[draven1198]

I'm not in front of my computer right now but here's the basic gist of what happened today.....

I was trying to navigate to the "First Years" website to provide a product review for my daughter's little bed thing we bought.... it sux by the way don't get one.

I googled the site.... everytime I tried to click on it I got redirected to some other BS.....whenever that would happen, norton would pop up on me saying it blocked an attack. I checked the log and it was some website in europe, the web address began with an "S" and it was well known.... I was pissed so I did a bit of searching around and saw that someone recomended running spydoctor, malwarebytes, hitman pro 3 and a few others. They said they had to run all of em to end up fixing the issue....

it's also worth noting that my cpu has been running crazy slow at times and all kinds of laggy.... I'm usually overclocked to 3.0ghz on my icore7 so I know it's not due to underpowah!!! plus when I watch my system monitor very seldom is the CPU being "stressed", rarely over 20%-30% usage and usually below 55C for temps.

spydoctor is a hack..... it runs but won't fix your system unless you buy it.... gay..... it found 75'ish and said it'd only fix 15 so I said okay... fix the 15 issues!

I ran hitman pro 3 next...... it updated and ran, then found quite a few files as well.... when it was done, it said it needed to reboot, so I said okay.... that's the last time my baby worked .....

Upon loading, the furthest I've gotten is to where windows "starts" to possibly load, then black, then restarts.... then it says "windows failed to start, run the startup recovery" or something like that. I ran it, it said it could not fix the errors and that I was pretty much feked....

I tried the system restore option from there..... no dice..... the system will NOT load.....

I can get to the post screen and at the restore point there is an option for cmd line but I'm retarded when it comes to code.....

I do not have a windows 7 disc, I bought my key online and used my buddies disc to install it.

I have access to the wife's laptop but it doesn't have a burner, all I have is a 2g usb drive and a 4g usb drive that are more like 1.7g and 3.8g since they always be lying on the packages!

any help in the matter is GREATLY appreciated.

[Advertisements]

Hi that may have been a bad move using hitman pro as it has a habit of deleting the winlogon file- which is required to boot. I will move this to the malware forum now

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

• 
  
  • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    
  • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    
  • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
• Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
  
  
  
  
• Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
  
  
  
  
• Please also decompress eeepcfr to your systemroot (usually C:\).
  
• Empty the flash drive you want to install OTLPE on.
  
• Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  
• Press any key when asked to in the black window that opens.
  
• As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
  For Drive Label: type in OTLPE.
  Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
  Finally check Enable File Copy.
  
  
  
  
  
• Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Now boot from the flash drive and run OTLPE

[*]Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
[*]As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads


[*]Your system should now display a Reatogo desktop.
Note : as you are running from USB it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked "Do you wish to load the remote registry", select Yes
[*]When asked "Do you wish to load remote user profile(s) for scanning", select Yes
[*]Ensure the box "Automatically Load All Remaining Users" is checked and press OK
[*]OTL should now start.
[*]In the custom scans box type in the following
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
[/list]

[Essexboy]

Hi that may have been a bad move using hitman pro as it has a habit of deleting the winlogon file- which is required to boot. I will move this to the malware forum now

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

• 
  
  • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    
  • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    
  • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
• Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
  
  
  
  
• Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:
  
  
  
  
• Please also decompress eeepcfr to your systemroot (usually C:\).
  
• Empty the flash drive you want to install OTLPE on.
  
• Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  
• Press any key when asked to in the black window that opens.
  
• As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
  For Drive Label: type in OTLPE.
  Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
  Finally check Enable File Copy.
  
  
  
  
  
• Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

Now boot from the flash drive and run OTLPE

[*]Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here
[*]As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads


[*]Your system should now display a Reatogo desktop.
Note : as you are running from USB it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked "Do you wish to load the remote registry", select Yes
[*]When asked "Do you wish to load remote user profile(s) for scanning", select Yes
[*]Ensure the box "Automatically Load All Remaining Users" is checked and press OK
[*]OTL should now start.
[*]In the custom scans box type in the following
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
[/list]

[draven1198]

usb_prep8 does not see my USB..... it will not let me select it... just says, "no usb detected". I can see it in "My Computer"...... I followed your steps exactly.

[Essexboy]

Do you have another USB we could try ?

Failing that can you get access to a system with a CD burner

[draven1198]

I got my hands on a burner, I have 2 USB sticks... they aren't recognized. My wife's cpu has a dvd burner so I threw a disc in there and it's ready to go but I dunno what to burn on it..... I have image burn open but don't know which file to burn.

[Essexboy]

OK burn the OTLPE_New_Std.iso to disc

[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked "Do you wish to load the remote registry", select Yes
[*]When asked "Do you wish to load remote user profile(s) for scanning", select Yes
[*]Ensure the box "Automatically Load All Remaining Users" is checked and press OK
[*]OTL should now start.
[*]In the custom scans box type in the following
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.
[/list]

[draven1198]

Kk..... I think her alltools program "F'd" the ISO file name somehow.... it should be in the BOOT folder no??...... I can't find it otherwise and the links from here for the ISO file are hosed. Course the laptop over heated and shutdown on me so I'm in a holding pattern letting it cool down.

Hopefully I can get the log to u before I head out to wrk in 3 hrs.... baby wakes up and I'm pwnt!!!!

Thx for all ur help so far.... typing on my phone sux btw.

[Essexboy]

As an alternative you can download this version which has imgburn built in and runs it automatically

[*]Download OTLPEStd.exe to your desktop
[*]Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD

[draven1198]

It says there is no operating system on any drive I select

[Essexboy]

Is that from OTLPE ?

Can you see you C drive on it by using the explorer ?

[draven1198]

Yes that is from 0TLPE. C Is listed but it says target is not windows 2000 or later

[draven1198]

Found it it was listed as a different drive scanning now

[Essexboy]

Phew were a bit worried there

Save the log generated to a USB drive so that I can analyse it, leave the reatogo desktop up

Edited by Essexboy, 30 October 2010 - 02:40 PM.
added log directions

[Essexboy]

Save the log to a USB drive so that you can post it here for my analysis and fix construction

[draven1198]

OTL logfile created on: 10/30/2010 11:35:04 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 431.06 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 201.08 Gb Free Space | 43.17% Space Free | Partition Type: NTFS
Drive F: | 232.79 Gb Total Space | 188.78 Gb Free Space | 81.10% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto] -- F:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/09/21 20:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto] -- F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/08/25 21:57:14 | 000,203,264 | ---- | M] (AMD) [Auto] -- F:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/20 04:02:01 | 001,255,736 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- F:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\System32\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\System32\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/10/24 13:51:00 | 000,053,248 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2010/05/14 17:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 23:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 20:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/08/19 07:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto] -- F:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/10 16:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/10 16:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/03/24 16:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto] -- F:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand] -- F:\Windows\System32\drivers\RTKVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2010/10/23 03:07:03 | 000,033,280 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- F:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/09/30 17:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- F:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 09:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/08/25 23:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/25 23:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/25 21:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/24 03:33:18 | 000,402,208 | ---- | M] (Marvell) [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/07/15 08:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/05/06 00:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System] -- F:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/03/04 15:50:29 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/23 23:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 23:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/26 02:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/26 02:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/13 21:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/13 21:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/13 21:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- F:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV:64bit: - [2009/07/13 21:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2009/07/13 21:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/13 21:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/13 21:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/13 21:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/13 21:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/13 21:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 21:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System] -- F:\Windows\System32\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 16:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/10 16:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/10 16:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/10 16:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- F:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/24 06:47:58 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/19 16:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101028.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/09/14 09:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/08/31 18:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/26 23:57:52 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jeremy_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.battle.net/sc2/en/
IE - HKU\Jeremy_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Jeremy_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Jeremy_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 22 4F F9 C4 BB CA 01 [binary data]
IE - HKU\Jeremy_ON_F\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Jeremy_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





[2010/08/08 18:27:09 | 000,000,000 | ---D | M] -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/14 12:19:28 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/08 18:27:09 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 11:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (IPlusB Class) - {619C4601-855D-4004-819D-62EF5AC5FE50} - F:\Program Files\iplus\IPlus.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - F:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1640.dll (ESTsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - F:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1640.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Jeremy_ON_F\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\Jeremy_ON_F\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [EvtMgr6] F:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] F:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] F:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] F:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: 알툴바 빠른검색(&Q) - F:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1640.dll (ESTsoft Corporation)
O8 - Extra context menu item: 알툴바 빠른검색(&Q) - F:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1640.dll (ESTsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssear...PlusInstall.cab (AxIPlusInstall)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\smart {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - F:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - F:\Windows\System32\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (pku2u) - F:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - F:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7a82428e-2761-11df-8d2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a82428e-2761-11df-8d2c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/30 11:28:55 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2010/10/29 17:57:17 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/29 17:51:48 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Spyware Doctor
[2010/10/29 17:51:48 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\PC Tools
[2010/10/29 16:23:08 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Uniblue
[2010/10/29 07:12:46 | 000,000,000 | ---D | C] -- F:\temp
[2010/10/26 07:54:59 | 000,000,000 | ---D | C] -- F:\Windows\SysWow64\N360_BACKUP
[2010/10/25 15:45:22 | 000,000,000 | -HSD | C] -- F:\found.000
[2010/10/24 13:57:10 | 000,000,000 | ---D | C] -- F:\Program Files\DIFX
[2010/10/24 13:43:36 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\ParetoLogic
[2010/10/24 06:59:44 | 000,000,000 | ---D | C] -- F:\Windows\en
[2010/10/24 06:58:18 | 000,523,088 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3dx10_42.dll
[2010/10/24 06:58:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\XAudio2_5.dll
[2010/10/24 06:58:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3dx10_42.dll
[2010/10/24 06:58:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/24 06:57:15 | 000,257,024 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mfreadwrite.dll
[2010/10/24 06:57:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mfps.dll
[2010/10/24 06:57:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mfreadwrite.dll
[2010/10/24 06:57:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mf.dll
[2010/10/24 06:57:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMVDECOD.DLL
[2010/10/24 06:57:14 | 001,619,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/24 06:57:13 | 003,181,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mf.dll
[2010/10/23 06:34:55 | 000,000,000 | ---D | C] -- F:\Windows\System32\Macromed
[2010/10/19 06:11:45 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\PS3 Media Server
[2010/10/17 23:14:26 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\VideoLAN
[2010/10/16 12:10:10 | 002,441,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iertutil.dll
[2010/10/16 12:10:10 | 002,058,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iertutil.dll
[2010/10/16 12:10:09 | 000,702,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2010/10/16 12:10:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2010/10/16 12:10:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtml.tlb
[2010/10/16 12:10:08 | 001,192,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wininet.dll
[2010/10/16 12:10:08 | 001,026,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mstime.dll
[2010/10/16 12:10:08 | 000,978,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wininet.dll
[2010/10/16 12:10:08 | 000,606,208 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mstime.dll
[2010/10/16 12:10:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\html.iec
[2010/10/16 12:10:08 | 000,445,952 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iedkcs32.dll
[2010/10/16 12:10:08 | 000,386,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\html.iec
[2010/10/16 12:10:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iedkcs32.dll
[2010/10/16 12:10:08 | 000,256,000 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iepeers.dll
[2010/10/16 12:10:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2010/10/16 12:10:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iepeers.dll
[2010/10/16 12:10:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2010/10/16 12:10:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2010/10/16 12:10:08 | 000,082,944 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedsbs.dll
[2010/10/16 12:10:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2010/10/16 12:10:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedsbs.dll
[2010/10/16 12:10:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2010/10/16 12:10:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\licmgr10.dll
[2010/10/16 12:10:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jsproxy.dll
[2010/10/16 12:10:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\licmgr10.dll
[2010/10/16 12:10:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeedssync.exe
[2010/10/16 12:10:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeedssync.exe
[2010/10/16 12:10:05 | 002,085,376 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ole32.dll
[2010/10/16 12:10:04 | 001,413,632 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ole32.dll
[2010/10/16 12:10:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wmpmde.dll
[2010/10/16 12:10:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wmpmde.dll
[2010/10/16 12:10:03 | 000,633,856 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\comctl32.dll
[2010/10/16 12:10:03 | 000,530,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\comctl32.dll
[2010/10/16 12:10:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mfc40.dll
[2010/10/16 12:10:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mfc40u.dll
[2010/10/16 12:10:01 | 014,627,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wmp.dll
[2010/10/16 12:10:01 | 011,406,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wmp.dll
[2010/10/16 12:10:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wmploc.DLL
[2010/10/16 12:10:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\wmploc.DLL
[2010/10/16 12:09:59 | 000,483,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll
[2010/10/16 12:09:59 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\StructuredQuery.dll
[2010/10/16 12:09:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\t2embed.dll
[2010/10/16 12:09:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\t2embed.dll
[2010/10/16 12:09:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\sscore.dll
[2010/10/14 21:26:21 | 000,000,000 | ---D | C] -- F:\Program Files\iplus
[2010/10/13 17:28:07 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\ASAudioHD.ax
[2010/10/13 17:28:07 | 000,487,936 | ---- | C] (www.madshi.net) -- F:\Windows\SysWow64\madFlac.ax
[2010/10/13 17:28:07 | 000,439,808 | ---- | C] (MPC-HC Team) -- F:\Windows\SysWow64\RealMediaSplitter.ax
[2010/10/13 17:28:07 | 000,417,792 | ---- | C] (Gabest) -- F:\Windows\SysWow64\FLVSplitter.ax
[2010/10/13 17:28:07 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\MagUIEngine.dll
[2010/10/13 17:28:07 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\checkactivate.dll
[2010/10/13 17:28:07 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\MagUIInter.dll
[2010/10/13 17:28:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\SysWow64\yv12vfw.dll
[2010/10/13 17:28:07 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\MagPCMac.dll
[2010/10/13 17:28:07 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- F:\Windows\SysWow64\MagCore.dll
[2010/10/12 18:19:41 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\SlySoft
[2010/10/07 10:33:52 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Adobe
[2010/10/05 18:50:59 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\LogiShrd
[2010/10/05 18:50:48 | 000,018,960 | ---- | C] (Logitech, Inc.) -- F:\Windows\System32\drivers\LNonPnP.sys
[2010/10/05 18:49:16 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\LogiShrd
[2010/10/05 18:47:33 | 000,000,000 | ---D | C] -- F:\Program Files\Logitech
[2010/10/05 18:47:33 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Logitech
[2010/10/05 18:43:18 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\MSN Toolbar
[2010/10/05 18:42:18 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\MSN Toolbar Installer
[2010/10/05 18:41:53 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Driver Whiz
[2010/09/30 22:34:18 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Gretech Corporation
[2010/09/30 22:33:09 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\GRETECH
[2010/09/30 22:24:55 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\GRETECH
[2010/09/30 17:25:10 | 000,040,104 | ---- | C] (Elaborate Bytes AG) -- F:\Windows\System32\drivers\ElbyCDIO.sys
[2010/09/30 13:49:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\ks.sys
[2010/09/30 13:49:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/10/30 11:32:03 | 000,000,362 | ---- | M] () -- F:\Windows.lnk
[2010/10/29 18:02:26 | 000,000,342 | -H-- | M] () -- F:\dvmexp.idx
[2010/10/29 17:14:26 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2010/10/29 16:18:34 | 529,883,135 | -HS- | M] () -- F:\hiberfil.sys
[2010/10/29 07:25:37 | 001,222,758 | ---- | M] () -- F:\Windows\System32\drivers\N360x64\0403000.005\Cat.DB
[2010/10/29 07:22:09 | 000,013,632 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 07:22:09 | 000,013,632 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 07:19:20 | 000,659,580 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010/10/29 07:19:20 | 000,120,508 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010/10/29 07:12:46 | 000,000,038 | ---- | M] () -- F:\dvmaccounts.ini
[2010/10/29 07:10:00 | 000,000,912 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155421688-3034370698-7742467-1001UA.job
[2010/10/29 07:05:37 | 000,018,960 | ---- | M] (Logitech, Inc.) -- F:\Windows\System32\drivers\LNonPnP.sys
[2010/10/27 17:08:15 | 000,000,860 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155421688-3034370698-7742467-1001Core.job
[2010/10/24 14:19:12 | 000,000,294 | ---- | M] () -- F:\Windows\tasks\PC Health Advisor Startup.job
[2010/10/24 14:14:33 | 000,000,224 | ---- | M] () -- F:\Windows\tasks\PC Health Advisor Defrag_sch_8CDC3E91-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 14:14:21 | 000,000,224 | ---- | M] () -- F:\Windows\tasks\PC Health Advisor Defrag_sch_85B5BC5E-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 13:51:00 | 000,053,248 | ---- | M] () -- F:\Windows\SysWow64\FastUv32.dll
[2010/10/24 13:43:40 | 000,000,422 | ---- | M] () -- F:\Windows\tasks\ParetoLogic Registration3.job
[2010/10/24 13:43:36 | 000,000,444 | ---- | M] () -- F:\Windows\tasks\ParetoLogic Update Version3.job
[2010/10/24 13:43:36 | 000,000,274 | ---- | M] () -- F:\Windows\tasks\PC Health Advisor Defrag.job
[2010/10/24 13:43:36 | 000,000,256 | ---- | M] () -- F:\Windows\tasks\PC Health Advisor.job
[2010/10/23 07:12:38 | 000,000,227 | ---- | M] () -- F:\Windows\SysWow64\winset.ini
[2010/10/23 03:07:42 | 000,055,296 | ---- | M] (http://libusb-win32.sourceforge.net) -- F:\Windows\System32\libusb0.dll
[2010/10/23 03:07:03 | 000,033,280 | ---- | M] (http://libusb-win32.sourceforge.net) -- F:\Windows\System32\drivers\libusb0.sys
[2010/10/16 12:19:58 | 000,274,320 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2010/10/05 18:47:55 | 000,000,000 | -H-- | M] () -- F:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/10/05 18:47:51 | 000,000,000 | -H-- | M] () -- F:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/10/03 06:20:29 | 000,771,962 | ---- | M] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/30 17:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) -- F:\Windows\System32\drivers\ElbyCDIO.sys

========== Files Created - No Company Name ==========

[2010/10/30 11:32:03 | 000,000,362 | ---- | C] () -- F:\Windows.lnk
[2010/10/24 14:19:12 | 000,000,294 | ---- | C] () -- F:\Windows\tasks\PC Health Advisor Startup.job
[2010/10/24 14:14:33 | 000,000,224 | ---- | C] () -- F:\Windows\tasks\PC Health Advisor Defrag_sch_8CDC3E91-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 14:14:21 | 000,000,224 | ---- | C] () -- F:\Windows\tasks\PC Health Advisor Defrag_sch_85B5BC5E-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 13:51:00 | 000,053,248 | ---- | C] () -- F:\Windows\SysWow64\FastUv32.dll
[2010/10/24 13:43:40 | 000,000,422 | ---- | C] () -- F:\Windows\tasks\ParetoLogic Registration3.job
[2010/10/24 13:43:36 | 000,000,444 | ---- | C] () -- F:\Windows\tasks\ParetoLogic Update Version3.job
[2010/10/24 13:43:36 | 000,000,274 | ---- | C] () -- F:\Windows\tasks\PC Health Advisor Defrag.job
[2010/10/24 13:43:36 | 000,000,256 | ---- | C] () -- F:\Windows\tasks\PC Health Advisor.job
[2010/10/13 17:32:48 | 000,108,032 | ---- | C] () -- F:\Windows\SysWow64\ff_vfw.dll
[2010/10/13 17:32:48 | 000,050,688 | ---- | C] () -- F:\Windows\SysWow64\ff_acm.acm
[2010/10/13 17:28:07 | 000,917,504 | ---- | C] () -- F:\Windows\SysWow64\dtsdecoderdll.dll
[2010/10/13 17:28:07 | 000,258,048 | ---- | C] () -- F:\Windows\SysWow64\libFLAC.dll
[2010/10/12 14:38:59 | 000,000,227 | ---- | C] () -- F:\Windows\SysWow64\winset.ini
[2010/10/05 18:47:55 | 000,000,000 | -H-- | C] () -- F:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010/10/05 18:47:51 | 000,000,000 | -H-- | C] () -- F:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010/07/23 15:44:11 | 000,771,962 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/30 07:22:59 | 000,000,254 | ---- | C] () -- F:\Windows\Brpfx04a.ini
[2010/04/30 07:22:59 | 000,000,093 | ---- | C] () -- F:\Windows\brpcfx.ini
[2010/04/30 07:22:31 | 000,000,419 | ---- | C] () -- F:\Windows\BRWMARK.INI
[2010/04/30 05:07:10 | 000,106,496 | ---- | C] () -- F:\Windows\SysWow64\BrMuSNMP.dll
[2010/03/16 16:49:57 | 000,000,262 | ---- | C] () -- F:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/04 14:08:31 | 000,024,576 | R--- | C] () -- F:\Windows\SysWow64\AsIO.dll
[2010/03/04 14:08:31 | 000,013,440 | R--- | C] () -- F:\Windows\SysWow64\drivers\AsIO.sys
[2010/03/04 14:08:25 | 000,011,832 | ---- | C] () -- F:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/03/04 14:08:25 | 000,010,216 | ---- | C] () -- F:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/03/04 12:41:48 | 000,035,174 | ---- | C] () -- F:\Windows\Ascd_log.ini
[2010/03/04 12:41:17 | 000,001,769 | ---- | C] () -- F:\Windows\Language_trs.ini
[2010/03/04 12:41:05 | 000,024,193 | ---- | C] () -- F:\Windows\Ascd_tmp.ini
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- F:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 22:32:32 | 000,362,029 | ---- | C] () -- F:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2010/10/24 13:43:40 | 000,000,422 | ---- | M] () -- F:\Windows\Tasks\ParetoLogic Registration3.job
[2010/10/24 13:43:36 | 000,000,444 | ---- | M] () -- F:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/10/24 13:43:36 | 000,000,274 | ---- | M] () -- F:\Windows\Tasks\PC Health Advisor Defrag.job
[2010/10/24 14:14:21 | 000,000,224 | ---- | M] () -- F:\Windows\Tasks\PC Health Advisor Defrag_sch_85B5BC5E-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 14:14:33 | 000,000,224 | ---- | M] () -- F:\Windows\Tasks\PC Health Advisor Defrag_sch_8CDC3E91-DF9A-11DF-A1EE-E0CB4E8FBBF3.job
[2010/10/24 14:19:12 | 000,000,294 | ---- | M] () -- F:\Windows\Tasks\PC Health Advisor Startup.job
[2010/10/24 13:43:36 | 000,000,256 | ---- | M] () -- F:\Windows\Tasks\PC Health Advisor.job
[2010/07/15 14:59:58 | 000,018,420 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- F:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- F:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- F:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- F:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\SysWow64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< End of report >