Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pum.bad.proxy - Keep on reappearing after cleaning it.

Started by bluewr , May 19 2011 11:56 PM

  • This topic is locked This topic is locked

#31
Render
Posted 22 May 2011 - 12:24 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Strange. Please provide me with fresh OTL log:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements

#32
bluewr
Posted 22 May 2011 - 01:56 PM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL Custom Scan

OTL logfile created on: 2011/05/23 3:53:21 - Run 5
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sizustar\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: Japan | Language: JPN | Date Format: yyyy/MM/dd

8.00 Gb Total Physical Memory | 3.31 Gb Available Physical Memory | 41.32% Memory free
16.00 Gb Paging File | 11.78 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): c:\pagefile.sys 8191 8191 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.35 Gb Total Space | 273.53 Gb Free Space | 58.78% Space Free | Partition Type: NTFS
Drive D: | 466.16 Gb Total Space | 415.14 Gb Free Space | 89.05% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 715.46 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 113.05 Gb Free Space | 37.92% Space Free | Partition Type: NTFS

Computer Name: SIZUSTAR-PC | User Name: Sizustar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
PRC - [2011/05/22 15:41:35 | 000,551,800 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/05/10 22:19:32 | 004,853,120 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/04/29 19:36:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/01 06:17:51 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/03/17 18:50:42 | 004,523,928 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011/03/02 04:56:03 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 01:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
MOD - [2010/11/20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 01:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/03/15 15:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/03/15 15:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/10/28 18:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/01 06:17:51 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe -- (a2AntiMalware)
SRV - [2011/03/02 04:56:03 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2011/02/21 15:58:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 23:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/02 04:56:03 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/01/19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 03:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/08/25 01:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/25 01:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/02/18 02:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/18 02:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/02/01 18:15:04 | 000,043,520 | ---- | M] (ASUSTek Computer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ipgdnd60.sys -- (ipgd)
DRV - [2011/05/21 22:49:39 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2011/03/12 17:46:36 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/02/21 16:14:38 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU)
DRV - [2010/12/18 19:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (TSS_FSFILTER)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (DynamicEDController)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja
IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51293

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://my.daemon-sea....com/startpage"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.7
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.4b1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/26 16:38:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 19:37:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 14:22:46 | 000,000,000 | ---D | M]

[2010/09/25 01:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Extensions
[2011/05/22 03:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions
[2011/04/10 10:41:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/01 10:41:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/02 04:44:34 | 000,002,059 | ---- | M] () -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\searchplugins\daemon-search.xml
[2011/03/22 16:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\SIZUSTAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YAOXCWJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SIZUSTAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YAOXCWJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/04/29 19:36:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/10/21 06:11:42 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/23 01:46:30 | 000,433,294 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2AA793B8-230D-4EE1-9158-21ADA1421950} http://download.powe...tw/fsplayer.cab (Reg Error: Key error.)
O16 - DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} http://www.dotbook.j...TimeCrochet.cab (CrochetCtrl Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} http://trinity.dlsit...ex/pbebkick.cab (PbEbkick Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (Reg Error: Key error.)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania....1/lcjggame.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/01 04:30:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 03:52:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
[2011/05/23 01:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/22 21:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/22 21:20:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/05/22 21:20:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/05/22 21:18:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/22 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/22 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/22 21:18:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/22 21:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/22 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/05/22 21:18:35 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2011/05/22 21:18:30 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2011/05/22 21:18:30 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2011/05/22 21:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2011/05/22 20:04:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 19:19:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\[jumpcn][Toriko][08][Big5][848x480].rmvb
[2011/05/21 23:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\gmer
[2011/05/21 04:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/21 04:24:09 | 118,836,944 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.05.2011_22-09.exe
[2011/05/21 03:38:34 | 142,132,328 | ---- | C] (NVIDIA Corporation) -- C:\270.61-desktop-win7-winvista-64bit-english-whql.exe
[2011/05/21 00:12:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/20 15:11:43 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Ragnarok
[2011/05/20 07:24:18 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\asufe101
[2011/05/20 07:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\TORMENTRIP
[2011/05/16 22:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BLUEWATER
[2011/05/16 22:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BLUEWATER
[2011/05/16 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/16 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/05/16 20:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/16 09:15:34 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/16 09:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/16 09:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/05/16 09:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/13 22:30:48 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Eroquis_gallery
[2011/05/13 14:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SomePDF
[2011/05/13 14:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SomePDF
[2011/05/13 04:30:34 | 000,000,000 | -H-D | C] -- C:\Users\Sizustar\Desktop\[Originals]
[2011/05/11 23:13:27 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Local\Easy Clone Detective
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Refero Group
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Refero Group
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Windows\Easy Clone Detective
[2011/05/11 21:24:40 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/11 21:24:40 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/11 21:24:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 21:24:39 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/11 21:24:38 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 21:24:37 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 21:24:37 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/08 00:43:27 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Vorpal_Rabbit_1_0_0_2
[2011/05/05 04:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\AVG
[2011/05/05 04:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/05 01:51:19 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/05/05 01:05:01 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\AVG10
[2011/05/05 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/05 00:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/03 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\hana_circle
[2011/05/01 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lame3.98.2
[2011/04/30 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Documents\iSkysoft DRM Removal
[2011/04/30 22:37:06 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2011/04/30 22:37:04 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2011/04/30 22:37:02 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2011/04/30 22:37:00 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2011/04/30 22:36:57 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2011/04/30 22:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2011/04/30 22:36:54 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2011/04/30 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2011/04/28 08:02:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/04/28 01:11:02 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/28 01:11:02 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/28 01:11:02 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/28 01:11:02 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/28 01:11:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/28 01:11:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/28 01:11:02 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/28 01:10:59 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/28 01:10:59 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/28 01:10:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/28 01:10:58 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/28 01:10:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/28 01:10:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/26 21:39:00 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 21:39:00 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 21:39:00 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 21:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/24 20:57:03 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\pncrt.dll
[2011/04/24 20:57:03 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\drv43260.dll
[2011/04/24 20:57:03 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\drv33260.dll
[2011/04/24 20:57:03 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\sipr3260.dll
[2011/04/24 20:57:03 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\cook.dll
[2011/04/24 06:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
[2011/04/24 06:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/04/24 06:35:53 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/04/24 06:35:53 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2011/04/24 06:35:53 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\I263_32.drv
[2011/04/24 06:35:53 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\SysWow64\divxa32.acm
[2011/04/24 06:35:53 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/04/24 06:35:53 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2011/04/24 06:35:53 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/04/24 06:35:53 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/04/24 06:35:53 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2011/04/24 06:31:42 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll.bak

========== Files - Modified Within 30 Days ==========

[2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
[2011/05/23 01:46:30 | 000,433,294 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/23 01:28:39 | 000,433,294 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110523-014630.backup
[2011/05/23 01:10:48 | 000,392,384 | ---- | M] () -- C:\Users\Sizustar\Desktop\rgssad_wx.rar
[2011/05/22 23:49:54 | 000,705,554 | ---- | M] () -- C:\Users\Sizustar\Desktop\18955039.jpg
[2011/05/22 21:21:12 | 000,428,032 | ---- | M] () -- C:\Users\Sizustar\Desktop\RegQuery.exe
[2011/05/22 21:21:11 | 115,690,975 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/05/22 21:20:24 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 21:20:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/05/22 21:20:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/05/22 21:18:54 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 21:18:35 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/05/22 19:27:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110523-012839.backup
[2011/05/22 19:23:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 19:23:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 19:23:40 | 002,188,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/22 19:23:40 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/22 19:23:40 | 000,398,716 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/05/22 19:23:40 | 000,396,450 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2011/05/22 19:23:40 | 000,361,570 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2011/05/22 19:23:40 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2011/05/22 19:23:40 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/05/22 19:23:40 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/22 19:23:40 | 000,104,050 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2011/05/22 19:16:45 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/05/22 19:16:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/22 19:16:33 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 15:50:58 | 314,685,165 | ---- | M] () -- C:\Users\Sizustar\Desktop\[YOUSMELL] Tiger & Bunny - 08.mkv
[2011/05/21 23:08:49 | 000,293,775 | ---- | M] () -- C:\Users\Sizustar\Desktop\gmer.zip
[2011/05/21 22:49:39 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/21 04:28:55 | 118,836,944 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.05.2011_22-09.exe
[2011/05/21 04:11:53 | 000,000,512 | ---- | M] () -- C:\Users\Sizustar\Desktop\MBR.dat
[2011/05/21 03:48:12 | 494,202,755 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/21 03:39:53 | 142,132,328 | ---- | M] (NVIDIA Corporation) -- C:\270.61-desktop-win7-winvista-64bit-english-whql.exe
[2011/05/20 22:51:28 | 000,487,427 | ---- | M] () -- C:\Users\Sizustar\Desktop\4koma02.jpg
[2011/05/20 22:49:55 | 000,485,009 | ---- | M] () -- C:\Users\Sizustar\Desktop\4koma01.jpg
[2011/05/20 13:20:25 | 000,001,060 | ---- | M] () -- C:\Windows\SysNative\PDBootState
[2011/05/19 15:44:28 | 000,181,546 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305471061148.jpg
[2011/05/19 15:30:40 | 000,064,879 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305722752751.jpg
[2011/05/19 15:27:22 | 000,089,643 | ---- | M] () -- C:\Users\Sizustar\Desktop\2ds45qp.jpg
[2011/05/19 00:22:24 | 000,367,892 | ---- | M] () -- C:\Users\Sizustar\Desktop\4komaa00.jpg
[2011/05/18 20:43:58 | 000,049,965 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305595023594.jpg
[2011/05/17 09:40:53 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/17 01:02:43 | 000,066,930 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305478116764.jpg
[2011/05/16 22:19:47 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\DiaGnosis2.lnk
[2011/05/16 22:03:31 | 000,161,091 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305541100664.jpg
[2011/05/16 21:16:26 | 000,433,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/05/16 19:03:51 | 000,063,373 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305507516408.jpg
[2011/05/16 14:34:15 | 000,006,638 | ---- | M] () -- C:\Users\Sizustar\AppData\Roaming\0EDE.18C
[2011/05/16 12:34:18 | 026,845,822 | ---- | M] () -- C:\Users\Sizustar\Documents\【東方】『幻想万華鏡』予告編 満福神社×幽閉サテライト【アニメ】 - [sm14400995].mp4
[2011/05/16 09:15:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/16 08:17:39 | 060,579,845 | ---- | M] () -- C:\Users\Sizustar\Documents\【第6回MMD杯本選】恋天使ルシフェル.mp4
[2011/05/16 08:04:25 | 050,744,207 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにまっさらブルージーンズを踊ってもらった.mp4
[2011/05/16 08:01:08 | 068,736,850 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】BREEZE【魔王エンジェル】.mp4
[2011/05/16 07:54:35 | 039,453,402 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにNostalogicを踊ってもらった【修正版】.mp4
[2011/05/16 07:52:33 | 010,237,078 | ---- | M] () -- C:\Users\Sizustar\Documents\【3DCG】くるっと・おどって・初音ミク【ねんどろいど】.flv
[2011/05/16 07:43:50 | 472,907,776 | ---- | M] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part1.rar
[2011/05/16 07:41:56 | 341,635,270 | ---- | M] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part2.rar
[2011/05/16 07:40:02 | 024,412,373 | ---- | M] () -- C:\Users\Sizustar\Documents\【MikuMikuDance】助手よ素直になるがいい【Steins;Gate】.mp4
[2011/05/16 07:38:06 | 025,748,404 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】折紙さんが見切れないハレ晴レユカイ【と助手とホビロン】.mp4
[2011/05/16 07:37:06 | 021,085,786 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】松前緒花の「Ievan Polkka」(ミクは・・・)【第3回ラジP杯】.mp4
[2011/05/16 07:29:02 | 045,234,406 | ---- | M] () -- C:\Users\Sizustar\Documents\春香・美希 Bad Apple!!.mp4
[2011/05/16 07:19:37 | 016,196,926 | ---- | M] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた.mp4
[2011/05/16 07:14:41 | 097,315,165 | ---- | M] () -- C:\Users\Sizustar\Documents\【東方MMD】お嬢様がNostalogicを踊るはずだったのだけど【ちょっとPV風味】.mp4
[2011/05/16 06:57:39 | 048,459,185 | ---- | M] () -- C:\Users\Sizustar\Documents\魔法少女まどか☆マギカ -the ultimate modification-.mp4
[2011/05/16 03:15:37 | 000,125,737 | ---- | M] () -- C:\Users\Sizustar\Documents\1305417382835.jpg
[2011/05/16 03:15:31 | 000,118,941 | ---- | M] () -- C:\Users\Sizustar\Documents\1305417026623.jpg
[2011/05/16 03:15:21 | 000,110,964 | ---- | M] () -- C:\Users\Sizustar\Documents\1305415767642.jpg
[2011/05/16 03:13:11 | 000,361,571 | ---- | M] () -- C:\Users\Sizustar\Documents\1305445135069.gif
[2011/05/15 20:02:27 | 000,423,459 | ---- | M] () -- C:\Users\Sizustar\Documents\1305449679532.jpg
[2011/05/15 20:02:10 | 000,079,016 | ---- | M] () -- C:\Users\Sizustar\Documents\1305448473372.jpg
[2011/05/14 18:17:06 | 000,304,497 | ---- | M] () -- C:\Users\Sizustar\Documents\1305303779911.jpg
[2011/05/14 07:19:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/14 06:31:36 | 000,950,611 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 08.jpg
[2011/05/14 06:31:35 | 000,969,618 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 07.jpg
[2011/05/14 06:31:31 | 001,025,414 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 06.jpg
[2011/05/14 06:31:29 | 000,987,552 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 05.jpg
[2011/05/14 06:31:27 | 001,083,287 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 04.jpg
[2011/05/14 06:31:25 | 001,071,435 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 03.jpg
[2011/05/14 06:31:17 | 001,126,169 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 02.jpg
[2011/05/14 06:31:13 | 001,072,869 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 01.jpg
[2011/05/14 05:04:38 | 000,358,258 | ---- | M] () -- C:\Users\Sizustar\Documents\1305315838683.gif
[2011/05/14 05:01:28 | 000,068,701 | ---- | M] () -- C:\Users\Sizustar\Documents\709.jpg
[2011/05/13 14:20:13 | 000,001,265 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Some PDF Image Extractr.lnk
[2011/05/13 14:20:13 | 000,001,077 | ---- | M] () -- C:\Users\Sizustar\Desktop\Some PDF Image Extractr.lnk
[2011/05/13 05:35:17 | 000,433,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110516-211626.backup
[2011/05/13 04:30:47 | 000,457,256 | ---- | M] () -- C:\Users\Sizustar\Documents\1305219526827.jpg
[2011/05/13 04:30:34 | 000,463,939 | ---- | M] () -- C:\Users\Sizustar\Documents\1305219617028.jpg
[2011/05/11 23:12:29 | 000,002,159 | ---- | M] () -- C:\Users\Sizustar\Desktop\Easy Clone Detective.lnk
[2011/05/11 21:20:31 | 000,000,972 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2011/05/11 21:20:31 | 000,000,948 | ---- | M] () -- C:\Users\Sizustar\Desktop\Bandicam.lnk
[2011/05/10 20:19:52 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2011/05/09 21:22:07 | 001,512,209 | ---- | M] () -- C:\Users\Sizustar\Documents\18641737.png
[2011/05/09 17:50:40 | 009,554,139 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】東方キャラ達に『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 17:49:54 | 009,559,266 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】みんなに『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 02:28:28 | 000,114,723 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p3.jpg
[2011/05/09 02:28:25 | 000,101,106 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p2.jpg
[2011/05/09 02:28:20 | 000,120,254 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p0.jpg
[2011/05/09 02:28:19 | 000,110,753 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p1.jpg
[2011/05/09 02:26:39 | 000,020,678 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p2.png
[2011/05/09 02:26:24 | 000,073,644 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p0.png
[2011/05/09 02:26:24 | 000,051,358 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p1.png
[2011/05/06 02:10:05 | 000,433,197 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110513-053517.backup
[2011/05/05 18:58:24 | 000,024,576 | ---- | M] () -- C:\Users\Sizustar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 11:22:46 | 000,001,145 | ---- | M] () -- C:\Users\Sizustar\Desktop\神楽早春賦.lnk
[2011/05/05 02:51:35 | 000,126,392 | ---- | M] () -- C:\Users\Sizustar\Documents\241085%20-%20Boomer%20JoPereira%20Louis%20left_4_dead%20zoey.jpg
[2011/05/04 23:50:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/04 21:05:34 | 002,230,672 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:25:38 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2011/05/02 17:58:31 | 000,033,371 | ---- | M] () -- C:\Users\Sizustar\Documents\image.jpeg
[2011/05/02 07:30:17 | 000,025,615 | ---- | M] () -- C:\Users\Sizustar\Documents\gamportal2turretdoll530.jpg
[2011/05/02 05:57:51 | 000,437,014 | ---- | M] () -- C:\Users\Sizustar\Documents\1303810964794.jpg
[2011/05/02 05:42:18 | 000,392,880 | ---- | M] () -- C:\Users\Sizustar\Documents\27.jpg
[2011/05/02 05:40:56 | 000,331,092 | ---- | M] () -- C:\Users\Sizustar\Documents\16.jpg
[2011/05/01 23:02:15 | 000,057,727 | ---- | M] () -- C:\Users\Sizustar\Documents\Kon.jpg
[2011/05/01 21:31:42 | 000,148,371 | ---- | M] () -- C:\Users\Sizustar\Documents\f7e2fce5.jpg
[2011/05/01 21:31:41 | 000,059,413 | ---- | M] () -- C:\Users\Sizustar\Documents\a9ca51a0.jpg
[2011/05/01 15:58:27 | 008,995,515 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】東方モデルをミニスカで【ハッピーシンセサイザ】.flv
[2011/05/01 15:39:50 | 000,496,803 | ---- | M] () -- C:\Users\Sizustar\Documents\1304224434344.jpg
[2011/04/30 22:36:55 | 000,001,171 | ---- | M] () -- C:\Users\Sizustar\Desktop\iSkysoft DRM Removal.lnk
[2011/04/30 22:20:26 | 000,001,500 | ---- | M] () -- C:\Users\Sizustar\Desktop\wmplayer.exe - Shortcut.lnk
[2011/04/30 12:56:42 | 000,310,984 | ---- | M] () -- C:\Users\Sizustar\Documents\1304094452752.jpg
[2011/04/30 12:41:42 | 000,020,012 | ---- | M] () -- C:\Users\Sizustar\Documents\img1f73137bzik3zj.jpg
[2011/04/30 06:40:07 | 000,818,225 | ---- | M] () -- C:\Users\Sizustar\Documents\18299616.jpg
[2011/04/30 04:31:37 | 001,252,646 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2018.jpg
[2011/04/30 04:29:36 | 001,818,372 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2016.jpg
[2011/04/30 04:29:17 | 001,090,343 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%20%2015.jpg
[2011/04/30 04:28:27 | 000,525,590 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2014.jpg
[2011/04/30 04:28:21 | 001,211,011 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%201%20-%20Page%2013.jpg
[2011/04/29 20:47:19 | 000,074,035 | ---- | M] () -- C:\Users\Sizustar\Documents\Transformers-3-Dark-of-the-Moon-Teaser-Poster-Clear_1291759448_1298047467_1302887052.jpg
[2011/04/29 19:37:11 | 000,002,052 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:00:52 | 000,376,002 | ---- | M] () -- C:\Users\Sizustar\Documents\hana_m00.jpg
[2011/04/28 23:58:33 | 000,192,627 | ---- | M] () -- C:\Users\Sizustar\Documents\18467814.jpg
[2011/04/27 06:45:30 | 000,046,361 | ---- | M] () -- C:\Users\Sizustar\Documents\18336267_m.jpg
[2011/04/27 06:30:24 | 000,029,581 | ---- | M] () -- C:\Users\Sizustar\Documents\2132446298_full.jpg
[2011/04/26 21:38:57 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/26 21:38:57 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 21:38:57 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 21:38:57 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 21:37:05 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2011/04/24 09:09:04 | 000,091,731 | ---- | M] () -- C:\Users\Sizustar\Documents\1303369309370.jpg
[2011/04/24 01:50:58 | 000,241,779 | ---- | M] () -- C:\Users\Sizustar\Documents\rspc9030.png
[2011/04/23 09:07:03 | 000,514,354 | ---- | M] () -- C:\Users\Sizustar\Documents\12825701.jpg
[2011/04/23 08:54:40 | 021,342,466 | ---- | M] () -- C:\Users\Sizustar\Documents\【手書き】家に帰ると妻がいつも死んだふりをしています。.flv
[2011/04/23 04:59:20 | 000,083,110 | ---- | M] () -- C:\Users\Sizustar\Documents\1303379198437.jpg
[2011/04/23 04:57:00 | 000,470,301 | ---- | M] () -- C:\Users\Sizustar\Documents\1303489211059.png
[2011/04/23 04:52:53 | 000,115,758 | ---- | M] () -- C:\Users\Sizustar\Documents\2yjwow1.jpg

========== Files Created - No Company Name ==========

[2011/05/23 01:10:48 | 000,392,384 | ---- | C] () -- C:\Users\Sizustar\Desktop\rgssad_wx.rar
[2011/05/22 23:50:14 | 000,705,554 | ---- | C] () -- C:\Users\Sizustar\Desktop\18955039.jpg
[2011/05/22 21:21:11 | 115,690,975 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/05/22 21:21:06 | 000,428,032 | ---- | C] () -- C:\Users\Sizustar\Desktop\RegQuery.exe
[2011/05/22 21:20:24 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 21:20:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/05/22 21:20:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/05/22 21:18:54 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 21:18:35 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/05/22 21:18:35 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/05/22 15:41:21 | 314,685,165 | ---- | C] () -- C:\Users\Sizustar\Desktop\[YOUSMELL] Tiger & Bunny - 08.mkv
[2011/05/21 23:08:48 | 000,293,775 | ---- | C] () -- C:\Users\Sizustar\Desktop\gmer.zip
[2011/05/21 22:49:31 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/21 04:11:53 | 000,000,512 | ---- | C] () -- C:\Users\Sizustar\Desktop\MBR.dat
[2011/05/21 03:30:56 | 494,202,755 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/20 22:47:51 | 000,487,427 | ---- | C] () -- C:\Users\Sizustar\Desktop\4koma02.jpg
[2011/05/20 22:42:20 | 000,485,009 | ---- | C] () -- C:\Users\Sizustar\Desktop\4koma01.jpg
[2011/05/19 16:06:33 | 000,064,879 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305722752751.jpg
[2011/05/19 15:44:42 | 000,181,546 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305471061148.jpg
[2011/05/19 15:27:28 | 000,089,643 | ---- | C] () -- C:\Users\Sizustar\Desktop\2ds45qp.jpg
[2011/05/19 00:20:42 | 000,367,892 | ---- | C] () -- C:\Users\Sizustar\Desktop\4komaa00.jpg
[2011/05/18 20:44:08 | 000,049,965 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305595023594.jpg
[2011/05/17 01:02:51 | 000,066,930 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305478116764.jpg
[2011/05/16 22:19:47 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\DiaGnosis2.lnk
[2011/05/16 22:03:41 | 000,161,091 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305541100664.jpg
[2011/05/16 20:59:53 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 19:04:02 | 000,063,373 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305507516408.jpg
[2011/05/16 17:04:02 | 026,845,822 | ---- | C] () -- C:\Users\Sizustar\Documents\【東方】『幻想万華鏡』予告編 満福神社×幽閉サテライト【アニメ】 - [sm14400995].mp4
[2011/05/16 09:15:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/16 08:17:36 | 060,579,845 | ---- | C] () -- C:\Users\Sizustar\Documents\【第6回MMD杯本選】恋天使ルシフェル.mp4
[2011/05/16 08:04:23 | 050,744,207 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにまっさらブルージーンズを踊ってもらった.mp4
[2011/05/16 07:56:56 | 068,736,850 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】BREEZE【魔王エンジェル】.mp4
[2011/05/16 07:54:34 | 039,453,402 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにNostalogicを踊ってもらった【修正版】.mp4
[2011/05/16 07:52:33 | 010,237,078 | ---- | C] () -- C:\Users\Sizustar\Documents\【3DCG】くるっと・おどって・初音ミク【ねんどろいど】.flv
[2011/05/16 07:39:37 | 024,412,373 | ---- | C] () -- C:\Users\Sizustar\Documents\【MikuMikuDance】助手よ素直になるがいい【Steins;Gate】.mp4
[2011/05/16 07:38:06 | 025,748,404 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】折紙さんが見切れないハレ晴レユカイ【と助手とホビロン】.mp4
[2011/05/16 07:37:05 | 021,085,786 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】松前緒花の「Ievan Polkka」(ミクは・・・)【第3回ラジP杯】.mp4
[2011/05/16 07:36:40 | 341,635,270 | ---- | C] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part2.rar
[2011/05/16 07:36:35 | 472,907,776 | ---- | C] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part1.rar
[2011/05/16 07:28:59 | 045,234,406 | ---- | C] () -- C:\Users\Sizustar\Documents\春香・美希 Bad Apple!!.mp4
[2011/05/16 07:17:56 | 016,196,926 | ---- | C] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた.mp4
[2011/05/16 07:14:36 | 097,315,165 | ---- | C] () -- C:\Users\Sizustar\Documents\【東方MMD】お嬢様がNostalogicを踊るはずだったのだけど【ちょっとPV風味】.mp4
[2011/05/16 07:03:30 | 009,512,862 | ---- | C] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた).flv
[2011/05/16 06:57:36 | 048,459,185 | ---- | C] () -- C:\Users\Sizustar\Documents\魔法少女まどか☆マギカ -the ultimate modification-.mp4
[2011/05/16 03:15:59 | 000,361,571 | ---- | C] () -- C:\Users\Sizustar\Documents\1305445135069.gif
[2011/05/16 03:15:39 | 000,125,737 | ---- | C] () -- C:\Users\Sizustar\Documents\1305417382835.jpg
[2011/05/16 03:15:33 | 000,118,941 | ---- | C] () -- C:\Users\Sizustar\Documents\1305417026623.jpg
[2011/05/16 03:15:24 | 000,110,964 | ---- | C] () -- C:\Users\Sizustar\Documents\1305415767642.jpg
[2011/05/16 01:26:03 | 000,006,638 | ---- | C] () -- C:\Users\Sizustar\AppData\Roaming\0EDE.18C
[2011/05/15 20:02:35 | 000,423,459 | ---- | C] () -- C:\Users\Sizustar\Documents\1305449679532.jpg
[2011/05/15 20:02:18 | 000,079,016 | ---- | C] () -- C:\Users\Sizustar\Documents\1305448473372.jpg
[2011/05/14 18:17:14 | 000,304,497 | ---- | C] () -- C:\Users\Sizustar\Documents\1305303779911.jpg
[2011/05/14 16:04:49 | 000,027,123 | ---- | C] () -- C:\Users\Sizustar\Documents\snapshot20080705212834.jpg
[2011/05/14 16:04:35 | 000,152,609 | ---- | C] () -- C:\Users\Sizustar\Documents\090624-maccros-12.jpg
[2011/05/14 16:04:30 | 000,152,358 | ---- | C] () -- C:\Users\Sizustar\Documents\090624-maccros-11.jpg
[2011/05/14 06:45:19 | 000,950,611 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 08.jpg
[2011/05/14 06:45:07 | 000,969,618 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 07.jpg
[2011/05/14 06:45:02 | 001,025,414 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 06.jpg
[2011/05/14 06:44:54 | 000,987,552 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 05.jpg
[2011/05/14 06:44:48 | 001,083,287 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 04.jpg
[2011/05/14 06:44:43 | 001,071,435 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 03.jpg
[2011/05/14 06:44:36 | 001,126,169 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 02.jpg
[2011/05/14 06:44:30 | 001,072,869 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 01.jpg
[2011/05/14 05:05:08 | 000,358,258 | ---- | C] () -- C:\Users\Sizustar\Documents\1305315838683.gif
[2011/05/14 05:01:38 | 000,068,701 | ---- | C] () -- C:\Users\Sizustar\Documents\709.jpg
[2011/05/13 14:20:13 | 000,001,265 | ---- | C] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Some PDF Image Extractr.lnk
[2011/05/13 14:20:13 | 000,001,077 | ---- | C] () -- C:\Users\Sizustar\Desktop\Some PDF Image Extractr.lnk
[2011/05/13 04:28:50 | 000,463,939 | ---- | C] () -- C:\Users\Sizustar\Documents\1305219617028.jpg
[2011/05/13 04:28:02 | 000,457,256 | ---- | C] () -- C:\Users\Sizustar\Documents\1305219526827.jpg
[2011/05/11 23:12:29 | 000,002,159 | ---- | C] () -- C:\Users\Sizustar\Desktop\Easy Clone Detective.lnk
[2011/05/09 21:40:20 | 001,512,209 | ---- | C] () -- C:\Users\Sizustar\Documents\18641737.png
[2011/05/09 17:50:40 | 009,554,139 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】東方キャラ達に『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 17:49:54 | 009,559,266 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】みんなに『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 02:28:46 | 000,114,723 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p3.jpg
[2011/05/09 02:28:44 | 000,101,106 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p2.jpg
[2011/05/09 02:28:41 | 000,110,753 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p1.jpg
[2011/05/09 02:28:39 | 000,120,254 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p0.jpg
[2011/05/09 02:26:57 | 000,073,644 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p0.png
[2011/05/09 02:26:54 | 000,051,358 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p1.png
[2011/05/09 02:26:50 | 000,020,678 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p2.png
[2011/05/05 11:32:28 | 004,325,376 | ---- | C] () -- C:\Windows\SysWow64\KaguraGSS.scr
[2011/05/05 11:22:46 | 000,001,145 | ---- | C] () -- C:\Users\Sizustar\Desktop\神楽早春賦.lnk
[2011/05/05 02:51:56 | 000,126,392 | ---- | C] () -- C:\Users\Sizustar\Documents\241085%20-%20Boomer%20JoPereira%20Louis%20left_4_dead%20zoey.jpg
[2011/05/04 21:05:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/04 21:05:34 | 002,230,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:25:38 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/05/02 18:00:34 | 000,033,371 | ---- | C] () -- C:\Users\Sizustar\Documents\image.jpeg
[2011/05/02 07:31:39 | 000,025,615 | ---- | C] () -- C:\Users\Sizustar\Documents\gamportal2turretdoll530.jpg
[2011/05/02 05:58:36 | 000,437,014 | ---- | C] () -- C:\Users\Sizustar\Documents\1303810964794.jpg
[2011/05/02 05:42:17 | 000,392,880 | ---- | C] () -- C:\Users\Sizustar\Documents\27.jpg
[2011/05/02 05:40:56 | 000,331,092 | ---- | C] () -- C:\Users\Sizustar\Documents\16.jpg
[2011/05/01 23:02:19 | 000,057,727 | ---- | C] () -- C:\Users\Sizustar\Documents\Kon.jpg
[2011/05/01 21:40:07 | 000,059,413 | ---- | C] () -- C:\Users\Sizustar\Documents\a9ca51a0.jpg
[2011/05/01 21:39:44 | 000,148,371 | ---- | C] () -- C:\Users\Sizustar\Documents\f7e2fce5.jpg
[2011/05/01 15:58:27 | 008,995,515 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】東方モデルをミニスカで【ハッピーシンセサイザ】.flv
[2011/05/01 15:41:42 | 000,496,803 | ---- | C] () -- C:\Users\Sizustar\Documents\1304224434344.jpg
[2011/04/30 22:36:55 | 000,001,171 | ---- | C] () -- C:\Users\Sizustar\Desktop\iSkysoft DRM Removal.lnk
[2011/04/30 22:36:54 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2011/04/30 22:36:54 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/04/30 22:36:54 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/04/30 22:20:26 | 000,001,500 | ---- | C] () -- C:\Users\Sizustar\Desktop\wmplayer.exe - Shortcut.lnk
[2011/04/30 12:56:52 | 000,310,984 | ---- | C] () -- C:\Users\Sizustar\Documents\1304094452752.jpg
[2011/04/30 12:41:46 | 000,020,012 | ---- | C] () -- C:\Users\Sizustar\Documents\img1f73137bzik3zj.jpg
[2011/04/30 06:40:42 | 000,818,225 | ---- | C] () -- C:\Users\Sizustar\Documents\18299616.jpg
[2011/04/30 04:31:38 | 001,252,646 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2018.jpg
[2011/04/30 04:31:21 | 001,818,372 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2016.jpg
[2011/04/30 04:31:17 | 001,090,343 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%20%2015.jpg
[2011/04/30 04:31:11 | 000,525,590 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2014.jpg
[2011/04/30 04:30:05 | 001,211,011 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%201%20-%20Page%2013.jpg
[2011/04/29 20:47:23 | 000,074,035 | ---- | C] () -- C:\Users\Sizustar\Documents\Transformers-3-Dark-of-the-Moon-Teaser-Poster-Clear_1291759448_1298047467_1302887052.jpg
[2011/04/29 17:01:59 | 000,376,002 | ---- | C] () -- C:\Users\Sizustar\Documents\hana_m00.jpg
[2011/04/28 23:58:39 | 000,192,627 | ---- | C] () -- C:\Users\Sizustar\Documents\18467814.jpg
[2011/04/27 06:45:47 | 000,046,361 | ---- | C] () -- C:\Users\Sizustar\Documents\18336267_m.jpg
[2011/04/27 06:30:29 | 000,029,581 | ---- | C] () -- C:\Users\Sizustar\Documents\2132446298_full.jpg
[2011/04/27 05:51:22 | 000,284,459 | ---- | C] () -- C:\Users\Sizustar\Desktop\1284133142.jpg
[2011/04/24 09:09:16 | 000,091,731 | ---- | C] () -- C:\Users\Sizustar\Documents\1303369309370.jpg
[2011/04/24 06:35:53 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/04/24 06:35:53 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/24 06:35:53 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/24 06:35:53 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/24 06:35:53 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/04/24 06:35:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/24 01:52:26 | 000,241,779 | ---- | C] () -- C:\Users\Sizustar\Documents\rspc9030.png
[2011/04/23 09:03:14 | 000,514,354 | ---- | C] () -- C:\Users\Sizustar\Documents\12825701.jpg
[2011/04/23 08:51:18 | 021,342,466 | ---- | C] () -- C:\Users\Sizustar\Documents\【手書き】家に帰ると妻がいつも死んだふりをしています。.flv
[2011/04/23 04:59:27 | 000,083,110 | ---- | C] () -- C:\Users\Sizustar\Documents\1303379198437.jpg
[2011/04/23 04:57:05 | 000,470,301 | ---- | C] () -- C:\Users\Sizustar\Documents\1303489211059.png
[2011/04/23 04:53:23 | 000,115,758 | ---- | C] () -- C:\Users\Sizustar\Documents\2yjwow1.jpg
[2011/04/23 04:08:05 | 000,384,328 | ---- | C] () -- C:\Users\Sizustar\Desktop\1301228225916.jpg
[2011/04/19 15:06:52 | 000,000,036 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\housecall.guid.cache
[2011/04/19 14:47:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/19 14:47:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/19 14:47:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/19 14:47:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/19 14:47:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 18:42:53 | 000,000,459 | ---- | C] () -- C:\Users\Sizustar\AppData\Roaming\Syscfg.ini
[2011/03/12 02:45:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/03/02 04:57:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/02 04:57:48 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/21 15:57:49 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/02/21 15:57:49 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/02/21 15:57:49 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2011/02/21 15:57:49 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2011/02/21 08:36:24 | 000,704,000 | ---- | C] () -- C:\Windows\is-INQ5J.exe
[2010/12/09 03:14:53 | 000,673,280 | ---- | C] () -- C:\Windows\is-6H2JS.exe
[2010/11/12 01:36:14 | 000,007,610 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\Resmon.ResmonCfg
[2010/11/06 01:09:43 | 000,003,673 | ---- | C] () -- C:\Windows\SysWow64\10.inf1031.dat
[2010/10/30 00:48:13 | 000,003,738 | ---- | C] () -- C:\Windows\SysWow64\30.inf3037.dat
[2010/10/23 00:47:14 | 000,003,737 | ---- | C] () -- C:\Windows\SysWow64\10.inf1028.dat
[2010/10/18 15:48:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010/09/28 16:41:16 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/26 16:34:34 | 000,209,793 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/09/26 16:34:34 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/09/26 15:46:33 | 000,024,576 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 00:07:31 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2010/09/26 00:07:31 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2010/09/26 00:07:31 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2010/09/26 00:07:30 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2010/09/25 09:21:37 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/09/25 01:19:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/02 15:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 15:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2005/08/18 15:28:30 | 000,273,408 | ---- | C] () -- C:\Windows\SysWow64\unlha32.dll

========== LOP Check ==========

[2010/12/22 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\.minecraft
[2010/09/25 01:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\acccore
[2010/09/25 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\ACD Systems
[2010/09/25 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AutoSizer
[2011/05/05 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG
[2011/05/05 01:05:01 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG10
[2011/04/19 14:43:33 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG9
[2010/12/31 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\BANDISOFT
[2010/10/24 10:05:04 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 02:33:48 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Dojin Circle Kirarin
[2011/05/19 01:26:09 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\foobar2000
[2010/10/21 06:12:10 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Foxit
[2010/09/26 11:19:07 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Foxit Software
[2011/02/24 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\GARMIN
[2010/10/25 01:24:44 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\GlarySoft
[2011/02/21 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Leadertech
[2010/12/10 16:18:09 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\PC Suite
[2010/11/12 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\runic games
[2011/04/13 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Sony
[2011/03/16 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\T-Time Preferences
[2010/10/24 06:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TECH GIAN
[2011/03/17 16:13:51 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Trinity
[2010/12/09 03:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TweakNow PowerPack 2010
[2010/11/12 18:00:32 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TweakNow PowerPack Professional
[2011/04/01 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\UDown
[2011/05/23 03:55:38 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\uTorrent
[2011/03/02 14:53:22 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Files - Unicode (All) ==========
[2011/05/23 02:19:20 | 000,000,000 | ---D | M](C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大?_Destiny][合集][完]) -- C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大师_Destiny][合集][完]
[2011/05/23 02:12:46 | 000,000,000 | ---D | C](C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大?_Destiny][合集][完]) -- C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大师_Destiny][合集][完]
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?j|t,e°T) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¤j¦t¸ê°T

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


  • 0

#33
Render
Posted 22 May 2011 - 02:55 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Cool. Please perform these steps:

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51293

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please this time don't click on Quick Scan but [Run Scan button.

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • MBAM log
  • OTL scan log

  • 0

#34
bluewr
Posted 22 May 2011 - 03:28 PM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL FIx Log

All processes killed
========== OTL ==========
HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sizustar
->Temp folder emptied: 2009331 bytes
->Temporary Internet Files folder emptied: 146882730 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96042042 bytes
->Flash cache emptied: 22042 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2365 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 403719136 bytes

Total Files Cleaned = 619.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sizustar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_051429

Files\Folders moved on Reboot...
C:\Users\Sizustar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14YKF37\adsCAOAUL31.htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14YKF37\ads[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14YKF37\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14YKF37\search[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14YKF37\st[1] moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVJMPQ8I\ads[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVJMPQ8I\htmlbanner[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVJMPQ8I\iframe3[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY1H0ZH7\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PY1H0ZH7\search[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LI6DM9ME\adsCAJ4WQAD.htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LI6DM9ME\iframe[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJUTKXKH\adsCAN4BKPI.htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJUTKXKH\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJUTKXKH\search[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJUTKXKH\st[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\cm[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\cm[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\cm[3].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\cm[4].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\cm[5].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\search[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFNCT2X6\瑠衣ルート[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1PIF89Z\like[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1PIF89Z\mainmenu[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1PIF89Z\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAW0D3TZ\adsCAIX8K6X.htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAW0D3TZ\dcd66f2b[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAW0D3TZ\index[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAW0D3TZ\like[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAW0D3TZ\xd_proxy[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LK94YLP\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LK94YLP\search[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LK94YLP\search[3].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVMDFWU\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZVMDFWU\tweet_button[6].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\ads[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\ads[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\cm[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\katakana-chart-t6[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\message[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2R3S9OA3\search[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NV4GQ3D\ads[1].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NV4GQ3D\ads[2].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NV4GQ3D\ads[3].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NV4GQ3D\ads[4].htm moved successfully.
C:\Users\Sizustar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NV4GQ3D\menu[1].htm moved successfully.

Registry entries deleted on Reboot...


MalwareByte

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6643

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011/05/23 5:24:51
mbam-log-2011-05-23 (05-24-51).txt

Scan type: Quick scan
Objects scanned: 160110
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL custom scan

OTL logfile created on: 2011/05/23 5:26:15 - Run 6
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Sizustar\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000411 | Country: Japan | Language: JPN | Date Format: yyyy/MM/dd

8.00 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 78.65% Memory free
16.00 Gb Paging File | 14.19 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): c:\pagefile.sys 8191 8191 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.35 Gb Total Space | 274.16 Gb Free Space | 58.92% Space Free | Partition Type: NTFS
Drive D: | 466.16 Gb Total Space | 414.96 Gb Free Space | 89.02% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 715.46 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 113.05 Gb Free Space | 37.92% Space Free | Partition Type: NTFS

Computer Name: SIZUSTAR-PC | User Name: Sizustar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
PRC - [2011/05/10 22:27:38 | 005,607,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/01 06:17:51 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/03/02 04:56:03 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 01:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
MOD - [2010/11/20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 01:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/03/15 15:18:32 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011/03/15 15:18:22 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2010/10/28 18:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/01 06:17:51 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe -- (a2AntiMalware)
SRV - [2011/03/02 04:56:03 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2011/02/21 15:58:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 23:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/02 04:56:03 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/01/19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 15:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 03:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/08/25 01:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/25 01:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/02/18 02:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/18 02:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/02/01 18:15:04 | 000,043,520 | ---- | M] (ASUSTek Computer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ipgdnd60.sys -- (ipgd)
DRV - [2011/05/21 22:49:39 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2011/03/12 17:46:36 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/02/21 16:14:38 | 000,014,592 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MassDfu.sys -- (DFU)
DRV - [2010/12/18 19:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (TSS_FSFILTER)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (DynamicEDController)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja
IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://my.daemon-sea....com/startpage"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.6.7
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.4b1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4.0024
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/26 16:38:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 19:37:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/16 14:22:46 | 000,000,000 | ---D | M]

[2010/09/25 01:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Extensions
[2011/05/22 03:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions
[2011/04/10 10:41:15 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/01 10:41:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/02 04:44:34 | 000,002,059 | ---- | M] () -- C:\Users\Sizustar\AppData\Roaming\Mozilla\Firefox\Profiles\2yaoxcwj.default\searchplugins\daemon-search.xml
[2011/03/22 16:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\SIZUSTAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YAOXCWJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SIZUSTAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YAOXCWJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/04/29 19:36:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/10/21 06:11:42 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/23 05:14:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2AA793B8-230D-4EE1-9158-21ADA1421950} http://download.powe...tw/fsplayer.cab (Reg Error: Key error.)
O16 - DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} http://www.dotbook.j...TimeCrochet.cab (CrochetCtrl Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} http://trinity.dlsit...ex/pbebkick.cab (PbEbkick Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (Reg Error: Key error.)
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} https://gash.gamania....1/lcjggame.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.16.0.cab (SysInfo Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/01 04:30:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 03:52:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
[2011/05/23 01:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/22 21:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/05/22 21:20:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/05/22 21:20:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/05/22 21:18:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/22 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/22 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/22 21:18:51 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/22 21:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/22 21:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/05/22 21:18:35 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2011/05/22 21:18:30 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2011/05/22 21:18:30 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2011/05/22 21:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2011/05/22 20:04:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/22 19:19:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 15:43:09 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\[jumpcn][Toriko][08][Big5][848x480].rmvb
[2011/05/21 23:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\gmer
[2011/05/21 04:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/21 04:24:09 | 118,836,944 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.05.2011_22-09.exe
[2011/05/21 03:38:34 | 142,132,328 | ---- | C] (NVIDIA Corporation) -- C:\270.61-desktop-win7-winvista-64bit-english-whql.exe
[2011/05/21 00:12:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/20 15:11:43 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Ragnarok
[2011/05/20 07:24:18 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\asufe101
[2011/05/20 07:24:14 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\TORMENTRIP
[2011/05/16 22:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BLUEWATER
[2011/05/16 22:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BLUEWATER
[2011/05/16 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/16 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/05/16 20:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/16 09:15:34 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/16 09:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/16 09:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/05/16 09:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/13 22:30:48 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Eroquis_gallery
[2011/05/13 14:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SomePDF
[2011/05/13 14:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SomePDF
[2011/05/13 04:30:34 | 000,000,000 | -H-D | C] -- C:\Users\Sizustar\Desktop\[Originals]
[2011/05/11 23:13:27 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Local\Easy Clone Detective
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Refero Group
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Refero Group
[2011/05/11 23:12:29 | 000,000,000 | ---D | C] -- C:\Windows\Easy Clone Detective
[2011/05/11 21:24:40 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/11 21:24:40 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/11 21:24:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 21:24:39 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/11 21:24:38 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 21:24:37 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 21:24:37 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/08 00:43:27 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\Vorpal_Rabbit_1_0_0_2
[2011/05/05 04:24:16 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\AVG
[2011/05/05 04:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/05 01:51:19 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/05/05 01:05:01 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\AppData\Roaming\AVG10
[2011/05/05 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/05/05 00:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/05/03 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Desktop\hana_circle
[2011/05/01 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lame3.98.2
[2011/04/30 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\Sizustar\Documents\iSkysoft DRM Removal
[2011/04/30 22:37:06 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2011/04/30 22:37:04 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2011/04/30 22:37:02 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2011/04/30 22:37:00 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2011/04/30 22:36:57 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2011/04/30 22:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[2011/04/30 22:36:54 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2011/04/30 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSkysoft
[2011/04/28 08:02:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/04/28 01:11:02 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/28 01:11:02 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/28 01:11:02 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/28 01:11:02 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/28 01:11:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/28 01:11:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/28 01:11:02 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/28 01:10:59 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/28 01:10:59 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/28 01:10:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/28 01:10:58 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/28 01:10:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/28 01:10:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/26 21:39:00 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 21:39:00 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 21:39:00 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 21:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/24 20:57:03 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\pncrt.dll
[2011/04/24 20:57:03 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\drv43260.dll
[2011/04/24 20:57:03 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\drv33260.dll
[2011/04/24 20:57:03 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\sipr3260.dll
[2011/04/24 20:57:03 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\cook.dll
[2011/04/24 06:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
[2011/04/24 06:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/04/24 06:35:53 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/04/24 06:35:53 | 000,630,784 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2011/04/24 06:35:53 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\I263_32.drv
[2011/04/24 06:35:53 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\Windows\SysWow64\divxa32.acm
[2011/04/24 06:35:53 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/04/24 06:35:53 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2011/04/24 06:35:53 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/04/24 06:35:53 | 000,122,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/04/24 06:35:53 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\SysWow64\huffyuv.dll
[2011/04/24 06:31:42 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll.bak

========== Files - Modified Within 30 Days ==========

[2011/05/23 05:25:02 | 002,188,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/23 05:25:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/23 05:25:02 | 000,398,716 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/05/23 05:25:02 | 000,396,450 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2011/05/23 05:25:02 | 000,361,570 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2011/05/23 05:25:02 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2011/05/23 05:25:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/05/23 05:25:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/23 05:25:02 | 000,104,050 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2011/05/23 05:20:36 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/05/23 05:20:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/23 05:20:24 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 05:14:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/05/23 03:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Sizustar\Desktop\OTL.exe
[2011/05/23 01:28:39 | 000,433,294 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110523-014630.backup
[2011/05/23 01:10:48 | 000,392,384 | ---- | M] () -- C:\Users\Sizustar\Desktop\rgssad_wx.rar
[2011/05/22 23:49:54 | 000,705,554 | ---- | M] () -- C:\Users\Sizustar\Desktop\18955039.jpg
[2011/05/22 21:21:12 | 000,428,032 | ---- | M] () -- C:\Users\Sizustar\Desktop\RegQuery.exe
[2011/05/22 21:21:11 | 115,690,975 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/05/22 21:20:24 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 21:20:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/05/22 21:20:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/05/22 21:18:54 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 21:18:35 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/05/22 19:27:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110523-012839.backup
[2011/05/22 19:23:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 19:23:53 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 15:50:58 | 314,685,165 | ---- | M] () -- C:\Users\Sizustar\Desktop\[YOUSMELL] Tiger & Bunny - 08.mkv
[2011/05/21 23:08:49 | 000,293,775 | ---- | M] () -- C:\Users\Sizustar\Desktop\gmer.zip
[2011/05/21 22:49:39 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/21 04:28:55 | 118,836,944 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.05.2011_22-09.exe
[2011/05/21 04:11:53 | 000,000,512 | ---- | M] () -- C:\Users\Sizustar\Desktop\MBR.dat
[2011/05/21 03:48:12 | 494,202,755 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/21 03:39:53 | 142,132,328 | ---- | M] (NVIDIA Corporation) -- C:\270.61-desktop-win7-winvista-64bit-english-whql.exe
[2011/05/20 22:51:28 | 000,487,427 | ---- | M] () -- C:\Users\Sizustar\Desktop\4koma02.jpg
[2011/05/20 22:49:55 | 000,485,009 | ---- | M] () -- C:\Users\Sizustar\Desktop\4koma01.jpg
[2011/05/20 13:20:25 | 000,001,060 | ---- | M] () -- C:\Windows\SysNative\PDBootState
[2011/05/19 15:44:28 | 000,181,546 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305471061148.jpg
[2011/05/19 15:30:40 | 000,064,879 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305722752751.jpg
[2011/05/19 15:27:22 | 000,089,643 | ---- | M] () -- C:\Users\Sizustar\Desktop\2ds45qp.jpg
[2011/05/19 00:22:24 | 000,367,892 | ---- | M] () -- C:\Users\Sizustar\Desktop\4komaa00.jpg
[2011/05/18 20:43:58 | 000,049,965 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305595023594.jpg
[2011/05/17 09:40:53 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/17 01:02:43 | 000,066,930 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305478116764.jpg
[2011/05/16 22:19:47 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\DiaGnosis2.lnk
[2011/05/16 22:03:31 | 000,161,091 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305541100664.jpg
[2011/05/16 21:16:26 | 000,433,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/05/16 19:03:51 | 000,063,373 | ---- | M] () -- C:\Users\Sizustar\Desktop\1305507516408.jpg
[2011/05/16 14:34:15 | 000,006,638 | ---- | M] () -- C:\Users\Sizustar\AppData\Roaming\0EDE.18C
[2011/05/16 12:34:18 | 026,845,822 | ---- | M] () -- C:\Users\Sizustar\Documents\【東方】『幻想万華鏡』予告編 満福神社×幽閉サテライト【アニメ】 - [sm14400995].mp4
[2011/05/16 09:15:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/16 08:17:39 | 060,579,845 | ---- | M] () -- C:\Users\Sizustar\Documents\【第6回MMD杯本選】恋天使ルシフェル.mp4
[2011/05/16 08:04:25 | 050,744,207 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにまっさらブルージーンズを踊ってもらった.mp4
[2011/05/16 08:01:08 | 068,736,850 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】BREEZE【魔王エンジェル】.mp4
[2011/05/16 07:54:35 | 039,453,402 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにNostalogicを踊ってもらった【修正版】.mp4
[2011/05/16 07:52:33 | 010,237,078 | ---- | M] () -- C:\Users\Sizustar\Documents\【3DCG】くるっと・おどって・初音ミク【ねんどろいど】.flv
[2011/05/16 07:43:50 | 472,907,776 | ---- | M] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part1.rar
[2011/05/16 07:41:56 | 341,635,270 | ---- | M] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part2.rar
[2011/05/16 07:40:02 | 024,412,373 | ---- | M] () -- C:\Users\Sizustar\Documents\【MikuMikuDance】助手よ素直になるがいい【Steins;Gate】.mp4
[2011/05/16 07:38:06 | 025,748,404 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】折紙さんが見切れないハレ晴レユカイ【と助手とホビロン】.mp4
[2011/05/16 07:37:06 | 021,085,786 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】松前緒花の「Ievan Polkka」(ミクは・・・)【第3回ラジP杯】.mp4
[2011/05/16 07:29:02 | 045,234,406 | ---- | M] () -- C:\Users\Sizustar\Documents\春香・美希 Bad Apple!!.mp4
[2011/05/16 07:19:37 | 016,196,926 | ---- | M] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた.mp4
[2011/05/16 07:14:41 | 097,315,165 | ---- | M] () -- C:\Users\Sizustar\Documents\【東方MMD】お嬢様がNostalogicを踊るはずだったのだけど【ちょっとPV風味】.mp4
[2011/05/16 06:57:39 | 048,459,185 | ---- | M] () -- C:\Users\Sizustar\Documents\魔法少女まどか☆マギカ -the ultimate modification-.mp4
[2011/05/16 03:15:37 | 000,125,737 | ---- | M] () -- C:\Users\Sizustar\Documents\1305417382835.jpg
[2011/05/16 03:15:31 | 000,118,941 | ---- | M] () -- C:\Users\Sizustar\Documents\1305417026623.jpg
[2011/05/16 03:15:21 | 000,110,964 | ---- | M] () -- C:\Users\Sizustar\Documents\1305415767642.jpg
[2011/05/16 03:13:11 | 000,361,571 | ---- | M] () -- C:\Users\Sizustar\Documents\1305445135069.gif
[2011/05/15 20:02:27 | 000,423,459 | ---- | M] () -- C:\Users\Sizustar\Documents\1305449679532.jpg
[2011/05/15 20:02:10 | 000,079,016 | ---- | M] () -- C:\Users\Sizustar\Documents\1305448473372.jpg
[2011/05/14 18:17:06 | 000,304,497 | ---- | M] () -- C:\Users\Sizustar\Documents\1305303779911.jpg
[2011/05/14 07:19:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/14 06:31:36 | 000,950,611 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 08.jpg
[2011/05/14 06:31:35 | 000,969,618 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 07.jpg
[2011/05/14 06:31:31 | 001,025,414 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 06.jpg
[2011/05/14 06:31:29 | 000,987,552 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 05.jpg
[2011/05/14 06:31:27 | 001,083,287 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 04.jpg
[2011/05/14 06:31:25 | 001,071,435 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 03.jpg
[2011/05/14 06:31:17 | 001,126,169 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 02.jpg
[2011/05/14 06:31:13 | 001,072,869 | ---- | M] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 01.jpg
[2011/05/14 05:04:38 | 000,358,258 | ---- | M] () -- C:\Users\Sizustar\Documents\1305315838683.gif
[2011/05/14 05:01:28 | 000,068,701 | ---- | M] () -- C:\Users\Sizustar\Documents\709.jpg
[2011/05/13 14:20:13 | 000,001,265 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Some PDF Image Extractr.lnk
[2011/05/13 14:20:13 | 000,001,077 | ---- | M] () -- C:\Users\Sizustar\Desktop\Some PDF Image Extractr.lnk
[2011/05/13 05:35:17 | 000,433,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110516-211626.backup
[2011/05/13 04:30:47 | 000,457,256 | ---- | M] () -- C:\Users\Sizustar\Documents\1305219526827.jpg
[2011/05/13 04:30:34 | 000,463,939 | ---- | M] () -- C:\Users\Sizustar\Documents\1305219617028.jpg
[2011/05/11 23:12:29 | 000,002,159 | ---- | M] () -- C:\Users\Sizustar\Desktop\Easy Clone Detective.lnk
[2011/05/11 21:20:31 | 000,000,972 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2011/05/11 21:20:31 | 000,000,948 | ---- | M] () -- C:\Users\Sizustar\Desktop\Bandicam.lnk
[2011/05/10 20:19:52 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2011/05/09 21:22:07 | 001,512,209 | ---- | M] () -- C:\Users\Sizustar\Documents\18641737.png
[2011/05/09 17:50:40 | 009,554,139 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】東方キャラ達に『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 17:49:54 | 009,559,266 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】みんなに『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 02:28:28 | 000,114,723 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p3.jpg
[2011/05/09 02:28:25 | 000,101,106 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p2.jpg
[2011/05/09 02:28:20 | 000,120,254 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p0.jpg
[2011/05/09 02:28:19 | 000,110,753 | ---- | M] () -- C:\Users\Sizustar\Documents\18532002_p1.jpg
[2011/05/09 02:26:39 | 000,020,678 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p2.png
[2011/05/09 02:26:24 | 000,073,644 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p0.png
[2011/05/09 02:26:24 | 000,051,358 | ---- | M] () -- C:\Users\Sizustar\Documents\18681769_p1.png
[2011/05/06 02:10:05 | 000,433,197 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110513-053517.backup
[2011/05/05 18:58:24 | 000,024,576 | ---- | M] () -- C:\Users\Sizustar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 11:22:46 | 000,001,145 | ---- | M] () -- C:\Users\Sizustar\Desktop\神楽早春賦.lnk
[2011/05/05 02:51:35 | 000,126,392 | ---- | M] () -- C:\Users\Sizustar\Documents\241085%20-%20Boomer%20JoPereira%20Louis%20left_4_dead%20zoey.jpg
[2011/05/04 23:50:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/05/04 21:05:34 | 002,230,672 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:25:38 | 000,000,056 | ---- | M] () -- C:\Windows\kgt2k.INI
[2011/05/02 17:58:31 | 000,033,371 | ---- | M] () -- C:\Users\Sizustar\Documents\image.jpeg
[2011/05/02 07:30:17 | 000,025,615 | ---- | M] () -- C:\Users\Sizustar\Documents\gamportal2turretdoll530.jpg
[2011/05/02 05:57:51 | 000,437,014 | ---- | M] () -- C:\Users\Sizustar\Documents\1303810964794.jpg
[2011/05/02 05:42:18 | 000,392,880 | ---- | M] () -- C:\Users\Sizustar\Documents\27.jpg
[2011/05/02 05:40:56 | 000,331,092 | ---- | M] () -- C:\Users\Sizustar\Documents\16.jpg
[2011/05/01 23:02:15 | 000,057,727 | ---- | M] () -- C:\Users\Sizustar\Documents\Kon.jpg
[2011/05/01 21:31:42 | 000,148,371 | ---- | M] () -- C:\Users\Sizustar\Documents\f7e2fce5.jpg
[2011/05/01 21:31:41 | 000,059,413 | ---- | M] () -- C:\Users\Sizustar\Documents\a9ca51a0.jpg
[2011/05/01 15:58:27 | 008,995,515 | ---- | M] () -- C:\Users\Sizustar\Documents\【MMD】東方モデルをミニスカで【ハッピーシンセサイザ】.flv
[2011/05/01 15:39:50 | 000,496,803 | ---- | M] () -- C:\Users\Sizustar\Documents\1304224434344.jpg
[2011/04/30 22:36:55 | 000,001,171 | ---- | M] () -- C:\Users\Sizustar\Desktop\iSkysoft DRM Removal.lnk
[2011/04/30 22:20:26 | 000,001,500 | ---- | M] () -- C:\Users\Sizustar\Desktop\wmplayer.exe - Shortcut.lnk
[2011/04/30 12:56:42 | 000,310,984 | ---- | M] () -- C:\Users\Sizustar\Documents\1304094452752.jpg
[2011/04/30 12:41:42 | 000,020,012 | ---- | M] () -- C:\Users\Sizustar\Documents\img1f73137bzik3zj.jpg
[2011/04/30 06:40:07 | 000,818,225 | ---- | M] () -- C:\Users\Sizustar\Documents\18299616.jpg
[2011/04/30 04:31:37 | 001,252,646 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2018.jpg
[2011/04/30 04:29:36 | 001,818,372 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2016.jpg
[2011/04/30 04:29:17 | 001,090,343 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%20%2015.jpg
[2011/04/30 04:28:27 | 000,525,590 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%2014.jpg
[2011/04/30 04:28:21 | 001,211,011 | ---- | M] () -- C:\Users\Sizustar\Documents\The%20Avengers%201%20-%20Page%2013.jpg
[2011/04/29 20:47:19 | 000,074,035 | ---- | M] () -- C:\Users\Sizustar\Documents\Transformers-3-Dark-of-the-Moon-Teaser-Poster-Clear_1291759448_1298047467_1302887052.jpg
[2011/04/29 19:37:11 | 000,002,052 | ---- | M] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:00:52 | 000,376,002 | ---- | M] () -- C:\Users\Sizustar\Documents\hana_m00.jpg
[2011/04/28 23:58:33 | 000,192,627 | ---- | M] () -- C:\Users\Sizustar\Documents\18467814.jpg
[2011/04/27 06:45:30 | 000,046,361 | ---- | M] () -- C:\Users\Sizustar\Documents\18336267_m.jpg
[2011/04/27 06:30:24 | 000,029,581 | ---- | M] () -- C:\Users\Sizustar\Documents\2132446298_full.jpg
[2011/04/26 21:38:57 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/04/26 21:38:57 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/04/26 21:38:57 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/04/26 21:38:57 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/04/26 21:37:05 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2011/04/24 09:09:04 | 000,091,731 | ---- | M] () -- C:\Users\Sizustar\Documents\1303369309370.jpg
[2011/04/24 01:50:58 | 000,241,779 | ---- | M] () -- C:\Users\Sizustar\Documents\rspc9030.png
[2011/04/23 09:07:03 | 000,514,354 | ---- | M] () -- C:\Users\Sizustar\Documents\12825701.jpg
[2011/04/23 08:54:40 | 021,342,466 | ---- | M] () -- C:\Users\Sizustar\Documents\【手書き】家に帰ると妻がいつも死んだふりをしています。.flv

========== Files Created - No Company Name ==========

[2011/05/23 01:10:48 | 000,392,384 | ---- | C] () -- C:\Users\Sizustar\Desktop\rgssad_wx.rar
[2011/05/22 23:50:14 | 000,705,554 | ---- | C] () -- C:\Users\Sizustar\Desktop\18955039.jpg
[2011/05/22 21:21:11 | 115,690,975 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/05/22 21:21:06 | 000,428,032 | ---- | C] () -- C:\Users\Sizustar\Desktop\RegQuery.exe
[2011/05/22 21:20:24 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/22 21:20:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/05/22 21:20:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/05/22 21:18:54 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/22 21:18:35 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/05/22 21:18:35 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2011/05/22 15:41:21 | 314,685,165 | ---- | C] () -- C:\Users\Sizustar\Desktop\[YOUSMELL] Tiger & Bunny - 08.mkv
[2011/05/21 23:08:48 | 000,293,775 | ---- | C] () -- C:\Users\Sizustar\Desktop\gmer.zip
[2011/05/21 22:49:31 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/21 04:11:53 | 000,000,512 | ---- | C] () -- C:\Users\Sizustar\Desktop\MBR.dat
[2011/05/21 03:30:56 | 494,202,755 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/20 22:47:51 | 000,487,427 | ---- | C] () -- C:\Users\Sizustar\Desktop\4koma02.jpg
[2011/05/20 22:42:20 | 000,485,009 | ---- | C] () -- C:\Users\Sizustar\Desktop\4koma01.jpg
[2011/05/19 16:06:33 | 000,064,879 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305722752751.jpg
[2011/05/19 15:44:42 | 000,181,546 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305471061148.jpg
[2011/05/19 15:27:28 | 000,089,643 | ---- | C] () -- C:\Users\Sizustar\Desktop\2ds45qp.jpg
[2011/05/19 00:20:42 | 000,367,892 | ---- | C] () -- C:\Users\Sizustar\Desktop\4komaa00.jpg
[2011/05/18 20:44:08 | 000,049,965 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305595023594.jpg
[2011/05/17 01:02:51 | 000,066,930 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305478116764.jpg
[2011/05/16 22:19:47 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\DiaGnosis2.lnk
[2011/05/16 22:03:41 | 000,161,091 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305541100664.jpg
[2011/05/16 20:59:53 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/16 19:04:02 | 000,063,373 | ---- | C] () -- C:\Users\Sizustar\Desktop\1305507516408.jpg
[2011/05/16 17:04:02 | 026,845,822 | ---- | C] () -- C:\Users\Sizustar\Documents\【東方】『幻想万華鏡』予告編 満福神社×幽閉サテライト【アニメ】 - [sm14400995].mp4
[2011/05/16 09:15:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/16 08:17:36 | 060,579,845 | ---- | C] () -- C:\Users\Sizustar\Documents\【第6回MMD杯本選】恋天使ルシフェル.mp4
[2011/05/16 08:04:23 | 050,744,207 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにまっさらブルージーンズを踊ってもらった.mp4
[2011/05/16 07:56:56 | 068,736,850 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】BREEZE【魔王エンジェル】.mp4
[2011/05/16 07:54:34 | 039,453,402 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】魔王エンジェルにNostalogicを踊ってもらった【修正版】.mp4
[2011/05/16 07:52:33 | 010,237,078 | ---- | C] () -- C:\Users\Sizustar\Documents\【3DCG】くるっと・おどって・初音ミク【ねんどろいど】.flv
[2011/05/16 07:39:37 | 024,412,373 | ---- | C] () -- C:\Users\Sizustar\Documents\【MikuMikuDance】助手よ素直になるがいい【Steins;Gate】.mp4
[2011/05/16 07:38:06 | 025,748,404 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】折紙さんが見切れないハレ晴レユカイ【と助手とホビロン】.mp4
[2011/05/16 07:37:05 | 021,085,786 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】松前緒花の「Ievan Polkka」(ミクは・・・)【第3回ラジP杯】.mp4
[2011/05/16 07:36:40 | 341,635,270 | ---- | C] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part2.rar
[2011/05/16 07:36:35 | 472,907,776 | ---- | C] () -- C:\Users\Sizustar\Desktop\[KiaiNeko] H-Manga Collection.part1.rar
[2011/05/16 07:28:59 | 045,234,406 | ---- | C] () -- C:\Users\Sizustar\Documents\春香・美希 Bad Apple!!.mp4
[2011/05/16 07:17:56 | 016,196,926 | ---- | C] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた.mp4
[2011/05/16 07:14:36 | 097,315,165 | ---- | C] () -- C:\Users\Sizustar\Documents\【東方MMD】お嬢様がNostalogicを踊るはずだったのだけど【ちょっとPV風味】.mp4
[2011/05/16 07:03:30 | 009,512,862 | ---- | C] () -- C:\Users\Sizustar\Documents\和曲似合いそうな歌い手集めて「凛として咲く花の如く」歌ってみた).flv
[2011/05/16 06:57:36 | 048,459,185 | ---- | C] () -- C:\Users\Sizustar\Documents\魔法少女まどか☆マギカ -the ultimate modification-.mp4
[2011/05/16 03:15:59 | 000,361,571 | ---- | C] () -- C:\Users\Sizustar\Documents\1305445135069.gif
[2011/05/16 03:15:39 | 000,125,737 | ---- | C] () -- C:\Users\Sizustar\Documents\1305417382835.jpg
[2011/05/16 03:15:33 | 000,118,941 | ---- | C] () -- C:\Users\Sizustar\Documents\1305417026623.jpg
[2011/05/16 03:15:24 | 000,110,964 | ---- | C] () -- C:\Users\Sizustar\Documents\1305415767642.jpg
[2011/05/16 01:26:03 | 000,006,638 | ---- | C] () -- C:\Users\Sizustar\AppData\Roaming\0EDE.18C
[2011/05/15 20:02:35 | 000,423,459 | ---- | C] () -- C:\Users\Sizustar\Documents\1305449679532.jpg
[2011/05/15 20:02:18 | 000,079,016 | ---- | C] () -- C:\Users\Sizustar\Documents\1305448473372.jpg
[2011/05/14 18:17:14 | 000,304,497 | ---- | C] () -- C:\Users\Sizustar\Documents\1305303779911.jpg
[2011/05/14 16:04:49 | 000,027,123 | ---- | C] () -- C:\Users\Sizustar\Documents\snapshot20080705212834.jpg
[2011/05/14 16:04:35 | 000,152,609 | ---- | C] () -- C:\Users\Sizustar\Documents\090624-maccros-12.jpg
[2011/05/14 16:04:30 | 000,152,358 | ---- | C] () -- C:\Users\Sizustar\Documents\090624-maccros-11.jpg
[2011/05/14 06:45:19 | 000,950,611 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 08.jpg
[2011/05/14 06:45:07 | 000,969,618 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 07.jpg
[2011/05/14 06:45:02 | 001,025,414 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 06.jpg
[2011/05/14 06:44:54 | 000,987,552 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 05.jpg
[2011/05/14 06:44:48 | 001,083,287 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 04.jpg
[2011/05/14 06:44:43 | 001,071,435 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 03.jpg
[2011/05/14 06:44:36 | 001,126,169 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 02.jpg
[2011/05/14 06:44:30 | 001,072,869 | ---- | C] () -- C:\Users\Sizustar\Documents\Nova, Mistress of Blades 01.jpg
[2011/05/14 05:05:08 | 000,358,258 | ---- | C] () -- C:\Users\Sizustar\Documents\1305315838683.gif
[2011/05/14 05:01:38 | 000,068,701 | ---- | C] () -- C:\Users\Sizustar\Documents\709.jpg
[2011/05/13 14:20:13 | 000,001,265 | ---- | C] () -- C:\Users\Sizustar\Application Data\Microsoft\Internet Explorer\Quick Launch\Some PDF Image Extractr.lnk
[2011/05/13 14:20:13 | 000,001,077 | ---- | C] () -- C:\Users\Sizustar\Desktop\Some PDF Image Extractr.lnk
[2011/05/13 04:28:50 | 000,463,939 | ---- | C] () -- C:\Users\Sizustar\Documents\1305219617028.jpg
[2011/05/13 04:28:02 | 000,457,256 | ---- | C] () -- C:\Users\Sizustar\Documents\1305219526827.jpg
[2011/05/11 23:12:29 | 000,002,159 | ---- | C] () -- C:\Users\Sizustar\Desktop\Easy Clone Detective.lnk
[2011/05/09 21:40:20 | 001,512,209 | ---- | C] () -- C:\Users\Sizustar\Documents\18641737.png
[2011/05/09 17:50:40 | 009,554,139 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】東方キャラ達に『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 17:49:54 | 009,559,266 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】みんなに『ハッピーシンセサイザ』踊ってもらった.flv
[2011/05/09 02:28:46 | 000,114,723 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p3.jpg
[2011/05/09 02:28:44 | 000,101,106 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p2.jpg
[2011/05/09 02:28:41 | 000,110,753 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p1.jpg
[2011/05/09 02:28:39 | 000,120,254 | ---- | C] () -- C:\Users\Sizustar\Documents\18532002_p0.jpg
[2011/05/09 02:26:57 | 000,073,644 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p0.png
[2011/05/09 02:26:54 | 000,051,358 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p1.png
[2011/05/09 02:26:50 | 000,020,678 | ---- | C] () -- C:\Users\Sizustar\Documents\18681769_p2.png
[2011/05/05 11:32:28 | 004,325,376 | ---- | C] () -- C:\Windows\SysWow64\KaguraGSS.scr
[2011/05/05 11:22:46 | 000,001,145 | ---- | C] () -- C:\Users\Sizustar\Desktop\神楽早春賦.lnk
[2011/05/05 02:51:56 | 000,126,392 | ---- | C] () -- C:\Users\Sizustar\Documents\241085%20-%20Boomer%20JoPereira%20Louis%20left_4_dead%20zoey.jpg
[2011/05/04 21:05:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/05/04 21:05:34 | 002,230,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:25:38 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2011/05/02 18:00:34 | 000,033,371 | ---- | C] () -- C:\Users\Sizustar\Documents\image.jpeg
[2011/05/02 07:31:39 | 000,025,615 | ---- | C] () -- C:\Users\Sizustar\Documents\gamportal2turretdoll530.jpg
[2011/05/02 05:58:36 | 000,437,014 | ---- | C] () -- C:\Users\Sizustar\Documents\1303810964794.jpg
[2011/05/02 05:42:17 | 000,392,880 | ---- | C] () -- C:\Users\Sizustar\Documents\27.jpg
[2011/05/02 05:40:56 | 000,331,092 | ---- | C] () -- C:\Users\Sizustar\Documents\16.jpg
[2011/05/01 23:02:19 | 000,057,727 | ---- | C] () -- C:\Users\Sizustar\Documents\Kon.jpg
[2011/05/01 21:40:07 | 000,059,413 | ---- | C] () -- C:\Users\Sizustar\Documents\a9ca51a0.jpg
[2011/05/01 21:39:44 | 000,148,371 | ---- | C] () -- C:\Users\Sizustar\Documents\f7e2fce5.jpg
[2011/05/01 15:58:27 | 008,995,515 | ---- | C] () -- C:\Users\Sizustar\Documents\【MMD】東方モデルをミニスカで【ハッピーシンセサイザ】.flv
[2011/05/01 15:41:42 | 000,496,803 | ---- | C] () -- C:\Users\Sizustar\Documents\1304224434344.jpg
[2011/04/30 22:36:55 | 000,001,171 | ---- | C] () -- C:\Users\Sizustar\Desktop\iSkysoft DRM Removal.lnk
[2011/04/30 22:36:54 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2011/04/30 22:36:54 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/04/30 22:36:54 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/04/30 22:20:26 | 000,001,500 | ---- | C] () -- C:\Users\Sizustar\Desktop\wmplayer.exe - Shortcut.lnk
[2011/04/30 12:56:52 | 000,310,984 | ---- | C] () -- C:\Users\Sizustar\Documents\1304094452752.jpg
[2011/04/30 12:41:46 | 000,020,012 | ---- | C] () -- C:\Users\Sizustar\Documents\img1f73137bzik3zj.jpg
[2011/04/30 06:40:42 | 000,818,225 | ---- | C] () -- C:\Users\Sizustar\Documents\18299616.jpg
[2011/04/30 04:31:38 | 001,252,646 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2018.jpg
[2011/04/30 04:31:21 | 001,818,372 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2016.jpg
[2011/04/30 04:31:17 | 001,090,343 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%20%2015.jpg
[2011/04/30 04:31:11 | 000,525,590 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%2014.jpg
[2011/04/30 04:30:05 | 001,211,011 | ---- | C] () -- C:\Users\Sizustar\Documents\The%20Avengers%201%20-%20Page%2013.jpg
[2011/04/29 20:47:23 | 000,074,035 | ---- | C] () -- C:\Users\Sizustar\Documents\Transformers-3-Dark-of-the-Moon-Teaser-Poster-Clear_1291759448_1298047467_1302887052.jpg
[2011/04/29 17:01:59 | 000,376,002 | ---- | C] () -- C:\Users\Sizustar\Documents\hana_m00.jpg
[2011/04/28 23:58:39 | 000,192,627 | ---- | C] () -- C:\Users\Sizustar\Documents\18467814.jpg
[2011/04/27 06:45:47 | 000,046,361 | ---- | C] () -- C:\Users\Sizustar\Documents\18336267_m.jpg
[2011/04/27 06:30:29 | 000,029,581 | ---- | C] () -- C:\Users\Sizustar\Documents\2132446298_full.jpg
[2011/04/27 05:51:22 | 000,284,459 | ---- | C] () -- C:\Users\Sizustar\Desktop\1284133142.jpg
[2011/04/24 09:09:16 | 000,091,731 | ---- | C] () -- C:\Users\Sizustar\Documents\1303369309370.jpg
[2011/04/24 06:35:53 | 002,712,064 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/04/24 06:35:53 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/24 06:35:53 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/04/24 06:35:53 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/24 06:35:53 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/04/24 06:35:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/24 01:52:26 | 000,241,779 | ---- | C] () -- C:\Users\Sizustar\Documents\rspc9030.png
[2011/04/23 09:03:14 | 000,514,354 | ---- | C] () -- C:\Users\Sizustar\Documents\12825701.jpg
[2011/04/23 08:51:18 | 021,342,466 | ---- | C] () -- C:\Users\Sizustar\Documents\【手書き】家に帰ると妻がいつも死んだふりをしています。.flv
[2011/04/19 15:06:52 | 000,000,036 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\housecall.guid.cache
[2011/04/19 14:47:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/19 14:47:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/19 14:47:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/19 14:47:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/19 14:47:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 18:42:53 | 000,000,459 | ---- | C] () -- C:\Users\Sizustar\AppData\Roaming\Syscfg.ini
[2011/03/12 02:45:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/03/02 04:57:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/02 04:57:48 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/21 15:57:49 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/02/21 15:57:49 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/02/21 15:57:49 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2011/02/21 15:57:49 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2011/02/21 08:36:24 | 000,704,000 | ---- | C] () -- C:\Windows\is-INQ5J.exe
[2010/12/09 03:14:53 | 000,673,280 | ---- | C] () -- C:\Windows\is-6H2JS.exe
[2010/11/12 01:36:14 | 000,007,610 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\Resmon.ResmonCfg
[2010/11/06 01:09:43 | 000,003,673 | ---- | C] () -- C:\Windows\SysWow64\10.inf1031.dat
[2010/10/30 00:48:13 | 000,003,738 | ---- | C] () -- C:\Windows\SysWow64\30.inf3037.dat
[2010/10/23 00:47:14 | 000,003,737 | ---- | C] () -- C:\Windows\SysWow64\10.inf1028.dat
[2010/10/18 15:48:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010/09/28 16:41:16 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/26 16:34:34 | 000,209,793 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/09/26 16:34:34 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/09/26 15:46:33 | 000,024,576 | ---- | C] () -- C:\Users\Sizustar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 00:07:31 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2010/09/26 00:07:31 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2010/09/26 00:07:31 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2010/09/26 00:07:30 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2010/09/25 09:21:37 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/09/25 01:19:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/02 15:33:54 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2010/09/02 15:32:52 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2005/08/18 15:28:30 | 000,273,408 | ---- | C] () -- C:\Windows\SysWow64\unlha32.dll

========== LOP Check ==========

[2010/12/22 17:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\.minecraft
[2010/09/25 01:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\acccore
[2010/09/25 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\ACD Systems
[2010/09/25 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AutoSizer
[2011/05/05 11:18:25 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG
[2011/05/05 01:05:01 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG10
[2011/04/19 14:43:33 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\AVG9
[2010/12/31 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\BANDISOFT
[2010/10/24 10:05:04 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 02:33:48 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Dojin Circle Kirarin
[2011/05/19 01:26:09 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\foobar2000
[2010/10/21 06:12:10 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Foxit
[2010/09/26 11:19:07 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Foxit Software
[2011/02/24 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\GARMIN
[2010/10/25 01:24:44 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\GlarySoft
[2011/02/21 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Leadertech
[2010/12/10 16:18:09 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\PC Suite
[2010/11/12 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\runic games
[2011/04/13 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Sony
[2011/03/16 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\T-Time Preferences
[2010/10/24 06:18:49 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TECH GIAN
[2011/03/17 16:13:51 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\Trinity
[2010/12/09 03:15:43 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TweakNow PowerPack 2010
[2010/11/12 18:00:32 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\TweakNow PowerPack Professional
[2011/04/01 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\UDown
[2011/05/23 05:12:42 | 000,000,000 | ---D | M] -- C:\Users\Sizustar\AppData\Roaming\uTorrent
[2011/03/02 14:53:22 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/05/23 02:19:20 | 000,000,000 | ---D | M](C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大?_Destiny][合集][完]) -- C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大师_Destiny][合集][完]
[2011/05/23 02:12:46 | 000,000,000 | ---D | C](C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大?_Destiny][合集][完]) -- C:\Users\Sizustar\Desktop\[ACT-SJH][夜店大师_Destiny][合集][完]
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?j|t,e°T) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¤j¦t¸ê°T

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


  • 0

#35
Render
Posted 22 May 2011 - 04:15 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. But you have to copy and paste my custom OTL script into Custom Scans/Fixes text box before running the OTL scan.

Do the following:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    netsvcs
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings /S
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#36
bluewr
Posted 22 May 2011 - 06:00 PM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Idd, it's not letting me post the log.

Oh, it's 7.45MB
http://www.sendspace.com/file/9oyba7

Edited by bluewr, 22 May 2011 - 06:08 PM.

  • 0

#37
Render
Posted 23 May 2011 - 04:27 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Sorry for that. Please do the following:

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51293

    :Files
    ipconfig /flushdns /c

    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-

    [HKEY_USERS\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Then run MBAM as before and post that log.
  • 0

#38
bluewr
Posted 23 May 2011 - 04:44 AM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL

All processes killed
========== OTL ==========
HKU\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sizustar\Desktop\cmd.bat deleted successfully.
C:\Users\Sizustar\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2649771325-447262740-1830322281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sizustar
->Temp folder emptied: 31300221 bytes
->Temporary Internet Files folder emptied: 215696351 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53916312 bytes
->Flash cache emptied: 2687 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45579 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 3195941 bytes

Total Files Cleaned = 290.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sizustar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_183547

Files\Folders moved on Reboot...
C:\Users\Sizustar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6643

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011/05/23 18:44:13
mbam-log-2011-05-23 (18-44-13).txt

Scan type: Quick scan
Objects scanned: 159486
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


  • 0

#39
Render
Posted 23 May 2011 - 04:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download SINO by Artellos.
  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:

    System Info
    Services
    Boot Check
    Tasklist
    Startup Items

  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad window will pop up. Please copy all of the content into your next reply.
Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.
  • 0

#40
bluewr
Posted 23 May 2011 - 06:39 AM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
System Investigator by Olrik
Log Created On: 2039_23-05-2011
SINO Version: 3.1.0.0

Total RAM: 8191 MB | Free RAM: 5836 MB | Pagefile Size: 8191 MB
C: | 275423 MB out of 476513 MB Free | Local Fixed Disk
D: | 422087 MB out of 477352 MB Free | Local Fixed Disk
E: | 732632 MB out of 1430797 MB Free | Local Fixed Disk
F: | 115762 MB out of 305242 MB Free | Local Fixed Disk
G: | None | CD-ROM Disc

<<<< System Information >>>>

Computer Name: SIZUSTAR-PC
Username: Sizustar
Language Setting: JPN
Windows Directory: C:\Windows
Windows Version: Windows 7 Service Pack 1
UAC Status: Off
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 244
[C:\PROGRA~2\AVG\AVG10\avgchsva.exe] - Process ID: 336
[C:\Windows\system32\csrss.exe] - Process ID: 544
[C:\Windows\system32\wininit.exe] - Process ID: 604
[C:\Windows\system32\csrss.exe] - Process ID: 640
[C:\Windows\system32\services.exe] - Process ID: 680
[C:\Windows\system32\winlogon.exe] - Process ID: 704
[C:\Windows\system32\lsass.exe] - Process ID: 724
[C:\Windows\system32\lsm.exe] - Process ID: 744
[C:\Windows\system32\svchost.exe] - Process ID: 848
[C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe] - Process ID: 912
[C:\Windows\system32\nvvsvc.exe] - Process ID: 988
[C:\Windows\system32\svchost.exe] - Process ID: 128
[C:\Windows\System32\svchost.exe] - Process ID: 524
[C:\Windows\System32\svchost.exe] - Process ID: 500
[C:\Windows\system32\svchost.exe] - Process ID: 728
[C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe] - Process ID: 1116
[C:\Windows\system32\svchost.exe] - Process ID: 1176
[C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe] - Process ID: 1268
[C:\Windows\system32\WUDFHost.exe] - Process ID: 1276
[C:\Windows\system32\nvvsvc.exe] - Process ID: 1312
[C:\Windows\system32\svchost.exe] - Process ID: 1408
[C:\Windows\System32\spoolsv.exe] - Process ID: 1604
[C:\Windows\system32\svchost.exe] - Process ID: 1676
[C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE] - Process ID: 1832
[C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe] - Process ID: 1852
[C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe] - Process ID: 1880
[C:\Windows\system32\svchost.exe] - Process ID: 1952
[C:\Windows\SysWOW64\svchost.exe] - Process ID: 2032
[C:\Windows\System32\svchost.exe] - Process ID: 1064
[C:\Program Files\Raxco\PerfectDisk\PDAgent.exe] - Process ID: 2068
[C:\Windows\system32\taskhost.exe] - Process ID: 2148
[C:\Windows\System32\svchost.exe] - Process ID: 2284
[C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe] - Process ID: 2380
[C:\Windows\system32\svchost.exe] - Process ID: 2408
[C:\Windows\system32\Dwm.exe] - Process ID: 2500
[C:\Windows\Explorer.EXE] - Process ID: 2568
[C:\Windows\system32\svchost.exe] - Process ID: 3004
[C:\Windows\system32\svchost.exe] - Process ID: 3096
[C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe] - Process ID: 3220
[C:\Program Files (x86)\Mozilla Firefox\firefox.exe] - Process ID: 3128
[C:\Program Files (x86)\Internet Explorer\iexplore.exe] - Process ID: 3280
[C:\Program Files (x86)\Internet Explorer\iexplore.exe] - Process ID: 2496
[C:\Program Files (x86)\SpeedFan\speedfan.exe] - Process ID: 2668
[C:\Program Files (x86)\Internet Explorer\iexplore.exe] - Process ID: 2008
[C:\PROGRA~2\AVG\AVG10\avgrsa.exe] - Process ID: 1976
[C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe] - Process ID: 3284
[C:\Program Files (x86)\Internet Explorer\iexplore.exe] - Process ID: 1072
[D:\Program Files\eMule\emule.exe] - Process ID: 1568
[C:\Program Files (x86)\AIM\aim.exe] - Process ID: 1804
[audiodg.exe] - Process ID: 1156
[C:\Program Files (x86)\uTorrent\uTorrent.exe] - Process ID: 424
[C:\Users\Sizustar\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 5276
[C:\Windows\sysWOW64\wbem\wmiprvse.exe] - Process ID: 5112
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 3876

<<<< Startup Items >>>>

[AutoSizer] - <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run> - "C:\Program Files (x86)\AutoSizer\AutoSizer.exe"

<<<< MS Services >>>>

Application Experience (AeLookupSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Computer Browser (Browser) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Encrypting File System (EFS) (EFS) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\lsass.exe
Windows Event Log (eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Provider Host (fdPHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Function Discovery Resource Publication (FDResPub) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Font Cache Service (FontCache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Human Interface Device Access (hidserv) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
HomeGroup Provider (HomeGroupProvider) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Network List Service (netprofm) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Program Compatibility Assistant Service (PcaSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Power (Power) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
RPC Endpoint Mapper (RpcEptMapper) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k RPCSS
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
Secure Socket Tunneling Protocol Service (SstpSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic Service Host (WdiServiceHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Application Identity (AppIDSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Application Information (Appinfo) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Management (AppMgmt) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
ActiveX Installer (AxInstSV) (AxInstSV) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k AxInstSVGroup
BitLocker Drive Encryption Service (BDESVC) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Bluetooth Support Service (bthserv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k bthsvcs
Certificate Propagation (CertPropSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Offline Files (CscService) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Disk Defragmenter (defragsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k defragsvc
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Extensible Authentication Protocol (EapHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Media Center Receiver Service (ehRecvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehRecvr.exe
Windows Media Center Scheduler Service (ehSched) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\ehome\ehsched.exe
Fax (Fax) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\fxssvc.exe
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
HomeGroup Listener (HomeGroupListener) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
IP Helper (iphlpsvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
CNG Key Isolation (KeyIso) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
KtmRm for Distributed Transaction Coordinator (KtmRm) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Media Center Extender Service (Mcx2Svc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec.exe /V
Network Access Protection Agent (napagent) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Peer Networking Identity Manager (p2pimsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
BranchCache (PeerDistSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k PeerDist
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Peer Name Resolution Protocol (PNRPsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card (SCardSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Smart Card Removal Policy (SCPolicySvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Adaptive Brightness (SensrSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SNMP Trap (SNMPTRAP) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
Software Protection (sppsvc) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\sppsvc.exe
SPP Notification Service (sppuinotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SSDP Discovery (SSDPSRV) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Tablet PC Input Service (TabletInputService) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
TPM Base Services (TBS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Remote Desktop Services (TermService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Distributed Link Tracking Client (TrkWks) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Remote Desktop Services UserMode Port Redirector (UmRdpService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Credential Manager (VaultSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
Windows Time (W32Time) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Block Level Backup Engine Service (wbengine) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\system32\wbengine.exe"
Windows Biometric Service (WbioSrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k WbioSvcGroup
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic System Host (WdiSystemHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
WebClient (WebClient) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Error Reporting Service (WerSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
WLAN AutoConfig (Wlansvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
WMI Performance Adapter (wmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Parental Controls (WPCSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Search (WSearch) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding
WWAN AutoConfig (WwanSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

<<<< Non-MS Services >>>>

SAS Core Service (!SASCORE) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Running [Auto | Stoppable | Pausable] - "C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe"
ASUS System Control Service (AsSysCtrlService) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
AVG WatchDog (avgwd) - Running [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"
Creative Audio Service (CTAudSvcService) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
hpqcxs08 (hpqcxs08) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k hpdevmgmt
HP CUE DeviceDiscovery Service (hpqddsvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k hpdevmgmt
HP Network Devices Support (HPSLPSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k HPService
Net Driver HPZ12 (Net Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k HPZ12
NVIDIA Display Driver Service (nvsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\nvvsvc.exe
PDAgent (PDAgent) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"
Pml Driver HPZ12 (Pml Driver HPZ12) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k HPZ12
NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Microsoft .NET Framework NGEN v2.0.50727_X64 (clr_optimization_v2.0.50727_64) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Microsoft .NET Framework NGEN v4.0.30319_X64 (clr_optimization_v4.0.30319_64) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Creative Audio Engine Licensing Service (Creative Audio Engine Licensing Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe"
Logitech Bluetooth Service (LBTServ) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
Office Software Protection Platform (osppsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
PDEngine (PDEngine) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
Performance Counter DLL Host (PerfHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\SysWow64\perfhost.exe
Steam Client Service (Steam Client Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
ThreatFire (ThreatFire) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Program Files (x86)\ThreatFire\TFService.exe service
Windows Activation Technologies Service (WatAdminSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\Wat\WatAdminSvc.exe
Zune Windows Mobile Connectivity Service (WMZuneComm) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Zune\WMZuneComm.exe"
Zune Network Sharing Service (ZuneNetworkSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Zune\ZuneNss.exe"
Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\ZuneWlanCfgSvc.exe

<<<< bcdedit >>>>




------ End of File ------
  • 0

Advertisements

#41
Render
Posted 23 May 2011 - 09:06 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Well... Try with this:

Launch Notepad (Start then All Programs then Accessories), and copy/paste all the quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Click on File menu then Save As...
Save in: Desktop
Save as Type: All files
File Name: fixme.reg
Click: Save

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Doubleclick on fixme.reg (It should look like this:Posted Image) and when it asks you if you want to merge the contents to the registry, click yes/ok.

NEXT...

Then run MBAM once again as last time and post a log.
  • 0

#42
bluewr
Posted 23 May 2011 - 01:28 PM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6643

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2011/05/24 3:27:03
mbam-log-2011-05-24 (03-27-03).txt

Scan type: Quick scan
Objects scanned: 163333
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#43
Render
Posted 23 May 2011 - 01:42 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Now restart your computer and then repeat these steps below and tell me if Servers section is empty:

  • Open Internet Explorer.
  • If using versions of Internet Explorer prior to 9, click "Tools" on the top window menu bar. Users of Internet Explorer 9 should press the ALT key first, then click "Tools" from the menu bar that appears.
  • Select "Internet Options", then click the "Connections" tab and press the "LAN Settings" button.
  • Click the "Use a proxy server for your LAN" box, even if you do not normally use a proxy server for LAN access, then click the "Advanced" button.
  • The "Servers" section will show "127.0.0.1" for the Proxy Address and an arbitrary number for the Port. Remove all contents from both boxes and click the "OK" button.
  • A warning box will appear indicating you have provided an invalid proxy server address and will ask if you wish to turn off the proxy connection. Click the "Yes" button.
  • Click the "OK" button in the main "Local Area Network (LAN) Settings" window.
  • Click the "OK" button to close the "Internet Options" window.
  • Close Internet Explorer.

  • 0

#44
bluewr
Posted 23 May 2011 - 02:08 PM

bluewr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I restarted my PC, and opened IE, it is empty.
  • 0

#45
Render
Posted 23 May 2011 - 02:14 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
This is interesting. Now do this:

Restore Internet Explorer default settings.
  • Open Internet Explorer
  • Go to Tools > Internet Options
  • Click Advanced Tab
  • Under "Reset Internet Explorer setting", click the Reset Tab.
  • Put a check mark on Delete Personal Settings.
  • Click Apply > OK.

Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.

Run MBAM again as before and post log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP