Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible browser hijacker? [Solved]

Started by InKane , Apr 30 2010 08:00 PM

  • This topic is locked This topic is locked

#1
InKane
Posted 30 April 2010 - 08:00 PM

InKane

    New Member

  • Member
  • Pip
  • 8 posts
Hi,
I started randomly having problems where certain pages will not load in ANY browser (Firefox, Chrome, Opera, etc). For example, I am a member of a GPT (get paid to) site, and whenever I try to do any paid-to-click offers, rather than seeing the usual ad, I get a "Page not found" error. I know that these work, because other members of the site are not having a problem.

The only 'spyware encouraging' thing I've downloaded was GameVance, which comes with an adware warning. However, I have done these in the past and haven't encountered any problems. I ran SuperAntiSpyware and MalwareBytes which both found a couple trojans/browser highjackers, but now they both say that I'm clean but the problem hasn't gone away. Here is my hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:02 PM, on 4/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\AdamLaptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://ccaswifi.cam.../auth/taweb.cab
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://ccaswifi.cam...th/CCALogin.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B718F3-2247-46B6-BAFB-F4D950932382}: NameServer = 68.87.71.226,68.87.73.242
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10532 bytes




Any help would be appreciated, thank you.
  • 0

Advertisements

#2
mpascal
Posted 02 May 2010 - 03:56 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi InKane,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please follow the instructions found in the Malware and Spyware Cleaning Guide, and post back with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log
If you find you can't do one of the steps listed, simply make note of it and move on to the next one.
  • 0

#3
InKane
Posted 03 May 2010 - 06:46 PM

InKane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I apologize for not including these in my first post. Anyhow, here are the logs:

MalwareBytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4063

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/3/2010 8:14:37 PM
mbam-log-2010-05-03 (20-14-37).txt

Scan type: Quick scan
Objects scanned: 127650
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL
OTL logfile created on: 5/3/2010 8:36:22 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\AdamLaptop\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 114.64 Gb Free Space | 52.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 2.03 Gb Free Space | 54.48% Space Free | Partition Type: FAT
Drive F: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 14.65 Gb Total Space | 9.64 Gb Free Space | 65.79% Space Free | Partition Type: NTFS

Computer Name: ADAMLAPTOP-PC
Current User Name: AdamLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/03 19:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\AdamLaptop\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/31 12:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/07 00:21:10 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/21 21:35:12 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
PRC - [2006/10/27 17:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/03 19:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\AdamLaptop\Desktop\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/07 04:00:56 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2007/04/06 00:42:14 | 000,077,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV:64bit: - [2007/02/08 07:24:26 | 000,018,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/24 22:25:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/11/21 21:35:12 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/14 19:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/02/11 00:56:30 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/20 05:14:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 07:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/13 16:01:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/16 17:02:26 | 000,000,000 | ---D | M]

[2010/01/18 17:34:22 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Extensions
[2010/05/03 06:37:16 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\2l4jwizm.default\extensions
[2010/03/09 01:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\2l4jwizm.default\extensions\{300B27DF-97E5-4219-AB2B-03AA67D5D557}
[2010/01/18 17:36:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\2l4jwizm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/01 04:01:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\2l4jwizm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/06 20:37:57 | 000,001,836 | ---- | M] () -- C:\Users\AdamLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\2l4jwizm.default\searchplugins\bing-ff.xml
[2010/04/30 06:06:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/16 17:02:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/12 16:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/01/18 19:28:10 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\AdamLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://ccaswifi.cam.../auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://ccaswifi.cam...th/CCALogin.CAB (CCAWebLogin Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/10 18:09:09 | 000,000,111 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell - "" = AutoRun
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2003/09/02 16:33:27 | 000,860,229 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell\setup\command - "" = F:\SETUP.EXE -- [2003/09/02 16:33:27 | 000,860,229 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/03 19:52:55 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\AdamLaptop\Desktop\OTL.exe
[2010/04/30 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2010/04/29 01:16:02 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\skypePM
[2010/04/29 01:13:07 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Skype
[2010/04/29 01:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/04/28 21:21:10 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Desktop\surveys
[2010/04/17 23:20:49 | 000,000,000 | ---D | C] -- C:\DeusEx
[2010/04/16 17:18:27 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll
[2010/04/16 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine
[2010/04/16 17:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/16 17:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/13 22:04:02 | 000,000,000 | R--D | C] -- C:\Users\AdamLaptop\Virtual Machines
[2010/04/13 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2010/04/13 21:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2010/04/13 06:28:58 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/04/05 06:16:27 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Desktop\Omniconvert
[2010/03/29 21:56:57 | 000,000,000 | ---D | C] -- C:\Textures
[2010/03/27 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Desktop\YSMenu
[2010/03/26 22:34:01 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Desktop\r4ysauto
[2010/03/26 22:27:18 | 000,000,000 | ---D | C] -- C:\YSMenu
[2010/03/26 22:17:23 | 000,000,000 | ---D | C] -- C:\dsbackup
[2010/03/26 19:51:59 | 000,000,000 | ---D | C] -- C:\Satourne
[2010/03/26 18:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2010/03/24 22:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/03/24 22:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/03/24 22:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/03/24 22:29:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/03/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/03/23 22:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Window Manager
[2010/03/23 22:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chameleon
[2010/03/23 15:45:48 | 000,000,000 | ---D | C] -- C:\AIDA32
[2010/03/21 18:56:14 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010/03/21 18:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010/03/21 18:49:35 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010/03/21 18:49:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010/03/21 18:49:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010/03/21 18:49:35 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010/03/21 18:49:34 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010/03/21 18:49:34 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010/03/21 18:49:34 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010/03/21 18:49:34 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010/03/21 18:49:33 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010/03/21 18:49:33 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010/03/21 18:49:33 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010/03/21 18:49:32 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010/03/21 18:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010/03/17 07:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[2010/03/17 06:03:23 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\PowerDVD DX
[2010/03/17 06:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/03/15 23:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWinner.com
[2010/03/15 21:17:36 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Desktop\hoverbox
[2010/03/15 06:20:41 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\Microsoft Games
[2010/03/15 05:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SCi
[2010/03/12 17:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010/03/09 01:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Task Killer
[2010/03/08 19:58:52 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\MISFITS - 2009 - Land Of The Dead
[2010/03/08 19:58:39 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Misfits 1977 - 2003
[2010/03/08 19:58:19 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\The Misfits - Full Discography [15 albums-covers-lyrics] [ReSeed]
[2010/03/07 19:16:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2010/03/07 19:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wowd
[2010/03/07 04:01:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/07 04:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/05 04:59:55 | 000,000,000 | ---D | C] -- C:\Eye Candy
[2010/03/05 03:27:22 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Notepad++
[2010/03/05 03:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/03/05 03:25:43 | 000,000,000 | ---D | C] -- C:\Website
[2010/02/28 06:33:42 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Reallusion
[2010/02/28 06:29:34 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Dell WebCam Central
[2010/02/28 06:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010/02/28 06:29:33 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Creative
[2010/02/26 01:19:53 | 000,000,000 | ---D | C] -- C:\SimpleGPT
[2010/02/24 07:48:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/02/24 07:48:43 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\XBMC
[2010/02/24 07:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2010/02/24 01:22:52 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Furcadia
[2010/02/23 17:18:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/23 17:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Forefront
[2010/02/23 17:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront
[2010/02/23 17:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/23 17:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco
[2010/02/19 16:53:07 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Apple Computer
[2010/02/19 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/02/19 01:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plugins
[2010/02/19 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/02/19 01:02:19 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Winamp
[2010/02/19 01:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/02/19 00:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2010/02/18 23:39:36 | 000,000,000 | ---D | C] -- C:\Music
[2010/02/18 23:06:09 | 000,000,000 | ---D | C] -- C:\No Mercy
[2010/02/18 23:03:06 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Imagenomic
[2010/02/18 23:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imagenomic
[2010/02/16 07:40:07 | 000,000,000 | ---D | C] -- C:\carma
[2010/02/15 16:54:32 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Alcohol 120%
[2010/02/15 05:53:10 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\Apple Computer
[2010/02/15 05:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAME Classic
[2010/02/15 04:42:05 | 000,000,000 | ---D | C] -- C:\wwfiyh
[2010/02/14 23:48:55 | 000,000,000 | ---D | C] -- C:\dx
[2010/02/14 23:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pcsx2
[2010/02/14 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\AdobeStockPhotos
[2010/02/14 02:54:31 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Jasc
[2010/02/13 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Updater
[2010/02/13 20:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010/02/13 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010/02/13 20:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2010/02/12 23:10:38 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\DOSBox
[2010/02/12 17:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010/02/12 17:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.73
[2010/02/11 00:21:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/02/10 18:47:43 | 000,000,000 | ---D | C] -- C:\College
[2010/02/10 18:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/02/10 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/02/10 18:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/02/10 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010/02/10 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator
[2010/02/10 18:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server 2005 Mobile Edition
[2010/02/10 18:12:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[2010/02/10 18:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2010/02/10 18:07:42 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Visual Studio 2005
[2010/02/10 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/02/10 18:07:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2010/02/10 06:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/02/10 06:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/02/10 06:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/02/10 06:14:19 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\Apple
[2010/02/10 06:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/02/10 06:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/02/10 06:06:33 | 000,000,000 | ---D | C] -- C:\Sega
[2010/02/10 05:34:41 | 000,000,000 | ---D | C] -- C:\reddragon
[2010/02/10 05:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sega
[2010/02/09 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Corel
[2010/02/09 23:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/02/09 23:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/02/07 18:46:09 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Opera
[2010/02/07 18:46:09 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Local\Opera
[2010/02/07 04:16:15 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\Documents\Rockstar Games
[2010/02/07 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\Malwarebytes
[2010/02/07 00:23:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/07 00:23:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/07 00:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/07 00:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/07 00:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/07 00:20:10 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/07 00:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/07 00:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 00:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2010/02/05 23:46:24 | 000,000,000 | ---D | C] -- C:\Emulators
[2010/02/05 23:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAME32k
[2010/02/05 01:27:53 | 000,000,000 | ---D | C] -- C:\Windows\USB Vibration
[2010/02/05 01:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Vibration
[2010/02/03 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\AdamLaptop\AppData\Roaming\GeoVid
[2010/02/03 04:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\GeoVid
[2010/02/02 23:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/02/02 22:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR11
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/03 20:38:25 | 003,670,016 | -HS- | M] () -- C:\Users\AdamLaptop\NTUSER.DAT
[2010/05/03 20:00:21 | 000,779,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/03 20:00:21 | 000,663,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/03 20:00:21 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/03 19:55:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491106328-1535009055-761875251-1001UA.job
[2010/05/03 19:53:15 | 000,293,376 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\pmy5yvzc.exe
[2010/05/03 19:53:03 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\AdamLaptop\Desktop\OTL.exe
[2010/05/03 19:48:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/03 04:09:40 | 000,007,605 | ---- | M] () -- C:\Users\AdamLaptop\AppData\Local\Resmon.ResmonCfg
[2010/05/02 23:55:03 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491106328-1535009055-761875251-1001Core.job
[2010/05/01 03:19:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/01 03:19:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 21:44:53 | 000,003,021 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\HiJackThis.lnk
[2010/04/30 18:49:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/30 18:48:47 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/30 18:47:52 | 002,443,137 | -H-- | M] () -- C:\Users\AdamLaptop\AppData\Local\IconCache.db
[2010/04/30 05:41:42 | 000,711,168 | ---- | M] () -- C:\Windows\is-I03J2.exe
[2010/04/30 05:41:42 | 000,010,562 | ---- | M] () -- C:\Windows\is-I03J2.msg
[2010/04/30 05:41:42 | 000,000,373 | ---- | M] () -- C:\Windows\is-I03J2.lst
[2010/04/29 23:50:42 | 000,002,285 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\Google Chrome.lnk
[2010/04/29 17:16:19 | 000,037,888 | ---- | M] () -- C:\Users\AdamLaptop\Documents\adolescent final.doc
[2010/04/29 17:14:43 | 000,017,339 | ---- | M] () -- C:\Users\AdamLaptop\Documents\adolescent final.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 03:50:41 | 000,000,448 | ---- | M] () -- C:\Windows\win.ini
[2010/04/29 03:50:41 | 000,000,262 | ---- | M] () -- C:\Windows\system.ini
[2010/04/29 01:16:03 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/28 22:41:48 | 000,705,024 | ---- | M] () -- C:\Users\AdamLaptop\Documents\santrockadol13ppt_ch10.ppt
[2010/04/28 22:41:44 | 000,429,056 | ---- | M] () -- C:\Users\AdamLaptop\Documents\santrockadol13ppt_ch09.ppt
[2010/04/26 22:12:21 | 000,018,971 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Adam LaFerney.docx
[2010/04/21 23:11:39 | 000,145,954 | ---- | M] () -- C:\Users\AdamLaptop\Documents\menubar.png
[2010/04/19 17:50:16 | 000,000,875 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Image5.gif
[2010/04/16 17:18:37 | 000,000,985 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\Cheat Engine.lnk
[2010/04/16 16:06:17 | 000,224,115 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps9.png
[2010/04/16 16:06:02 | 000,766,340 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps8.png
[2010/04/16 16:05:23 | 000,113,553 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps7.png
[2010/04/16 16:05:01 | 000,058,614 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps6.png
[2010/04/16 16:04:50 | 000,127,582 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps4.png
[2010/04/16 15:59:20 | 000,061,510 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps3.png
[2010/04/16 15:58:02 | 000,664,537 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps2.png
[2010/04/16 15:57:39 | 000,028,514 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ps1.png
[2010/04/16 15:54:41 | 000,562,956 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi9.png
[2010/04/16 15:54:16 | 000,900,149 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi8.png
[2010/04/16 15:53:53 | 000,909,365 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi7.png
[2010/04/16 15:53:03 | 000,527,928 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi6,png.png
[2010/04/16 15:52:34 | 001,094,649 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi5.png
[2010/04/16 15:52:23 | 001,166,067 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi4.png
[2010/04/16 15:50:42 | 001,089,202 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi3.png
[2010/04/16 15:50:33 | 000,798,117 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi2.png
[2010/04/16 15:50:24 | 000,973,350 | ---- | M] () -- C:\Users\AdamLaptop\Documents\sushi1.png
[2010/04/14 17:08:36 | 000,012,316 | ---- | M] () -- C:\Users\AdamLaptop\Documents\case.docx
[2010/04/13 06:31:50 | 000,000,075 | ---- | M] () -- C:\Users\AdamLaptop\jagex_runescape_preferences2.dat
[2010/04/13 06:31:02 | 000,000,041 | ---- | M] () -- C:\Users\AdamLaptop\jagex_runescape_preferences.dat
[2010/04/13 06:30:49 | 000,000,000 | ---- | M] () -- C:\Users\AdamLaptop\jagex__preferences3.dat
[2010/04/08 16:14:01 | 000,021,256 | ---- | M] () -- C:\Users\AdamLaptop\Documents\goldust.png
[2010/04/08 04:57:40 | 000,011,264 | ---- | M] () -- C:\Users\AdamLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 21:11:48 | 000,017,025 | ---- | M] () -- C:\Users\AdamLaptop\Documents\drugsessay.docx
[2010/03/30 04:51:38 | 000,027,648 | -H-- | M] () -- C:\Users\AdamLaptop\Desktop\WebpageManipulation.suo
[2010/03/25 16:43:38 | 002,310,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/24 22:39:02 | 000,098,192 | ---- | M] () -- C:\Users\AdamLaptop\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 22:33:25 | 000,000,993 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\Auto Window Manager.lnk
[2010/03/20 20:50:45 | 000,001,468 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\Project64.lnk
[2010/03/17 20:43:17 | 000,106,496 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Suicide.ppt
[2010/03/17 20:43:09 | 000,066,535 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Suicide.pptx
[2010/03/17 07:03:00 | 000,001,963 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\psx emulation cheater.lnk
[2010/03/16 21:38:56 | 000,000,964 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\ePSXe.lnk
[2010/03/16 20:40:01 | 000,001,887 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\CCleaner.lnk
[2010/03/08 21:41:20 | 000,251,767 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ignored.png
[2010/03/08 19:58:52 | 000,003,375 | ---- | M] () -- C:\Users\AdamLaptop\Documents\MISFITS - 2009 - Land Of The Dead.torrent
[2010/03/08 19:58:39 | 000,074,491 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Misfits 1977 - 2003.torrent
[2010/03/08 19:58:19 | 000,039,196 | ---- | M] () -- C:\Users\AdamLaptop\Documents\The Misfits - Full Discography [15 albums-covers-lyrics] [ReSeed].torrent
[2010/03/07 17:30:30 | 000,130,354 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cc_20100307_163021.reg
[2010/02/23 22:23:22 | 000,049,064 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpc3.png
[2010/02/23 22:20:33 | 000,031,463 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpcsub.png
[2010/02/23 22:17:22 | 000,076,977 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpc2.png
[2010/02/23 22:16:27 | 000,044,171 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpc.png
[2010/02/22 23:33:23 | 000,063,772 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ygprob.png
[2010/02/22 21:46:02 | 000,023,376 | ---- | M] () -- C:\Users\AdamLaptop\Documents\ygz.png
[2010/02/22 21:14:15 | 000,993,333 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpc5.png
[2010/02/22 21:13:47 | 000,314,080 | ---- | M] () -- C:\Users\AdamLaptop\Documents\cpc4.png
[2010/02/18 23:00:37 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/02/15 00:22:10 | 001,206,095 | ---- | M] () -- C:\Users\AdamLaptop\Documents\yeah.png
[2010/02/13 20:36:47 | 000,001,383 | ---- | M] () -- C:\Users\AdamLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/02/11 01:27:54 | 000,005,156 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/02/11 01:08:16 | 000,152,600 | ---- | M] () -- C:\Windows\SysNative\difx64.exe
[2010/02/11 00:27:38 | 000,102,380 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/02/11 00:27:38 | 000,101,267 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/02/11 00:27:36 | 000,119,498 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/02/11 00:27:34 | 000,188,052 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/02/11 00:27:34 | 000,117,708 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/02/11 00:27:32 | 000,112,701 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/02/11 00:27:30 | 000,163,802 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/02/11 00:27:30 | 000,116,410 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/02/11 00:27:28 | 000,117,404 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/02/11 00:27:26 | 000,118,737 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/02/11 00:27:26 | 000,116,799 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/02/11 00:27:24 | 000,117,941 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/02/11 00:27:22 | 000,121,633 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/02/11 00:27:22 | 000,113,210 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/02/11 00:27:20 | 000,134,790 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/02/11 00:27:18 | 000,123,921 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/02/11 00:27:16 | 000,132,112 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/02/11 00:27:16 | 000,117,919 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/02/11 00:27:14 | 000,119,142 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/02/11 00:27:12 | 000,121,312 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/02/11 00:27:12 | 000,117,032 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/02/11 00:27:10 | 000,176,762 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/02/11 00:27:08 | 000,121,077 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/02/11 00:27:08 | 000,112,605 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/02/11 00:27:06 | 000,117,117 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/02/11 00:27:04 | 000,138,293 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/02/11 00:26:48 | 000,108,574 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/02/11 00:21:48 | 000,004,096 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2010/02/10 19:19:09 | 000,001,348 | ---- | M] () -- C:\Users\AdamLaptop\Desktop\Microsoft Visual Studio 2005.lnk
[2010/02/10 18:22:28 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/10 18:13:54 | 000,000,172 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/02/10 05:24:25 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/02/10 03:26:48 | 000,000,895 | ---- | M] () -- C:\Windows\Qiii.INI
[2010/02/09 23:52:55 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/09 23:49:27 | 000,000,008 | RHS- | M] () -- C:\Windows\SysWow64\B422402994.sys
[2010/02/09 03:24:47 | 000,113,410 | ---- | M] () -- C:\Users\AdamLaptop\Documents\hoganface.png
[2010/02/09 03:24:37 | 000,126,626 | ---- | M] () -- C:\Users\AdamLaptop\Documents\hoganbody.png
[2010/02/07 17:55:25 | 000,011,713 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Staunton Farm Foundation.docx
[2010/02/07 17:41:29 | 000,009,874 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Doc2.docx
[2010/02/07 02:38:15 | 001,115,058 | ---- | M] () -- C:\Users\AdamLaptop\Documents\Project64.cht
[2010/02/04 00:36:00 | 000,005,357 | ---- | M] () -- C:\Users\AdamLaptop\Documents\adam.blt
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/03 19:53:12 | 000,293,376 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\pmy5yvzc.exe
[2010/05/03 04:09:40 | 000,007,605 | ---- | C] () -- C:\Users\AdamLaptop\AppData\Local\Resmon.ResmonCfg
[2010/05/01 16:51:36 | 000,293,376 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\gmer.exe
[2010/04/30 21:44:53 | 000,003,021 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\HiJackThis.lnk
[2010/04/30 05:41:42 | 000,010,562 | ---- | C] () -- C:\Windows\is-I03J2.msg
[2010/04/30 05:41:42 | 000,000,373 | ---- | C] () -- C:\Windows\is-I03J2.lst
[2010/04/30 05:41:41 | 000,711,168 | ---- | C] () -- C:\Windows\is-I03J2.exe
[2010/04/29 23:50:42 | 000,002,285 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\Google Chrome.lnk
[2010/04/29 23:50:07 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491106328-1535009055-761875251-1001UA.job
[2010/04/29 23:50:07 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2491106328-1535009055-761875251-1001Core.job
[2010/04/29 17:16:18 | 000,037,888 | ---- | C] () -- C:\Users\AdamLaptop\Documents\adolescent final.doc
[2010/04/29 01:16:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/28 22:41:47 | 000,705,024 | ---- | C] () -- C:\Users\AdamLaptop\Documents\santrockadol13ppt_ch10.ppt
[2010/04/28 22:41:43 | 000,429,056 | ---- | C] () -- C:\Users\AdamLaptop\Documents\santrockadol13ppt_ch09.ppt
[2010/04/28 22:27:52 | 000,017,339 | ---- | C] () -- C:\Users\AdamLaptop\Documents\adolescent final.docx
[2010/04/26 21:06:16 | 000,018,971 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Adam LaFerney.docx
[2010/04/21 23:11:39 | 000,145,954 | ---- | C] () -- C:\Users\AdamLaptop\Documents\menubar.png
[2010/04/19 17:50:16 | 000,000,875 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Image5.gif
[2010/04/16 17:18:37 | 000,000,985 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\Cheat Engine.lnk
[2010/04/16 17:18:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/04/16 16:06:16 | 000,224,115 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps9.png
[2010/04/16 16:06:01 | 000,766,340 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps8.png
[2010/04/16 16:05:23 | 000,113,553 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps7.png
[2010/04/16 16:05:01 | 000,058,614 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps6.png
[2010/04/16 16:04:50 | 000,127,582 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps4.png
[2010/04/16 15:59:19 | 000,061,510 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps3.png
[2010/04/16 15:58:01 | 000,664,537 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps2.png
[2010/04/16 15:57:39 | 000,028,514 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ps1.png
[2010/04/16 15:54:40 | 000,562,956 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi9.png
[2010/04/16 15:54:16 | 000,900,149 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi8.png
[2010/04/16 15:53:52 | 000,909,365 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi7.png
[2010/04/16 15:53:03 | 000,527,928 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi6,png.png
[2010/04/16 15:52:33 | 001,094,649 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi5.png
[2010/04/16 15:52:23 | 001,166,067 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi4.png
[2010/04/16 15:50:41 | 001,089,202 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi3.png
[2010/04/16 15:50:32 | 000,798,117 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi2.png
[2010/04/16 15:50:23 | 000,973,350 | ---- | C] () -- C:\Users\AdamLaptop\Documents\sushi1.png
[2010/04/14 16:45:42 | 000,012,316 | ---- | C] () -- C:\Users\AdamLaptop\Documents\case.docx
[2010/04/13 06:30:49 | 000,000,075 | ---- | C] () -- C:\Users\AdamLaptop\jagex_runescape_preferences2.dat
[2010/04/13 06:30:49 | 000,000,000 | ---- | C] () -- C:\Users\AdamLaptop\jagex__preferences3.dat
[2010/04/13 06:29:15 | 000,000,041 | ---- | C] () -- C:\Users\AdamLaptop\jagex_runescape_preferences.dat
[2010/04/08 16:14:01 | 000,021,256 | ---- | C] () -- C:\Users\AdamLaptop\Documents\goldust.png
[2010/04/05 20:47:58 | 000,017,025 | ---- | C] () -- C:\Users\AdamLaptop\Documents\drugsessay.docx
[2010/03/30 04:13:53 | 000,027,648 | -H-- | C] () -- C:\Users\AdamLaptop\Desktop\WebpageManipulation.suo
[2010/03/24 20:30:40 | 000,899,942 | ---- | C] () -- C:\Windows\SysNative\oem4.inf
[2010/03/23 22:33:25 | 000,000,993 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\Auto Window Manager.lnk
[2010/03/21 18:56:14 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/03/21 18:49:35 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010/03/21 18:49:34 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010/03/21 18:49:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010/03/21 18:49:34 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010/03/21 18:49:33 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010/03/21 18:49:32 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010/03/21 18:49:32 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010/03/21 18:49:32 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010/03/17 20:43:16 | 000,106,496 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Suicide.ppt
[2010/03/17 20:24:36 | 000,066,535 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Suicide.pptx
[2010/03/17 07:03:00 | 000,001,963 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\psx emulation cheater.lnk
[2010/03/16 21:38:56 | 000,000,964 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\ePSXe.lnk
[2010/03/08 21:41:20 | 000,251,767 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ignored.png
[2010/03/08 19:58:52 | 000,003,375 | ---- | C] () -- C:\Users\AdamLaptop\Documents\MISFITS - 2009 - Land Of The Dead.torrent
[2010/03/08 19:58:39 | 000,074,491 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Misfits 1977 - 2003.torrent
[2010/03/08 19:58:19 | 000,039,196 | ---- | C] () -- C:\Users\AdamLaptop\Documents\The Misfits - Full Discography [15 albums-covers-lyrics] [ReSeed].torrent
[2010/03/07 17:30:23 | 000,130,354 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cc_20100307_163021.reg
[2010/02/23 22:20:33 | 000,031,463 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpcsub.png
[2010/02/22 23:33:23 | 000,063,772 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ygprob.png
[2010/02/22 21:46:02 | 000,023,376 | ---- | C] () -- C:\Users\AdamLaptop\Documents\ygz.png
[2010/02/22 21:14:14 | 000,993,333 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpc5.png
[2010/02/22 21:13:47 | 000,314,080 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpc4.png
[2010/02/22 21:13:15 | 000,049,064 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpc3.png
[2010/02/22 21:12:28 | 000,076,977 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpc2.png
[2010/02/22 21:11:54 | 000,044,171 | ---- | C] () -- C:\Users\AdamLaptop\Documents\cpc.png
[2010/02/22 06:02:11 | 000,001,468 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\Project64.lnk
[2010/02/18 23:00:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/02/15 00:22:10 | 001,206,095 | ---- | C] () -- C:\Users\AdamLaptop\Documents\yeah.png
[2010/02/13 20:36:47 | 000,001,383 | ---- | C] () -- C:\Users\AdamLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/02/11 01:27:54 | 000,005,156 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2010/02/11 01:08:16 | 000,152,600 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2010/02/11 00:27:38 | 000,102,380 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2010/02/11 00:27:38 | 000,101,267 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2010/02/11 00:27:36 | 000,119,498 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2010/02/11 00:27:34 | 000,188,052 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2010/02/11 00:27:34 | 000,117,708 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2010/02/11 00:27:32 | 000,112,701 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2010/02/11 00:27:30 | 000,163,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2010/02/11 00:27:30 | 000,116,410 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2010/02/11 00:27:28 | 000,117,404 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2010/02/11 00:27:26 | 000,118,737 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2010/02/11 00:27:26 | 000,116,799 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2010/02/11 00:27:24 | 000,117,941 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2010/02/11 00:27:22 | 000,121,633 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2010/02/11 00:27:22 | 000,113,210 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2010/02/11 00:27:20 | 000,134,790 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2010/02/11 00:27:18 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2010/02/11 00:27:16 | 000,132,112 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2010/02/11 00:27:16 | 000,117,919 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2010/02/11 00:27:14 | 000,119,142 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2010/02/11 00:27:12 | 000,121,312 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2010/02/11 00:27:12 | 000,117,032 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2010/02/11 00:27:10 | 000,176,762 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2010/02/11 00:27:08 | 000,121,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2010/02/11 00:27:08 | 000,112,605 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2010/02/11 00:27:06 | 000,117,117 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2010/02/11 00:27:04 | 000,138,293 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2010/02/11 00:26:48 | 000,108,574 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2010/02/10 19:19:09 | 000,001,348 | ---- | C] () -- C:\Users\AdamLaptop\Desktop\Microsoft Visual Studio 2005.lnk
[2010/02/10 18:22:28 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/10 18:13:54 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/10 05:24:25 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/02/09 23:49:27 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/02/09 23:49:27 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\B422402994.sys
[2010/02/09 03:24:47 | 000,113,410 | ---- | C] () -- C:\Users\AdamLaptop\Documents\hoganface.png
[2010/02/09 03:24:37 | 000,126,626 | ---- | C] () -- C:\Users\AdamLaptop\Documents\hoganbody.png
[2010/02/07 17:52:32 | 000,011,713 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Staunton Farm Foundation.docx
[2010/02/07 17:41:28 | 000,009,874 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Doc2.docx
[2010/02/07 02:38:14 | 001,115,058 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Project64.cht
[2010/02/06 00:39:38 | 005,158,610 | ---- | C] () -- C:\Users\AdamLaptop\Documents\Photo Fun 084.MOV
[2010/02/04 00:36:00 | 000,005,357 | ---- | C] () -- C:\Users\AdamLaptop\Documents\adam.blt
[2010/02/03 04:26:49 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/01/20 04:58:38 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2010/01/20 04:58:21 | 000,000,895 | ---- | C] () -- C:\Windows\Qiii.INI
[2010/01/20 03:41:30 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/01/20 03:41:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/20 03:41:29 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/01/20 03:41:29 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/01/20 03:41:28 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/01/20 03:41:27 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/15 02:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/15 02:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002/03/07 01:19:16 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll

========== LOP Check ==========

[2010/01/18 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\acccore
[2010/01/20 05:14:01 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\DAEMON Tools Pro
[2010/02/03 04:31:12 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\GeoVid
[2010/02/18 23:03:06 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Imagenomic
[2010/02/14 02:54:31 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Jasc
[2010/03/05 07:51:27 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Notepad++
[2010/02/07 18:46:09 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\Opera
[2010/05/01 16:25:36 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\uTorrent
[2010/02/26 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\AdamLaptop\AppData\Roaming\XBMC
[2010/04/22 20:44:49 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/03/23 07:17:52 | 111,311,619 | ---- | M] () -- C:\7. Sensation and Perception.wmv
[2009/11/15 03:49:19 | 000,003,317 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/04/30 18:48:47 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/01/18 17:36:19 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/04/30 18:48:49 | 3179,663,360 | -HS- | M] () -- C:\pagefile.sys
[2010/01/29 01:59:53 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >


I can't include a log from GMER, because I get the following error upon opening it: C:\Windows\system32\config\system: The system cannot find the file specified.

I am on Windows 7 x64, could that be why?

Edited by mpascal, 04 May 2010 - 09:17 AM.
removed code tags

  • 0

#4
mpascal
Posted 04 May 2010 - 09:30 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi InKane,

I am on Windows 7 x64, could that be why?

Yes, that is why you can't run GMER.

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell - "" = AutoRun
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2003/09/02 16:33:27 | 000,860,229 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{165b9f44-0625-11df-9770-00256473f60a}\Shell\setup\command - "" = F:\SETUP.EXE -- [2003/09/02 16:33:27 | 000,860,229 | R--- | M] (Microsoft Corporation)
[2010/02/15 04:42:05 | 000,000,000 | ---D | C] -- C:\wwfiyh
[2010/02/14 23:48:55 | 000,000,000 | ---D | C] -- C:\dx
[2010/04/29 01:16:03 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#5
InKane
Posted 04 May 2010 - 06:10 PM

InKane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did what you asked. Neither MBAM nor Kaspersky found anything, here are the logs anyway:

MalwareBytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/4/2010 3:41:58 PM
mbam-log-2010-05-04 (15-41-58).txt

Scan type: Quick scan
Objects scanned: 127577
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Tuesday, May 4, 2010
 Operating system: Microsoft  (build 7600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Tuesday, May 04, 2010 12:41:34
 Records in database: 4046283
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	F:\

Scan statistics:
	Objects scanned: 197454
	Threats found: 0
	Infected objects found: 0
	Suspicious objects found: 0
	Scan duration: 03:32:25

No threats found. Scanned area is clean.

Selected area has been scanned.

  • 0

#6
mpascal
Posted 04 May 2010 - 09:07 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Are you connected to a router or network that could be blocking the traffic?
  • 0

#7
InKane
Posted 05 May 2010 - 01:13 AM

InKane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am connected to a router, however the other two computers on this network can load those webpages just fine.

Edited by InKane, 05 May 2010 - 01:13 AM.

  • 0

#8
mpascal
Posted 05 May 2010 - 11:21 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
I don't see any malware problems. I suggest you start a new topic in the Networking forum and someone there will be better suited to help you out. Also mention in your post that your system doesn't have any malware problems.
  • 0

#9
InKane
Posted 05 May 2010 - 01:16 PM

InKane

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'll do that. Thank you for your help, mpascal!
  • 0

#10
mpascal
Posted 05 May 2010 - 02:12 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
No problem, if you want to get rid of the tools we have used just open up OTL and click on the Clean Up button. Good luck!
  • 0

#11
mpascal
Posted 11 May 2010 - 09:00 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP