Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Display driver BSOD + Rundll32 High CPU usage on Laptop


  • Please log in to reply

#1
bbfg

bbfg

    New Member

  • Member
  • Pip
  • 1 posts
Hello, first of all I'm not 100% this is malware related but I did not find better suited forum and am pretty sure something [bleep]ed up my computer, just not sure wether the source meant to do it or not.


Yesterday I was watching on a reliable streaming site (pokerstars.tv if it helps) which I have used a lot in the past and never have had any problems.

I clicked the fullscreen button to watch on fullscreen, the player automatically pauses when you hit that and you need to resume the video. That caused my computer to crash and a BSOD popped up saying my display driver(upon later inspection this is Nvidia GeForce 8400M GS 8.16.11.8766) had crashed. Was not that worried, have had a lot of BSOD in earlier versions of Windows and it always restored itsself. However, I could not immediatly turn the computer back on when it crashed, which worried me a bit.
My laptop has had this 2 times before but this was due to the computer shutting itself down when overheating, however the computer did not feel warm at all. After about 5 minutes I could turn it back on and it fixed itsself and booted normally and reported it fixed a crash and said I should update the driver, but it was already the latest version. Felt like it was fixed so did not worry. I turned off the computer at night but when I turned it back on the next day it hit the Display driver BSOD before it was started up. Restarted in safe mode, it again fixed itsself and I was able to boot in normal mode afterwards. Decided to google a bit and found that rolling back the driver and then reupdating could fix this. I did that and so far I haven't hit any BSOD, but am afraid it will hit again since my computer is still acting weird, now the run32dll.exe process is taking about 50% of my CPU constantly, which it normally doesn't.

This seems like an advanced process to [bleep] with so I decided to leave it alone and seek online help. I realise this will look like a chaotic mess but don't know what else to do, sorry :). Below is the OTL log and attached is a DOS scan from rundll32.exe which Google learned me can be useful. It looked messed up when I copy pasted it so I attached it.

OTL logfile created on: 31/07/2011 17:39:19 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\xxx\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 38.76% Memory free
6.21 Gb Paging File | 4.00 Gb Available in Paging File | 64.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 18.53 Gb Free Space | 8.27% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 2.99 Gb Free Space | 33.80% Space Free | Partition Type: NTFS

Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/31 17:38:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe
PRC - [2011/06/16 06:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 22:50:52 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/11 04:37:16 | 003,548,392 | ---- | M] (Gretech Corp.) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
PRC - [2010/09/23 15:06:51 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 11:34:04 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 11:34:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 11:31:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/14 12:30:37 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 05:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 12:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/05 21:57:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbacoms.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


========== Modules (SafeList) ==========

MOD - [2011/07/31 17:38:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe
MOD - [2010/08/31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/25 01:34:18 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\xxx\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/12/28 10:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/07/16 11:34:01 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/02 11:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/03 23:56:51 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/24 12:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 21:57:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbacoms.exe -- (dlba_device)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV - [2011/05/06 11:49:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/28 02:19:50 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/07/16 11:32:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:57:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/05 10:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 10:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 11:13:54 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 11:13:54 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 11:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/09 19:13:34 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/06/27 07:08:40 | 000,207,656 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/06/20 06:41:38 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/06/10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/01/21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Stuurprogramma voor Intel®
DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 15:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64828

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64828
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 23:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/15 12:01:37 | 000,000,000 | ---D | M]

