Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SMSS.exe Virus Problem


  • This topic is locked This topic is locked

#46
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Okay, Essex. Attached is the OTL log. The ball is in your court. :)

Thanks.

Attached File  OTL_Fontana.Txt   121.52KB   115 downloads

OTL logfile created on: 5/4/2011 11:18:10 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 8.25 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 36.21 Gb Free Space | 14.85% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 60.02 Gb Free Space | 33.97% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2001/11/09 02:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2001/11/09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IS360service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/01/08 13:07:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 11:56:42 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/01/28 06:22:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/13 08:23:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/13 08:23:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/25 21:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/26 16:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/02/20 18:36:24 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY012.sys -- (CGY012)
DRV - [2004/10/26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programs\Fresh Devices\Fresh Diagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60280
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60280


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc12.mail.....jsrand=4525738
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7B 18 41 E6 5A CA 01 [binary data]
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1108.mai...rand=587317658"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/08 11:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/04/26 12:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/04/26 12:46:45 | 000,000,000 | ---D | M]

[2011/01/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2010/01/10 03:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 06:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 04:28:25 | 000,001,620 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\searchplugins\mozilla-add-ons.xml

Hosts file not found
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programs\Fresh Devices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programs\Fresh Devices\FreshDownload\fdiebar.dll (FreshDevices Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FreshDownload - {55058DA0-D957-449D-8E5C-BFBA08E46B3F} - D:\Programs\Fresh Devices\FreshDownload\fd.exe (FreshDevices.com.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268383829468 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 00:29:16 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\DoctorWeb
[2011/05/01 13:27:30 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\AVG
[2011/05/01 12:31:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/30 23:15:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
[2011/04/30 05:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\Windows\Dream Chronicles 2 - The Eternal Maze
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2011/04/28 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/04/28 07:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 07:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/28 07:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 07:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2011/04/23 08:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\mAp01804bMjCc01804_Virus
[2011/04/22 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/04/19 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/04/17 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/04/17 05:40:18 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/16 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SunRay Games
[2011/04/14 11:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/04/14 11:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/04/12 05:06:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/04/12 04:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Letters from Nowhere
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2011/04/07 11:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/07 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2011/04/06 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/04/06 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2010/09/29 20:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2010/08/20 08:02:15 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\Users\Dominick J. Fontana\AppData\Roaming\t1.exe
[2009/02/03 08:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\Dominick J. Fontana\AppData\Roaming\7za.exe
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 22:46:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 22:36:53 | 001,883,744 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 22:36:53 | 000,531,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 22:28:40 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 22:08:05 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 22:08:05 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 16:44:07 | 000,000,577 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/05/04 16:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 16:43:38 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 10:31:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{AA929FF7-AB04-4EBC-A30B-F25A21B3CCCF}
[2011/05/02 13:28:11 | 000,000,112 | ---- | M] () -- C:\ProgramData\X312g45XV.dat
[2011/05/01 18:19:04 | 000,006,144 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/05/01 12:27:32 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/05/01 10:40:24 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 07:38:50 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/29 13:15:51 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 07:00:14 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:09:21 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/28 05:26:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/22 11:26:42 | 000,279,700 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 00:53:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/13 23:00:31 | 000,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 04:00:53 | 000,001,744 | RHS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.pol
[2011/04/06 03:34:58 | 000,001,416 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 10:31:58 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{AA929FF7-AB04-4EBC-A30B-F25A21B3CCCF}
[2011/05/02 09:19:40 | 000,000,112 | ---- | C] () -- C:\ProgramData\X312g45XV.dat
[2011/05/01 12:27:32 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/05/01 10:40:24 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 07:38:50 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/29 13:15:51 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:58:15 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 06:09:21 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:26:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/22 11:26:55 | 000,279,700 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 14:48:21 | 000,006,144 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/19 10:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/23 06:40:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:39:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/22 12:05:19 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/22 12:05:19 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/01/22 12:05:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/22 11:37:52 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/01/21 12:34:44 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2010/11/12 08:11:22 | 000,071,484 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\ClassicFTP.dmp
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/20 07:00:31 | 004,098,560 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\btbar.msi
[2010/08/20 07:00:31 | 000,013,207 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MyTestToolbar.xpi
[2010/08/20 07:00:31 | 000,000,054 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\setup.dat
[2010/07/19 06:19:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010/07/17 05:30:44 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/16 22:38:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/04 06:58:49 | 000,000,803 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010/07/04 06:47:50 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI
[2010/04/07 06:12:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/03/09 05:10:40 | 000,000,169 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\default.rss
[2010/03/09 05:10:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/06 07:28:14 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/18 07:36:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/18 03:11:25 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileOut.cns
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileIn.cns
[2010/02/13 08:18:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/02/13 08:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/07 05:13:14 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/21 05:15:17 | 000,070,656 | ---- | C] () -- C:\Windows\RSetupCE.exe
[2009/12/22 05:15:29 | 000,000,577 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/12/22 05:15:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/12/22 05:15:28 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2009/11/15 19:38:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/11/15 19:33:25 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Mpwinapppiobas69.dat
[2009/11/15 19:32:27 | 000,112,156 | ---- | C] () -- C:\Windows\System32\Msdts325.dat
[2009/11/15 18:50:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 05:41:36 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Mros416.dll
[2009/11/01 22:58:39 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2009/11/01 19:20:54 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/11/01 19:20:54 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/11/01 19:20:54 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/01 19:20:54 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/01 19:20:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/01 09:04:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 07:50:58 | 000,022,068 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,413,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 001,883,744 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,531,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MafiaSetup.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/03/30 00:25:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\.minecraft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2K Sports
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\6EA5E0D4CF863867DCEF28FC4C867231
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/02/13 07:48:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Audio Converter
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Video Converter
[2011/03/27 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG9
[2011/04/12 05:46:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/01/31 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/05/03 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/02/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/04/18 08:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/04/17 05:40:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CoreFTP
[2011/03/16 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 06:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/03/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/02/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DonationCoder
[2011/03/27 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/02/18 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/02/17 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/02/15 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/03/20 07:06:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/04/12 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/03/16 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/03/29 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/04/24 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/03/08 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/03/06 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/02/24 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/03/17 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/03/25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshDiagnose
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshHTML
[2011/02/13 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Friday's games
[2011/02/15 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Frogwares
[2011/03/29 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FrostWire
[2011/02/24 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/03/15 08:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/02/26 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/02/20 08:51:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/04/19 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/02/02 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/04/17 05:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/02 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/02/19 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/04/06 09:21:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/04/02 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/30 05:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/01/25 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iShell
[2011/02/07 09:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/01/08 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LimeWire
[2011/02/22 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/02/25 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MA2
[2011/04/07 10:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/03/13 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/04/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/02/24 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/04/17 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Orneon
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Out of the Park Developments
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/02/07 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/04/29 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/03/02 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/03/30 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ProtectDISC
[2011/03/16 08:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\QB9
[2011/03/02 09:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Seven Zip
[2011/04/01 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/03/16 09:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/03/15 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Steinberg
[2011/04/19 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/08 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/07 11:32:55 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/23 08:58:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/04/05 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/03/23 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/02/16 11:29:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/04/26 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/05/01 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/08/17 04:53:22 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2011/05/04 22:27:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector (1).exe
[2009/04/25 07:59:16 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe


< MD5 for: SPTD.SYS >
[2011/05/01 11:56:42 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts [2009/04/24 00:38:07 | 000,509,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programs\Firefox\firefox.exe [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programs\Firefox\firefox.exe" -preferences [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programs\Firefox\firefox.exe" -safe-mode [2009/04/24 00:38:11 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8F0F82EC
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CC30FDA5

< End of report >
  • 0

Advertisements


#47
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Hi, Essex.

I have used the computer for a day now and the only difference is that the computer hasn't crashed anymore. All the other problems are still there. I continually get pop-ups; when I click on links, it constantly redirects to a different site; sometimes when I click on a new Tab in IE, it doesn't open; the screen blinks periodically as if it's about to lose power; and I still am not able to shut down cleanly. Whenever I select Shut Down, it still acts as a Restart and Windows shuts down and then immediately reboots instead of turning off the power, so I have to shut it off manually. Then the next time I boot up, it always says that Windows didn't shut down properly and goes to the bootup screen with the Safe Mode options. Finally, I don't know if it's something with the cookies, but on all sites I constantly have to login, including my email, even though I have Remember Me selected. It used to be that I never had to log in or only log in every 2 weeks. Now I have to log in to every site, every time I use it. Also, even though I always shut down Internet Explorer before I shut down the computer, the next time I reboot and click on IE, it always says that IE didn't shut down properly and gives me the option to restore my last session. I am also still having Internet connection problems. I have trouble connecting and then once I do, I periodically lose the connection.

So that is the list of the current problems. As I said, the only difference I notice is that the computer hasn't crashed anymore. My opinion is that the main source of the problem is that the computer won't shut down properl;y. I think if we fix that, we will have solved the problem or at least most of it.

Thanks.

Edited by Dom Fontana, 05 May 2011 - 07:31 AM.

  • 0

#48
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here goes... On completion of this could you update aswMBR please and run a fresh scan

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/05/01 11:56:42 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    [2011/04/23 08:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\mAp01804bMjCc01804_Virus
    [2010/08/20 08:02:15 | 000,020,480 | ---- | C] (Hewlett-Packard) -- C:\Users\Dominick J. Fontana\AppData\Roaming\t1.exe
    [2011/05/02 13:28:11 | 000,000,112 | ---- | M] () -- C:\ProgramData\X312g45XV.dat
    [2011/05/01 11:56:42 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#49
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Same thing every day. I am on the computer for 10 hours and right before I have to get off, you respond. It must be the time difference. haha :)

I have to run now, so I will get to it tonight.

Also, there is a new problem. When I reboot the computer, I get the infamous blue screen and it says that Windows was forced to close because of an Internal Power failure. But the fact is that the computer didn't crash. It only does this when I reboot. I told you there was something wrong with shutting down the computer and now it's getting worse. The computer hasn't shut down properly for a week now. There is something at play there.

Okay, I will get back to you later.

Thanks.
  • 0

#50
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Absolute nightmare, but I finally did it. What should have taken a few minutes, took 45 minutes. My computer is practically unusable for the Internet now. I keep losing the connection every few minutes. It took forever to download the updated program. Here are the 2 logs you asked for. Also, after the OTC scan, when I chose to reboot, I got the blue screen again that said Internal Power Failue. I get that every time I reboot now. It says to check and remove any new installed hardware, but I didn't install anything.

Thanks.

OTL logfile created on: 5/5/2011 7:48:13 AM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
14.00 Gb Paging File | 13.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.20 Gb Total Space | 8.22 Gb Free Space | 18.19% Space Free | Partition Type: NTFS
Drive D: | 243.87 Gb Total Space | 32.25 Gb Free Space | 13.22% Space Free | Partition Type: NTFS
Drive E: | 176.69 Gb Total Space | 56.59 Gb Free Space | 32.03% Space Free | Partition Type: NTFS

Computer Name: FONTANA | User Name: Dominick J. Fontana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- D:\Programs\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- D:\Programs\PowerISO\PWRISOVM.EXE
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/03/18 20:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2001/11/09 02:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 11:18:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2001/11/09 08:13:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Mouse Driver\Mouse Driver\3.5\MOUDL32A.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IS360service)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- D:\Programs\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/01/08 13:07:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/22 05:15:28 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 06:22:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/13 08:23:00 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/13 08:23:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/25 21:22:12 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/02 04:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/09/26 16:58:54 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/08/12 22:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/02/20 18:36:24 | 000,020,352 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CGY012.sys -- (CGY012)
DRV - [2004/10/26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programs\Fresh Devices\Fresh Diagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/10/18 15:02:20 | 000,049,152 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.c...aspx?TbId=60280
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.c...spx?tb_id=60280


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc12.mail.....jsrand=4525738
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7B 18 41 E6 5A CA 01 [binary data]
IE - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1108.mai...rand=587317658"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/01/08 11:53:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programs\Firefox\components [2011/04/26 12:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programs\Firefox\plugins [2011/04/26 12:46:45 | 000,000,000 | ---D | M]

[2011/01/08 12:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions
[2010/01/10 03:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/28 06:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/28 04:28:25 | 000,001,620 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mozilla\Firefox\Profiles\an03h0zq.default\searchplugins\mozilla-add-ons.xml

O1 HOSTS File: ([2011/05/05 07:41:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Programs\Fresh Devices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\Programs\Fresh Devices\FreshDownload\fdiebar.dll (FreshDevices Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\Mouse Driver\Mouse Driver\3.5\Mouse32A.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Programs\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000..\Run: [DAEMON Tools Pro Agent] D:\Programs\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2694720615-2016804693-2388961291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FreshDownload - {55058DA0-D957-449D-8E5C-BFBA08E46B3F} - D:\Programs\Fresh Devices\FreshDownload\fd.exe (FreshDevices.com.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1268383829468 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 09:38:31 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,200,524 | ---- | M] () - D:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 21:32:16 | 000,019,488 | ---- | M] () - D:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2009/04/25 08:05:20 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/23 09:54:29 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 00:29:16 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\DoctorWeb
[2011/05/01 13:27:30 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\AVG
[2011/05/01 12:31:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/30 23:15:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\Desktop\Geeks To Go
[2011/04/30 05:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\Windows\Dream Chronicles 2 - The Eternal Maze
[2011/04/29 13:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2011/04/28 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Malwarebytes
[2011/04/28 07:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 07:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/28 07:40:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 07:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/04/27 09:47:14 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 23:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles
[2011/04/26 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/04/23 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Top Evidence
[2011/04/22 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/04/19 12:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/04/19 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/04/17 05:40:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/04/17 05:40:18 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/16 08:35:17 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SunRay Games
[2011/04/14 11:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/04/14 11:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/04/12 05:06:56 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/04/12 04:58:40 | 000,000,000 | ---D | C] -- C:\Windows\Letters from Nowhere
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2011/04/08 13:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2011/04/07 11:32:25 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/07 09:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest Software Publishing Ltd
[2011/04/06 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/04/06 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2010/09/29 20:17:03 | 000,129,024 | ---- | C] (Fp6t7DQi84YsPx2m1S0) -- C:\Program Files\Common Files\Uninstall.exe
[2009/02/03 08:21:10 | 000,239,104 | ---- | C] (Igor Pavlov) -- C:\Users\Dominick J. Fontana\AppData\Roaming\7za.exe
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 07:46:50 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 07:44:25 | 000,000,577 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/05/05 07:44:24 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 07:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 07:43:58 | 2767,052,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 07:42:26 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 07:42:26 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 07:39:30 | 002,156,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 07:39:30 | 000,623,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/03 10:31:58 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{AA929FF7-AB04-4EBC-A30B-F25A21B3CCCF}
[2011/05/01 18:19:04 | 000,006,144 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/05/01 12:27:32 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/05/01 10:40:24 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 07:38:50 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/29 13:15:51 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 07:00:14 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:09:21 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/28 05:59:57 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/28 05:26:31 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:06:03 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | M] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/04/22 11:26:42 | 000,279,700 | ---- | M] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 00:53:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/13 23:00:31 | 000,413,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/06 04:00:53 | 000,001,744 | RHS- | M] () -- C:\Users\Dominick J. Fontana\ntuser.pol
[2011/04/06 03:34:58 | 000,001,416 | ---- | M] () -- C:\Users\Dominick J. Fontana\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[9 C:\Users\Dominick J. Fontana\AppData\Local\*.tmp files -> C:\Users\Dominick J. Fontana\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 10:31:58 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{AA929FF7-AB04-4EBC-A30B-F25A21B3CCCF}
[2011/05/01 12:27:32 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/05/01 10:40:24 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BE154226-6A66-426C-B5EB-DA00C357B697}
[2011/05/01 10:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{14BE0015-3DE5-46FA-8CF8-B5B9AD41E19D}
[2011/05/01 10:33:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{F4C64607-DFA3-4164-8F7C-DFB8D1CB7009}
[2011/05/01 07:38:50 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5B2706D3-6C8B-40A1-A725-41DCE4EC8BB4}
[2011/04/29 13:15:51 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\Eternal Maze.lnk
[2011/04/28 07:06:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{BCB474FC-D103-4EF6-8B01-E1CF4D974FE1}
[2011/04/28 07:00:14 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{6F99D313-4154-4D02-8272-EA10137A95EB}
[2011/04/28 06:58:15 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{21C4BCFF-D0FC-4375-996F-78C2E2781F07}
[2011/04/28 06:09:21 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FA75906E-C9AE-47D7-811F-170D5C78D589}
[2011/04/28 06:07:23 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{22250DF1-3370-46FF-B651-EB32C243CC66}
[2011/04/28 05:26:31 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{4A60DA9A-A907-4A8F-BFEA-BD80ED8CB54E}
[2011/04/28 05:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{FAFCCB5F-E4AB-415B-A51F-CF0A8F2C87A8}
[2011/04/28 05:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{82393E06-D0F6-4733-A203-9741E4F663FC}
[2011/04/28 05:01:36 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{5F0735F4-0781-4297-8E20-0135555A1C5F}
[2011/04/27 23:59:43 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{816A3B21-6B98-43D2-AD1E-0EFE0D269468}
[2011/04/27 06:31:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{52CAB3BA-8EE1-45DE-B664-34D40402BDE7}
[2011/04/27 06:29:26 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\{9004940B-3679-4A95-83BB-A525E55B75B5}
[2011/04/22 11:26:55 | 000,279,700 | ---- | C] () -- C:\Users\Dominick J. Fontana\Desktop\CREDITCARDAUTHORIZATIONFORMupdate2.pdf
[2011/04/18 14:48:21 | 000,006,144 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 00:53:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/19 10:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/23 06:40:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/23 06:39:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/22 12:05:19 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/22 12:05:19 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2011/01/22 12:05:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/22 11:37:52 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011/01/21 12:34:44 | 000,000,145 | ---- | C] () -- C:\Windows\game.INI
[2010/11/12 08:11:22 | 000,071,484 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\ClassicFTP.dmp
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/20 07:00:31 | 004,098,560 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\btbar.msi
[2010/08/20 07:00:31 | 000,013,207 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MyTestToolbar.xpi
[2010/08/20 07:00:31 | 000,000,054 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\setup.dat
[2010/07/19 06:19:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010/07/17 05:30:44 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010/07/16 22:38:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/04 06:58:49 | 000,000,803 | ---- | C] () -- C:\Windows\CoDUO.INI
[2010/07/04 06:47:50 | 000,000,733 | ---- | C] () -- C:\Windows\CoD.INI
[2010/04/07 06:12:26 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/03/09 05:10:40 | 000,000,169 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\default.rss
[2010/03/09 05:10:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/06 07:28:14 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/02/18 07:36:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/02/18 03:11:25 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileOut.cns
[2010/02/17 08:06:48 | 000,000,000 | ---- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\FileIn.cns
[2010/02/13 08:18:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/02/13 08:18:25 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/02/07 05:13:14 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/21 05:15:17 | 000,070,656 | ---- | C] () -- C:\Windows\RSetupCE.exe
[2009/12/22 05:15:29 | 000,000,577 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/12/22 05:15:28 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/12/22 05:15:28 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2009/11/15 19:38:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/11/15 19:33:25 | 000,024,575 | ---- | C] () -- C:\Windows\System32\Mpwinapppiobas69.dat
[2009/11/15 19:32:27 | 000,112,156 | ---- | C] () -- C:\Windows\System32\Msdts325.dat
[2009/11/15 18:50:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/11/02 05:41:36 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Mros416.dll
[2009/11/01 22:58:39 | 000,000,000 | ---- | C] () -- C:\Windows\wincmd.ini
[2009/11/01 19:20:54 | 001,907,712 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/11/01 19:20:54 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/11/01 19:20:54 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/11/01 19:20:54 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/11/01 19:20:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/11/01 09:04:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/01 07:50:58 | 000,022,068 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,413,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 002,156,148 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,623,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003/04/09 05:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Dominick J. Fontana\AppData\Roaming\MafiaSetup.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/05 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/05/05 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2011/03/30 00:25:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\.minecraft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\2K Sports
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\6EA5E0D4CF863867DCEF28FC4C867231
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\acccore
[2011/02/13 07:48:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Alawar
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AnvSoft
[2011/01/08 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Audio Converter
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Any Video Converter
[2011/03/27 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Artogon
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG10
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\AVG9
[2011/04/12 05:46:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Awem
[2011/01/31 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Big Fish Games
[2011/05/05 04:54:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\BitTorrent
[2011/02/26 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Blue Tea Games
[2011/04/18 08:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Boomzap
[2011/04/17 05:40:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Camel101
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CoreFTP
[2011/03/16 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\CursedOnboard
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Lite
[2011/01/20 06:15:15 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DAEMON Tools Pro
[2011/03/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/02/06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DivoGames
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DonationCoder
[2011/03/27 11:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dragon Altar Games
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\DriverCure
[2011/02/18 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight
[2011/02/17 11:33:47 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Dying for Daylight Shared
[2011/02/15 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\EleFun Games
[2011/03/20 07:06:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Elephant Games
[2011/04/12 06:34:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enki Games
[2011/03/16 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Enlightenus2_BFG
[2011/03/29 00:31:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS G-Studio
[2011/04/24 11:21:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ERS Game Studios
[2011/03/08 10:15:57 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Flood Light Games
[2011/03/06 13:50:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Floodlight Games
[2011/02/24 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FlyWheelGames
[2011/03/17 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ForgottenRiddles
[2011/03/25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshDiagnose
[2011/01/08 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FreshHTML
[2011/02/13 13:34:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Friday's games
[2011/02/15 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Frogwares
[2011/03/29 05:47:44 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\FrostWire
[2011/02/24 12:07:07 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fugazo
[2011/03/15 08:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\funkitron
[2011/02/26 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Fuzzy Bug Interactive
[2011/02/20 08:51:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GameMill Entertainment
[2011/04/19 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gamers Digital
[2011/02/02 06:27:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Games
[2011/04/17 05:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\GarageGames
[2011/04/02 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Gestalt Games
[2011/02/19 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ghost Ship Studios
[2011/04/06 09:21:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HdO Adventure
[2011/04/02 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\HitPoint Studios
[2011/04/30 05:36:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\IObit
[2011/01/25 10:26:51 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\iShell
[2011/02/07 09:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Islands
[2011/01/08 12:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LimeWire
[2011/02/22 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\LittleGamesCompany
[2011/02/25 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MA2
[2011/04/07 10:10:50 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\MagicIndie
[2011/03/13 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\margrave3_full
[2011/04/22 12:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\My Games
[2011/02/24 14:33:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Mystery of Mortlake Mansion
[2011/02/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Namco
[2011/04/17 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Orneon
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Out of the Park Developments
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PandoraRecovery
[2011/04/27 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ParetoLogic
[2011/02/07 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Phantasmat_bf_ce1
[2011/04/29 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayFirst
[2011/03/02 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\PlayPond
[2011/03/30 11:33:34 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\ProtectDISC
[2011/03/16 08:43:46 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\QB9
[2011/03/02 09:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SerpentOfIsis
[2011/01/08 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Seven Zip
[2011/04/01 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Silverback Productions
[2011/03/16 09:11:09 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Specialbit
[2011/03/15 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\SpinTop Games
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Steinberg
[2011/04/19 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Ten Heavens
[2011/04/06 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\The FoolStrategyGuide
[2011/04/08 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/04/07 11:32:55 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TOMI3
[2011/04/23 08:58:42 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Top Evidence
[2011/01/08 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\TuneUp Software
[2011/04/05 02:54:53 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vast Studios
[2011/03/23 13:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Vogat Interactive
[2011/02/16 11:29:52 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\WhiteBirdsProductions
[2011/04/26 12:49:00 | 000,000,000 | ---D | M] -- C:\Users\Dominick J. Fontana\AppData\Roaming\Zylom
[2011/05/01 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/04/27 00:33:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/08/17 04:53:22 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\Registry Winner Schedule.job
[2011/05/05 05:57:56 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8F0F82EC
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0785072C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B9B3B2FE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CC30FDA5

< End of report >

Attached Files


  • 0

#51
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see from the aswmbr log that it is no longer reporting TDL3 which is goodish but it has revealed an unknown running. The latest variant of this actually uses two files for hooking the first will hide the second.

So first I would like you to re-run TDSSKiller

Then could you do the following check for me

Click your start button, right click on My Computer:
  • Click properties
  • Click the Hardware tab
  • Click Device manager button
  • Click the + sign beside System Devices
  • Look for something with cmz vmkd or vbma in name it should say virtual bus
  • Right click the entry & select uninstall if present

  • 0

#52
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Okay, I ran TDSS Killer. It found something in the Root and it said it would cure it on reboot. Note that on reboot, I got the blue screen again. I hit the power button to turn off and then back on again.

I checked System Devices and didn't see what you mentioned. They all seemed like the normal devices to me, all written in plain English words.
  • 0

#53
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK what was it that TDSSKiller reported please
  • 0

#54
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
I don't know what it reported because after the scan and reboot, there was no report. Remember it wasn't a clean reboot because I got the Internal Power Failure screen. I just clicked the report button now and there is no report. Okay, I have to go at this time again. Let me know what to do next.

Thanks.
  • 0

#55
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run TDSSKiller again please this time do not let it cure the problem - that should then generate the log and show which file was suspect
  • 0

Advertisements


#56
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Okay, I didn't cure it and here is the report.

Attached Files


  • 0

#57
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Update: Since the problem started, I haven't been able to run Windows Update. I have it set to only Notify me of Updates. Anyway, today I finally was able to run it and I installed a few updates, including the monthly Malicious Software Remocval Tool from MS. It automatically did a scan and this is what it found:

TROJAN:DOS/Alureon.A

Then it said Partially Removed, but I must use manual steps to fully remove it. It also suggested I ran my anti-virus program. I didn't do anything after that because I wanted to hear from you first.

Thanks.
  • 0

#58
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is good and it is the one I thought it would be. Very simply put you had the TDL3 bootkit on the sptd.sys file which was masking the TDL4 bootkit. They are putting layer on layer now

  • Reboot the computer and press and hold F8 to get to the safe mode menu
  • On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press ENTER..
  • Select a keyboard layout, and then click Next
  • Select a user name and enter the password, and then click OK. if no password was set press enter
  • Select command prompt
  • Type in the following command

    Bootrec.exe /FixMbr
  • Once finished type Exit
  • Reboot and then run TDSSKiller

  • 0

#59
Dom Fontana

Dom Fontana

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 170 posts
Good morning. Okay, I will do that right now.
  • 0

#60
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If the recovery console is not installed we will need to do that manually - do you have the windows disc ? If not I will locate a downloadable copy to install
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP