\Infected computer.URL
[2013/09/08 12:14:55 | 000,001,927 | ---- | C] () -- C:\Users\Gary\Desktop\Dashlane.lnk
[2013/09/08 12:06:34 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/08 11:47:11 | 000,001,936 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/09/08 11:47:11 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/09/08 11:47:11 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/09/08 11:38:03 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/09/08 10:54:22 | 000,720,402 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2013/09/08 10:49:11 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/08 09:18:35 | 000,000,104 | ---- | C] () -- C:\Users\Gary\Desktop\Computer - Shortcut - Copy.lnk
[2013/09/08 09:16:22 | 000,000,233 | ---- | C] () -- C:\Users\Gary\Desktop\Urban Dictionary awnry - Copy.URL
[2013/09/07 20:41:36 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/07 19:40:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/09/07 16:34:34 | 3220,516,864 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/07 15:36:29 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013/09/07 15:28:32 | 000,031,232 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/07 15:23:15 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/09/07 15:21:30 | 000,000,954 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/07 15:17:24 | 000,000,923 | ---- | C] () -- C:\Users\Gary\Desktop\Wing Girl.website
[2013/09/07 15:17:24 | 000,000,356 | ---- | C] () -- C:\Users\Gary\Desktop\Vintage Harley Davidson Panhead Shovelhead Hard Saddlebags Mounting Brackets eBay.URL
[2013/09/07 15:17:24 | 000,000,244 | ---- | C] () -- C:\Users\Gary\Desktop\United Auto Workers Local 1268 Committeeperson and Chief Stewards (2).URL
[2013/09/07 15:17:24 | 000,000,241 | ---- | C] () -- C:\Users\Gary\Desktop\Street_Motorcycle_Tips_2010.pdf.URL
[2013/09/07 15:17:24 | 000,000,241 | ---- | C] () -- C:\Users\Gary\Desktop\Street_Motorcycle_Tips_2010.pdf (2).URL
[2013/09/07 15:17:24 | 000,000,233 | ---- | C] () -- C:\Users\Gary\Desktop\Urban Dictionary awnry (2).URL
[2013/09/07 15:17:24 | 000,000,215 | ---- | C] () -- C:\Users\Gary\Desktop\PUA Articles PUA Forums.URL
[2013/09/07 15:17:24 | 000,000,215 | ---- | C] () -- C:\Users\Gary\Desktop\PUA Articles PUA Forums (2).URL
[2013/09/07 15:17:23 | 001,093,702 | ---- | C] () -- C:\Users\Gary\Desktop\20130820_130540_1.jpeg
[2013/09/07 15:17:23 | 000,190,732 | ---- | C] () -- C:\Users\Gary\Desktop\Groucho.jpg
[2013/09/07 15:17:23 | 000,102,564 | ---- | C] () -- C:\Users\Gary\Desktop\bianca-beauchamp-870535.jpg
[2013/09/07 15:17:23 | 000,039,305 | ---- | C] () -- C:\Users\Gary\Desktop\00V0V_9UDIwRkiBaX_600x450.jpg
[2013/09/07 15:17:23 | 000,037,528 | ---- | C] () -- C:\Users\Gary\Desktop\00a0a_b4h8YTfgSJF_600x450.jpg
[2013/09/07 15:17:23 | 000,000,857 | ---- | C] () -- C:\Users\Gary\Desktop\firefox.lnk
[2013/09/07 15:17:23 | 000,000,542 | ---- | C] () -- C:\Users\Gary\Desktop\blueberry cheesecake topping - Shortcut.lnk
[2013/09/07 15:17:23 | 000,000,542 | ---- | C] () -- C:\Users\Gary\Desktop\blueberry cheesecake topping - Shortcut (2).lnk
[2013/09/07 15:17:23 | 000,000,532 | ---- | C] () -- C:\Users\Gary\Desktop\cheesecake fall prevention - Shortcut.lnk
[2013/09/07 15:17:23 | 000,000,507 | ---- | C] () -- C:\Users\Gary\Desktop\mandarin orange salad - Shortcut (2).lnk
[2013/09/07 15:17:23 | 000,000,366 | ---- | C] () -- C:\Users\Gary\Desktop\Harley-Davidson Other in Harley-Davidson eBay Motorcycles.URL
[2013/09/07 15:17:23 | 000,000,343 | ---- | C] () -- C:\Users\Gary\Desktop\Harley-Davidson Touring in Harley-Davidson eBay Motorcycles.URL
[2013/09/07 15:17:23 | 000,000,320 | ---- | C] () -- C:\Users\Gary\Desktop\bike one.URL
[2013/09/07 15:17:23 | 000,000,299 | ---- | C] () -- C:\Users\Gary\Desktop\HD Factory Workshop Manuals - Harley Davidson Forums Harley Davidson Motorcycle Forum (2).URL
[2013/09/07 15:17:23 | 000,000,284 | ---- | C] () -- C:\Users\Gary\Desktop\eBay checkout - Success.URL
[2013/09/07 15:17:23 | 000,000,257 | ---- | C] () -- C:\Users\Gary\Desktop\GOMEZ Jersey; 2011-2013 Germany 23 GOMEZ Home Jersey.URL
[2013/09/07 15:17:23 | 000,000,252 | ---- | C] () -- C:\Users\Gary\Desktop\61103 Weather Forecast from Weather Underground.URL
[2013/09/07 15:17:23 | 000,000,233 | ---- | C] () -- C:\Users\Gary\Desktop\1971 Harley Davidson FLH.URL
[2013/09/07 15:17:23 | 000,000,230 | ---- | C] () -- C:\Users\Gary\Desktop\1974 HARLEY FLH ELECTRA GLIDE. TRADES.URL
[2013/09/07 15:17:23 | 000,000,230 | ---- | C] () -- C:\Users\Gary\Desktop\1974 HARLEY FLH ELECTRA GLIDE. TRADES (2).URL
[2013/09/07 15:17:23 | 000,000,208 | ---- | C] () -- C:\Users\Gary\Desktop\Alpine Bank.URL
[2013/09/07 15:17:23 | 000,000,206 | ---- | C] () -- C:\Users\Gary\Desktop\Facebook.URL
[2013/09/07 15:17:23 | 000,000,104 | ---- | C] () -- C:\Users\Gary\Desktop\E-mail - Shortcut.lnk
[2013/09/07 15:15:19 | 000,000,960 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/07 15:15:17 | 000,000,955 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/09/07 15:15:06 | 000,000,926 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013/09/07 15:14:58 | 000,000,680 | ---- | C] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat
[2013/09/07 15:14:57 | 000,000,258 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/07 15:14:57 | 000,000,240 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/07 15:14:23 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
[2013/09/07 03:22:40 | 000,000,128 | ---- | C] () -- C:\Windows\System32\drivers\GATEWAY_FX541S_1.0_ToBeFilledByO.E.M..MRK
[2013/09/07 03:22:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\GATEWAY_FX541S_1.0_1102159029.MRK
[2013/09/07 03:19:42 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2013/09/07 03:18:52 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2013/09/07 03:18:43 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2013/09/07 03:16:56 | 000,024,536 | ---- | C] () -- C:\Windows\System32\gateway.bmp
[2013/09/07 03:10:16 | 000,001,864 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2013/09/07 03:07:10 | 000,000,002 | RHS- | C] () -- C:\USER
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/09/08 12:15:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Dashlane
[2013/09/11 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Jim's Cheap Software
[2013/09/07 15:15:00 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SampleView
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/09/13 01:51:56 | 000,000,237 | ---- | M] ()(C:\Users\Gary\Desktop\? MARILYN MANSON - Slo-Mo-Tion [OFFICIAL VIDEO] - YouTube.URL) -- C:\Users\Gary\Desktop\▶ MARILYN MANSON - Slo-Mo-Tion [OFFICIAL VIDEO] - YouTube.URL
[2013/09/13 01:51:56 | 000,000,237 | ---- | C] ()(C:\Users\Gary\Desktop\? MARILYN MANSON - Slo-Mo-Tion [OFFICIAL VIDEO] - YouTube.URL) -- C:\Users\Gary\Desktop\▶ MARILYN MANSON - Slo-Mo-Tion [OFFICIAL VIDEO] - YouTube.URL
[2013/09/13 01:31:26 | 000,000,237 | ---- | M] ()(C:\Users\Gary\Desktop\? Foreigner - I wanna know what love is video - YouTube.URL) -- C:\Users\Gary\Desktop\▶ Foreigner - I wanna know what love is video - YouTube.URL
[2013/09/13 01:31:26 | 000,000,237 | ---- | C] ()(C:\Users\Gary\Desktop\? Foreigner - I wanna know what love is video - YouTube.URL) -- C:\Users\Gary\Desktop\▶ Foreigner - I wanna know what love is video - YouTube.URL

< End of report >
 


OTL Extras logfile created on: 9/16/2013 11:48:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gary\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.46% Memory free
6.22 Gb Paging File | 5.54 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.59 Gb Total Space | 369.28 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 6.26 Gb Free Space | 61.56% Space Free | Partition Type: NTFS
Drive K: | 186.31 Gb Total Space | 183.84 Gb Free Space | 98.68% Space Free | Partition Type: NTFS
 
Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F372BF41-0979-458B-946E-09CA98E37AEA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{608B9A1D-F598-4852-B10C-1C9706F65F19}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CBBA41F3-2A2A-4E30-8031-052ACE08DF22}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8909AAD-86DD-4012-BAB4-5230878AA1F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F1AFC770-B67C-436C-B79E-E0468EF1FA34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF30A235-8F6F-4AD4-8728-28D372C971FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belarc Advisor" = Belarc Advisor 8.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JimsList" = JimsList
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/16/2013 11:29:42 AM | Computer Name = Gary-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/16/2013 11:53:22 AM | Computer Name = Gary-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 9/16/2013 11:28:01 AM | Computer Name = Gary-PC | Source = HTTP | ID = 15016
Description =
 
Error - 9/16/2013 11:51:43 AM | Computer Name = Gary-PC | Source = HTTP | ID = 15016
Description =
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users