[2010/03/27 16:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2011/07/29 02:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\79dwhnug.default\extensions
[2010/09/18 02:52:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\79dwhnug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/17 21:36:50 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\79dwhnug.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2011/06/29 23:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 01:30:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/10 19:13:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/08 21:56:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/28 19:43:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79DWHNUG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\79DWHNUG.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/06/16 06:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 10:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 10:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/28 22:24:38 | 000,000,066 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxx\Desktop\PartyPoker.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.m...ash/swflash.cab (RealPlayer G2 Control)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\volcano.jpg
O24 - Desktop BackupWallPaper: C:\volcano.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{8f78dd50-d755-11de-9c84-001e6885c78a}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/31 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/31 14:04:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/07/31 13:49:36 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2011/07/17 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\OpenCandy
[2011/07/17 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011/07/14 22:34:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SKIDROW
[2011/07/14 22:34:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Cobra Mobile
[2011/07/14 22:34:31 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/07/14 22:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/07/14 13:14:58 | 000,000,000 | ---D | C] -- C:\8ec14c835e5913ba2e7d9863e99c78
[2009/09/16 18:59:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\xxx\AppData\Roaming\pcouffin.sys
[2007/03/05 21:57:32 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbaih.exe
[2007/03/05 21:57:30 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbacoms.exe
[2007/03/05 21:57:30 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbacfg.exe
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbapmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbaserv.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbalmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbaiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbapplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbacomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbaprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbainpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbausb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbahbn3.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 17:32:04 | 000,002,519 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2011/07/31 16:31:37 | 000,230,400 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 16:29:35 | 002,050,577 | ---- | M] () -- C:\1252480463spidertrap.gif
[2011/07/31 15:55:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 15:55:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/31 13:56:30 | 000,027,649 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/07/31 13:56:30 | 000,027,649 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/07/31 13:55:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/31 13:50:19 | 082,861,719 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/07/31 13:34:59 | 220,689,698 | ---- | M] () -- C:\Windows\MEMORY.DMP

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/31 17:31:30 | 000,002,519 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk
[2011/07/31 13:33:54 | 220,689,698 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/18 23:08:54 | 000,000,116 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/05/18 23:08:53 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/02/25 01:31:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/10 04:10:12 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/01/11 14:12:05 | 000,014,660 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\C941.82C
[2010/11/01 04:15:52 | 000,087,608 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\inst.exe
[2010/09/14 12:55:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PRTSERV.dll
[2010/05/11 12:17:24 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/05/11 12:16:00 | 000,000,045 | RH-- | C] () -- C:\Windows\pjd_user.dat
[2010/04/14 12:43:54 | 000,005,083 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/03/27 16:58:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/27 04:20:03 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/09/16 19:01:24 | 000,000,668 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\vso_ts_preview.xml
[2009/09/16 18:59:39 | 000,007,887 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.cat
[2009/09/16 18:59:39 | 000,001,144 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\pcouffin.inf
[2009/08/30 13:34:00 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/07/22 13:46:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbavs.dll
[2009/07/17 18:58:15 | 000,000,067 | ---- | C] () -- C:\Windows\ABC_mru.ini
[2009/02/23 16:38:31 | 000,001,356 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2009/02/09 10:47:54 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2008/12/14 20:21:08 | 000,000,412 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/09/29 01:00:55 | 000,230,400 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 20:02:06 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2008/09/28 14:57:55 | 000,027,649 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/28 14:57:54 | 000,027,649 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/09/28 13:26:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/28 13:26:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/23 11:58:32 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/07/23 11:58:32 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/07/23 11:58:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/03 09:11:21 | 000,682,592 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2008/05/03 09:11:21 | 000,336,440 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2008/05/03 09:11:21 | 000,135,042 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2008/05/03 09:11:21 | 000,041,976 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2008/05/03 09:06:00 | 000,684,760 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/05/03 09:06:00 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/05/03 09:06:00 | 000,131,492 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/05/03 09:06:00 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,384,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,612,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,109,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/09/13 18:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbacnv4.dll
[2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/08 22:24:44 | 000,000,177 | ---- | C] () -- C:\Windows\System32\dlbacoin.ini

========== LOP Check ==========

[2010/10/09 02:00:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Azureus
[2011/07/31 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitComet
[2011/07/14 22:34:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Cobra Mobile
[2010/10/04 22:52:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2009/07/17 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2010/12/18 02:38:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2011/02/25 01:34:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mikogo
[2011/07/17 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenCandy
[2011/02/09 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Poker Partouche.be
[2011/05/05 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\postgresql
[2010/05/11 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Quantitative Micro Software
[2011/06/30 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thumbnail me
[2010/09/28 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TrueCrypt
[2011/04/13 01:20:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\uTorrent
[2010/11/01 04:16:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vso
[2011/07/31 13:54:13 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Attached Files


Edited by bbfg, 31 July 2011 - 10:03 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP