Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fltmgr.sys driver casuing BSOD...Possible malware infection?

Started by Uirsa5822 , Aug 15 2011 12:45 PM

  • Please log in to reply

#1
Uirsa5822
Posted 15 August 2011 - 12:45 PM

Uirsa5822

    Member

  • Member
  • PipPipPip
  • 197 posts
Ok so I just recently bought a new HP computer, about 4 weeks ago now. Ever since I've been getting a BSOD. Not very often either. I probably had a BSOD about five times now since I had this computer. So I made a topic in the Windows 7 forum asking for help, which can be found here:

http://www.geekstogo...premium-64-bit/

They had my try some things on my system to try and narrow down the problem and try to get rid of it... But just this morning I got another BSOD so I ran the program "BlueScreen View" and it told me the BSOD was caused by this driver: fltmgr.sys. I was told that it can be malware affecting Windows causing the BSOD. I didn't think I had any malware or anything on my system. Maybe I don't, who knows. I have no symptoms of any malware. I ran Norton just the other day and found nothing but tracking cookies. Also ran SUPERAnti Spyware and Malwarebytes. Both found nothing. Windows runs great for me, no problems, except of course the BSOD. System isn't slow or anything either.


Here are my system specs:
MS Windows 7 Home Premium 64-bit SP1
AMD Phenom II X2 521
4.00 GB Memory


I downloaded and ran OTL on my system. Here is the log file it created:
All help with this is greatly appreciated! Thank you.

OTL logfile created on: 8/15/2011 2:10:37 PM - Run 1
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 57.58% Memory free
7.50 Gb Paging File | 5.76 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.23 Gb Total Space | 767.42 Gb Free Space | 83.39% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: JOHN-HP | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/15 14:09:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2011/07/31 03:36:50 | 000,639,864 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/07/30 00:31:39 | 002,557,440 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/07/08 03:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/26 19:17:02 | 000,053,248 | ---- | M] (NirSoft) -- C:\Users\John\Desktop\BlueScreenView.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/01/28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/27 01:53:36 | 006,271,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/08 03:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 13:33:39 | 000,139,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/27 15:52:00 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO64.EXE -- (RichVideo64)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/30 00:31:40 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/06/28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/01/28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/04 13:09:57 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/08/04 13:09:57 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/07/31 03:30:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/27 03:53:52 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/25 20:00:20 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/29 12:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AE2500w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/04 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/03 21:56:01 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110814.003\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 21:56:01 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110814.003\ENG64.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110812.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 20:13:49 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/27 20:13:49 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/23 00:32:12 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/25 20:00:21 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/07/27 18:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011/08/15 09:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/14 22:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/14 22:58:18 | 000,000,000 | ---D | M]

[2011/07/27 01:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2011/08/11 13:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f03iquxe.default\extensions
[2011/07/27 03:05:13 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f03iquxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/27 03:05:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f03iquxe.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/27 03:05:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\f03iquxe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/27 13:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/27 01:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F03IQUXE.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/27 01:38:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/04 17:59:59 | 000,001,317 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts: 127.0.0.1 activation.nero.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sdnclean64.exe) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 14:09:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/08/15 13:37:31 | 000,053,248 | ---- | C] (NirSoft) -- C:\Users\John\Desktop\BlueScreenView.exe
[2011/08/14 22:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/14 22:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/14 22:55:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/14 12:42:38 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\The Sims 3
[2011/08/09 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\CyberLink
[2011/08/09 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Freemake
[2011/08/09 19:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2011/08/09 19:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake Video Converter
[2011/08/09 14:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2011/08/09 04:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2011/08/09 03:18:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AnvSoft
[2011/08/09 01:58:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Auslogics
[2011/08/08 15:19:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ImgBurn
[2011/08/08 15:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/08/08 15:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/08/08 03:24:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/06 01:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/08/06 01:38:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft Games
[2011/08/06 01:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/08/06 01:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/08/04 16:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/08/04 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/08/04 16:10:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2011/08/04 16:10:48 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/08/04 16:10:48 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011/08/04 16:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011/08/04 02:12:26 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Electronic Arts
[2011/08/04 02:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/08/04 01:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/08/03 03:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011/08/02 22:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/08/02 22:05:05 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Origin
[2011/08/02 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Origin
[2011/08/02 22:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/08/02 22:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/08/02 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Electronic Arts
[2011/08/02 22:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/08/02 22:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/08/02 20:48:35 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Nero
[2011/08/02 20:34:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Nero
[2011/08/02 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\NeroVision
[2011/08/02 20:32:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Nero
[2011/08/02 20:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011/08/02 20:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/08/02 20:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011/08/02 20:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/08/02 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Canneverbe Limited
[2011/08/02 13:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011/08/02 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/08/02 00:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios
[2011/08/02 00:00:23 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/08/01 16:41:05 | 000,000,000 | ---D | C] -- C:\Windows\Aci
[2011/08/01 16:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Updates
[2011/08/01 16:13:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2011/08/01 15:16:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
[2011/08/01 15:10:56 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\SimCity 4
[2011/08/01 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2011/08/01 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2011/08/01 13:33:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/01 05:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/08/01 04:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/01 04:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/01 03:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/08/01 03:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/08/01 03:50:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Simply Super Software
[2011/08/01 03:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/08/01 03:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/08/01 03:26:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Atari
[2011/08/01 03:26:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/08/01 03:26:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Leadertech
[2011/08/01 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\RCT3
[2011/08/01 03:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft
[2011/08/01 03:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011/08/01 03:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011/08/01 03:17:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/01 03:06:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\RegGenie
[2011/08/01 03:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegGenie
[2011/08/01 03:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegGenie
[2011/08/01 02:59:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Seven Zip
[2011/08/01 02:55:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Registry Mechanic
[2011/08/01 02:48:06 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/08/01 02:48:06 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/08/01 02:48:06 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/08/01 02:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/08/01 02:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011/08/01 02:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/08/01 02:41:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\CyberLink
[2011/08/01 02:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/01 02:39:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2011/08/01 02:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/08/01 02:18:50 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\RPG Maker
[2011/08/01 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2011/08/01 02:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2011/08/01 00:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{C3243856-7746-4A05-8837-51A28C1CDD82}
[2011/08/01 00:02:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Downloaded Installations
[2011/07/31 13:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/31 13:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/31 13:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/31 12:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/31 12:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/07/31 12:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/31 12:29:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/07/31 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/07/31 12:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/07/31 12:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/07/31 12:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/31 12:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/31 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Help
[2011/07/31 12:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/31 12:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/07/31 12:25:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/31 04:15:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\HpUpdate
[2011/07/31 03:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/07/31 03:39:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Google
[2011/07/31 03:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/07/31 03:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/07/31 03:35:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[2011/07/31 03:35:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\uTorrent
[2011/07/31 03:30:50 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/07/31 03:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/07/31 03:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/07/31 03:30:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2011/07/31 03:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/07/31 03:27:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DivX
[2011/07/31 03:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/07/31 03:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/07/31 03:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/07/31 03:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/07/31 03:12:00 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Adobe
[2011/07/31 03:11:57 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Adobe
[2011/07/31 03:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2011/07/31 03:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/07/31 03:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/07/31 03:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/07/30 15:19:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/07/30 14:38:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AMD
[2011/07/30 14:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/07/30 12:09:59 | 000,000,000 | ---D | C] -- C:\ATI
[2011/07/30 11:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/30 11:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/07/30 11:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/30 11:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/07/30 11:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/07/30 11:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/30 11:38:47 | 000,000,000 | ---D | C] -- C:\AMD
[2011/07/30 02:05:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Apple Computer
[2011/07/30 02:05:36 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apple Computer
[2011/07/30 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/30 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/30 01:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/07/30 01:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/07/30 01:38:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apple
[2011/07/30 01:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/07/30 01:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/07/30 01:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/07/30 01:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/07/30 00:31:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Spyware Terminator
[2011/07/30 00:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011/07/30 00:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011/07/30 00:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2011/07/30 00:19:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/30 00:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/30 00:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/30 00:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/30 00:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/29 14:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/07/29 14:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/07/29 14:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/07/29 14:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/07/29 13:53:19 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/07/29 13:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/07/29 13:53:18 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/07/29 13:38:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Sunbelt Software
[2011/07/29 13:37:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
[2011/07/29 13:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/29 13:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/29 13:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/07/29 04:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/07/29 04:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Blaster
[2011/07/29 04:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/29 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2011/07/29 04:07:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/29 04:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/29 04:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/29 04:07:28 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/29 04:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/29 04:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/29 04:06:10 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/29 04:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/07/29 04:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/07/29 03:58:01 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\WinRAR
[2011/07/29 03:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/07/29 03:49:00 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Random Files
[2011/07/29 01:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/07/29 01:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/28 02:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/07/28 02:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/07/27 12:55:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/07/27 12:55:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/07/27 03:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/27 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/07/27 02:26:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Roxio Log Files
[2011/07/27 02:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/07/27 02:23:19 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\hpqLog
[2011/07/27 02:17:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2011/07/27 02:13:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\IsolatedStorage
[2011/07/27 02:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2011/07/27 01:56:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\HuluDesktop
[2011/07/27 01:39:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/27 01:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/27 01:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/27 01:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/07/27 01:25:23 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Mozilla
[2011/07/27 01:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/27 01:07:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\acccore
[2011/07/27 01:07:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AOL
[2011/07/27 01:07:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AIM
[2011/07/27 01:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2011/07/27 01:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/07/27 01:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/07/27 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/07/27 00:54:11 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft Games
[2011/07/27 00:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/07/27 00:14:35 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Mozilla
[2011/07/27 00:13:51 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Adobe
[2011/07/27 00:00:23 | 000,240,248 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\wpcap.dll
[2011/07/27 00:00:22 | 000,068,224 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\WanPacket.dll
[2011/07/27 00:00:22 | 000,040,464 | R--- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
[2011/07/26 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\ATI
[2011/07/26 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\ATI
[2011/07/26 23:58:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\PDFC
[2011/07/26 23:58:11 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/26 23:58:11 | 000,000,000 | R--D | C] -- C:\Users\John\Searches
[2011/07/26 23:58:11 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/26 23:58:11 | 000,000,000 | -H-D | C] -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/26 23:58:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Identities
[2011/07/26 23:58:01 | 000,000,000 | R--D | C] -- C:\Users\John\Contacts
[2011/07/26 23:58:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\VirtualStore
[2011/07/26 23:57:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\RemEngine
[2011/07/26 23:51:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Hewlett-Packard
[2011/07/26 23:51:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Hewlett-Packard
[2011/07/26 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Hewlett-Packard_Company
[2011/07/26 23:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP User Manuals
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Templates
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Recent
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2011/07/26 23:50:18 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2011/07/26 23:50:12 | 000,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Videos
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Links
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Downloads
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\Desktop
[2011/07/26 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/26 23:50:12 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData
[2011/07/26 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2011/07/26 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2011/07/26 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2011/07/26 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Macromedia
[2011/07/26 23:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/08/15 14:09:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2011/08/15 13:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666967856-1288269156-3945502679-1000UA.job
[2011/08/15 13:52:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/15 10:03:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 10:03:00 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 09:55:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/15 09:55:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/15 09:54:57 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/15 01:59:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666967856-1288269156-3945502679-1000Core.job
[2011/08/14 03:06:36 | 000,002,098 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/08/13 01:09:50 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/08/12 20:06:54 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/08/12 03:01:01 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/12 03:01:01 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/09 20:36:17 | 000,795,808 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 20:36:17 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/09 20:36:17 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 20:25:34 | 001,374,300 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/08/09 19:40:38 | 000,776,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/08 03:40:05 | 000,005,753 | ---- | M] () -- C:\Users\John\AppData\Local\Temp10.html
[2011/08/08 03:39:38 | 000,001,667 | ---- | M] () -- C:\Users\John\AppData\Local\Temp1.html
[2011/08/06 02:19:32 | 000,001,110 | ---- | M] () -- C:\Users\John\Desktop\Zoo Tycoon 2™.lnk
[2011/08/04 02:50:17 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
[2011/08/03 15:14:51 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/02 20:42:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/08/01 15:10:44 | 000,002,176 | ---- | M] () -- C:\Users\John\Desktop\Sim City 4.lnk
[2011/08/01 15:08:26 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat
[2011/08/01 13:26:35 | 004,979,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/01 03:26:17 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Roller Coaster Tycoon 3.lnk
[2011/08/01 02:48:06 | 000,001,107 | ---- | M] () -- C:\Users\John\Desktop\Registry Mechanic.lnk
[2011/08/01 02:28:22 | 000,002,098 | ---- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/08/01 02:26:35 | 000,000,056 | ---- | M] () -- C:\Windows\SysWow64\404AE5F820.sys
[2011/08/01 02:09:45 | 000,000,088 | RHS- | M] () -- C:\ProgramData\20F8E54A40.sys
[2011/08/01 02:08:09 | 000,001,135 | ---- | M] () -- C:\Users\John\Desktop\RPG Maker VX.lnk
[2011/07/31 13:13:50 | 000,001,803 | ---- | M] () -- C:\Users\John\Desktop\iTunes.lnk
[2011/07/31 03:30:50 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/07/29 13:53:17 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/07/29 13:37:55 | 000,001,168 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/07/29 12:29:42 | 000,001,443 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/29 04:35:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/29 04:35:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/29 04:19:07 | 000,001,014 | ---- | M] () -- C:\Users\John\Desktop\Spyware Blaster.lnk
[2011/07/27 23:21:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/27 13:29:54 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/27 13:29:51 | 000,002,058 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 12:57:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/27 03:53:52 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/07/27 03:53:52 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/07/27 03:53:52 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/07/27 01:25:25 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/27 01:07:21 | 000,000,363 | -H-- | M] () -- C:\IPH.PH
[2011/07/27 01:07:17 | 000,001,941 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/07/27 01:07:16 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/27 00:48:54 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/07/27 00:48:54 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/07/27 00:08:40 | 000,001,459 | ---- | M] () -- C:\Windows\SysWow64\logFile.xml
[2011/07/26 23:50:34 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p6823w_Y53316J_0U_QMXX121_E11NA2MRW602_4A_I2AB1_SFOXCONN_V1.00_B6.06_T110322_W73-1_L409_M3840_J1000_7AMD_8F63_93.50_#110726_N10EC8136_Z_G10029710_Ohp DVD RW AD-7251H5 SATA CdRom Device_DHWP2934.MRK
[2011/07/26 23:50:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p6823w_Y53316J_0U_QMXX121_E11NA2MRW602_4A_I2AB1_SFOXCONN_V1.00_B6.06_T110322_W73-1_L409_M3840_J1000_7AMD_8F63_93.50_#110726_N10EC8136_Z_G10029710_Ohp DVD RW AD-7251H5 SATA CdRom Device_DHWP2934.MRK
[2011/07/22 04:00:00 | 000,074,752 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 00:44:19 | 741,623,850 | ---- | M] () -- C:\Users\John\Documents\DHP2.mkv

========== Files Created - No Company Name ==========

[2011/08/08 20:54:53 | 000,001,537 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/08 15:14:42 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/08/08 03:40:05 | 000,005,753 | ---- | C] () -- C:\Users\John\AppData\Local\Temp10.html
[2011/08/08 03:39:38 | 000,001,667 | ---- | C] () -- C:\Users\John\AppData\Local\Temp1.html
[2011/08/06 01:38:30 | 000,001,110 | ---- | C] () -- C:\Users\John\Desktop\Zoo Tycoon 2™.lnk
[2011/08/04 17:38:23 | 000,001,107 | ---- | C] () -- C:\Users\John\Desktop\Registry Mechanic.lnk
[2011/08/04 17:37:24 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/04 16:10:49 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2011/08/04 16:10:48 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/04 16:10:48 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/04 16:10:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/04 04:13:48 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/04 02:50:17 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
[2011/08/02 20:35:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/02 18:23:33 | 000,001,135 | ---- | C] () -- C:\Users\John\Desktop\RPG Maker VX.lnk
[2011/08/02 13:36:59 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/08/01 15:10:39 | 000,002,176 | ---- | C] () -- C:\Users\John\Desktop\Sim City 4.lnk
[2011/08/01 15:08:26 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/01 13:32:42 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666967856-1288269156-3945502679-1000UA.job
[2011/08/01 13:32:42 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1666967856-1288269156-3945502679-1000Core.job
[2011/08/01 03:50:22 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/08/01 03:50:22 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/08/01 03:50:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/08/01 03:50:22 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/08/01 03:50:06 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/01 03:45:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/01 03:26:17 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Roller Coaster Tycoon 3.lnk
[2011/08/01 03:25:47 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/08/01 03:03:13 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2011/08/01 02:49:08 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2011/08/01 02:48:06 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2011/08/01 02:26:34 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\404AE5F820.sys
[2011/08/01 02:26:28 | 000,002,098 | ---- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/08/01 02:25:29 | 000,002,525 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP.lnk
[2011/08/01 02:09:39 | 000,002,098 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/08/01 02:09:39 | 000,000,088 | RHS- | C] () -- C:\ProgramData\20F8E54A40.sys
[2011/08/01 02:08:08 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker VX.lnk
[2011/07/31 13:13:48 | 000,001,803 | ---- | C] () -- C:\Users\John\Desktop\iTunes.lnk
[2011/07/31 03:52:49 | 741,623,850 | ---- | C] () -- C:\Users\John\Documents\DHP2.mkv
[2011/07/31 03:42:08 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/31 03:42:07 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 03:08:34 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2011/07/29 14:49:39 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/07/29 13:53:29 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/07/29 13:53:29 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/29 13:37:55 | 000,001,168 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/07/29 04:35:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/07/29 04:35:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/29 04:19:07 | 000,001,014 | ---- | C] () -- C:\Users\John\Desktop\Spyware Blaster.lnk
[2011/07/29 01:33:00 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/27 23:21:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/27 13:29:52 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/27 13:18:57 | 000,002,058 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 13:18:57 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/27 13:10:54 | 000,001,443 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/27 01:25:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/27 01:07:16 | 000,001,941 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/07/27 01:07:16 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/07/27 01:06:58 | 000,000,363 | -H-- | C] () -- C:\IPH.PH
[2011/07/27 00:08:39 | 000,001,459 | ---- | C] () -- C:\Windows\SysWow64\logFile.xml
[2011/07/27 00:00:22 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/07/26 23:57:55 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/07/26 23:50:34 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p6823w_Y53316J_0U_QMXX121_E11NA2MRW602_4A_I2AB1_SFOXCONN_V1.00_B6.06_T110322_W73-1_L409_M3840_J1000_7AMD_8F63_93.50_#110726_N10EC8136_Z_G10029710_Ohp DVD RW AD-7251H5 SATA CdRom Device_DHWP2934.MRK
[2011/07/26 23:50:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p6823w_Y53316J_0U_QMXX121_E11NA2MRW602_4A_I2AB1_SFOXCONN_V1.00_B6.06_T110322_W73-1_L409_M3840_J1000_7AMD_8F63_93.50_#110726_N10EC8136_Z_G10029710_Ohp DVD RW AD-7251H5 SATA CdRom Device_DHWP2934.MRK
[2011/07/26 23:50:12 | 000,000,290 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/26 23:50:12 | 000,000,272 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/27 16:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/11 02:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/11 02:02:32 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 13:15:43 | 000,776,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll

========== LOP Check ==========

[2011/07/27 01:07:55 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\acccore
[2011/08/09 03:18:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AnvSoft
[2011/08/01 03:26:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Atari
[2011/08/09 01:58:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Auslogics
[2011/08/02 13:37:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Canneverbe Limited
[2011/08/01 03:17:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/06 04:37:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2011/08/08 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ImgBurn
[2011/08/01 03:26:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2011/08/02 22:05:05 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Origin
[2011/08/01 03:06:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\RegGenie
[2011/08/01 02:56:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Registry Mechanic
[2011/08/01 03:50:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Simply Super Software
[2011/08/14 01:25:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Spyware Terminator
[2011/08/15 13:51:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2011/08/12 20:06:54 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2009/07/14 01:08:49 | 000,020,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP