Win7 Home Premium SP1
My computer:
Acer Aspire M3920
Intel Core i7-2600 CPU @ 3.40\GHz
RAM: 6GB
64-bit operating system
Hiya,
What happened to me is basically described in this topic: System Restore window "PC Performance & Stability analysis rep Which, for the ease of the reader, I will shamelessly copy paste I am running FF 3.6.23 (mostly because the changes that happened to FF 4 were horrid).
What I have done so far:I clicked on a bad link while browsing using Firefox7.0.1 and started to get a number of "Windows Delayed Write Failed"pop-up alerts saying like "Failed to save all the components for the file \\Systems32100001366. The file is corrupted or unreadable. This error maybe caused by PC hardware problem" and with choice buttons of Cancel - Try Again - Continue.
-- where the systems32 file (\\Systems32100001366 on my sample pop-up message) changes on each of the pop-up alerts.
I tried to close all the pop-up alerts and then I got the "System Restore" window with "PC Performance & Stability analysis report" header which lists all the possible damaged files and systems on my machine. I think I clicked on a "Resolve" or "Restore" or "Fix" button. Once I clicked the button, the System Restore starts scanning and indicated a couple of errors that were fixed and I got this error report:
- Hard drive rotational speed decreasedd by 20%
- Drive C initializing error
- Disk drive c:\ is unreadable
- System files are damaged. System is unstable
- GPU RAM temperature is critically high. Urgent RAM memory optimization...
- The problem may cause errors while loading your operating system
- RAM memory speed decreased significantly and may cause a system...
And then at there's 2 links at the end of the "System Restore" window
- Click here to activate full-functional version
- Continue with limited resolutions
I clicked on the second option, but the window didn't go away. So I clicked on the other link, which of course goes to this secured system-restore dot com page (i can't place the link here cause it might cause also cause you trouble). I ignored the form, did not buy their product. And my laptop restarted.
Took a while for the laptop to restart and when it did, my desktop files and folders were gone. And then I got the "System Restore" window again. And also got the "Files indexation process failed" window on top of that.
The Files indexation process failed window got this message --
"Indexation process failure may cause:
- File may became unreadable
- Files and documents can be lost
- Operation System may slow down dramatically
To prevent possible damage to this PC follow the recommendations.
Recommendations:
It's highly recommended to run integrity checker now and resolve this issue."
-- and a "Resolve this issue" button after the above message.
I'm not clicking any buttons and link because it may further damage my laptop. So those 2 windows are still on my desktop, Obviously, I can still work on my machine, but with these 2 windows on top of everything, so I can just work on a minimized browser and applications.
And from time to time, those "Windows Delayed Write Failed"pop-up alerts goes up. So I have to close them one by one each time.
- I used Micro housecall to scan and clean my computer of viruses.(there was just the trojan that I'd picked up last night while looking for a picture)
- I used Malwarebytes' Anti-Malware having started my computer in safe mode with networking ability (however I cannot access the internet using that so have to reboot into normal mode to do anything online) I spent several hours running this, removing *anything* it told me to, rebooting back into safe mode with networking ability and running it again till it came up clean. I did both a quick scan and the full scan just to be safe. (Found out about this from another topic here - but carefully didn't use any of the OTL fixes offered as you clearly say not to)
Log 1 of stuff found/ removed:
Log 2 of stuff found/removed:Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wyWFqiPoNAGy.exe (Trojan.FakeAlert) -> Value: wyWFqiPoNAGy.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\wywfqiponagy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\6dss92c31apgjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
What I did not do:Files Infected:
c:\Users\Magical\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40\39a696a8-3372324a (Trojan.Inject.adb) -> Quarantined and deleted successfully.
f:\documents and settings\Magical\mijn documenten\evid4226patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
f:\program files\erightsoft\SUPER\00IM.exe (Adware.Agent) -> Quarantined and deleted successfully.
- Install new firewall/antivirus as it seemed better to wait with this till the computer is sorted out, I'm not browsing the net to go anywhere but this forum for now till I know everything is back to normal so there is no risk of picking up something new.
Right now my computer is still very unhappy
- The start menu is completely empty apart from the Malwarebytes' Anti-Malware if I click on "all programmes" and computer in the side bar of the menu.
- All my personal files etc. are missing
- Catalyst Control Center has given me two popups saying "Catalyst Control Center: Host application has stopped working" - I only moved them out of my way - there is no way I'm going to click on them after what happened earlier.
- The computers sound level is above normal, cycling up and running as if I'm putting a heavy load on it for a while, then slowing down and sounding normal, it spends more time in the non-normal state than it does in the normal state.
OTL Logs:
OTL logfile created on: 11/4/2011 9:18:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Magical\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
5.98 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 69.01% Memory free
11.96 Gb Paging File | 9.92 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.95 Gb Total Space | 885.58 Gb Free Space | 95.95% Space Free | Partition Type: NTFS
Drive D: | 488.39 Gb Total Space | 261.57 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive F: | 195.31 Gb Total Space | 153.22 Gb Free Space | 78.45% Space Free | Partition Type: NTFS
Drive G: | 270.44 Gb Total Space | 217.78 Gb Free Space | 80.53% Space Free | Partition Type: NTFS
Drive K: | 249.91 Mb Total Space | 169.34 Mb Free Space | 67.76% Space Free | Partition Type: FAT
Drive M: | 434.57 Gb Total Space | 98.27 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Computer Name: BROOMSTICK | User Name: Magical | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/04 09:18:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Magical\Downloads\OTL.com
PRC - [2011/10/28 19:35:26 | 002,152,152 | -H-- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | -H-- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/28 09:32:23 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/03 07:00:42 | 000,618,600 | -H-- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/10/05 14:08:46 | 002,655,768 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 14:08:42 | 000,325,656 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/14 02:32:32 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/14 02:32:30 | 000,283,160 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/05/27 03:41:24 | 000,349,552 | -H-- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 06:11:56 | 000,407,920 | -H-- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 06:11:42 | 000,201,584 | -H-- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | -H-- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | -H-- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/08/11 12:57:26 | 000,303,104 | -H-- | M] () -- C:\Program Files (x86)\MultiScreen\MultiScreen.exe
PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/05/01 12:54:46 | 000,082,600 | -H-- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/01/01 22:22:02 | 003,739,648 | -H-- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/03 20:00:31 | 000,475,136 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/11/03 20:00:31 | 000,014,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/11/03 18:53:23 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/11/03 18:52:54 | 012,433,408 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/03 18:52:46 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/03 18:52:30 | 003,347,968 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/03 18:52:25 | 005,453,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/03 18:52:21 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/03 18:52:20 | 007,963,648 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/03 18:51:31 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/28 09:32:23 | 001,015,256 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/08/28 04:48:57 | 006,277,280 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/03 07:00:42 | 000,618,600 | -H-- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/12/03 04:44:54 | 000,151,656 | -H-- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | -H-- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/08/11 12:57:26 | 000,303,104 | -H-- | M] () -- C:\Program Files (x86)\MultiScreen\MultiScreen.exe
MOD - [2009/08/11 12:56:52 | 000,053,248 | -H-- | M] () -- C:\Program Files (x86)\MultiScreen\MGResEng.dll
MOD - [2009/08/11 12:54:36 | 000,053,248 | -H-- | M] () -- C:\Program Files (x86)\MultiScreen\SmartMouseDll.dll
MOD - [2009/08/11 12:54:28 | 000,094,208 | -H-- | M] () -- C:\Program Files (x86)\MultiScreen\TitleBar.dll
MOD - [2006/05/25 15:20:44 | 000,241,664 | -H-- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/01/10 10:03:43 | 000,203,776 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | -H-- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/28 19:35:26 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/05 14:08:46 | 002,655,768 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 14:08:42 | 000,325,656 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/14 04:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/14 02:32:32 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/05/27 03:41:06 | 000,305,520 | -H-- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 14:21:22 | 000,023,584 | -H-- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | -H-- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/10 10:31:20 | 008,283,136 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/10 09:28:18 | 000,295,424 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/21 09:31:00 | 000,316,080 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | -H-- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/11 04:40:06 | 001,014,624 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | -H-- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011/11/03 19:40:49 | 000,017,152 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.0.1.3
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:9
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.50136
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.8
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {7d575baa-b543-11dc-8314-0800200c9a66}:2.0.5
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/16 21:03:12 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/28 09:32:23 | 000,000,000 | -H-D | M]
[2011/05/01 18:09:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Extensions
[2011/11/03 23:24:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions
[2011/05/02 12:16:00 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/05/02 12:15:59 | 000,000,000 | -H-D | M] (Image Zoom) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/13 12:21:34 | 000,000,000 | -H-D | M] (RSS Ticker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2011/08/26 08:18:32 | 000,000,000 | -H-D | M] (Integrated Gmail) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2011/06/16 01:41:34 | 000,000,000 | -H-D | M] (Favicon Picker 2) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2011/06/06 01:55:11 | 000,000,000 | -H-D | M] (ChatZilla) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/05/02 12:16:00 | 000,000,000 | -H-D | M] (BitmeTV Menu) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{633b7287-e788-4131-a31c-db09d8ebbe51}(2)
[2011/05/02 12:16:00 | 000,000,000 | -H-D | M] (DNS Flusher) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{7d575baa-b543-11dc-8314-0800200c9a66}
[2011/08/31 21:54:04 | 000,000,000 | -H-D | M] (Showcase) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/26 13:00:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2011/05/01 21:32:21 | 000,000,000 | -H-D | M] (Smartest Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}
[2011/10/01 01:21:40 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/10/16 21:04:20 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/02 12:16:00 | 000,000,000 | -H-D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/10/01 01:21:41 | 000,000,000 | -H-D | M] (Add-on Compatibility Reporter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:15:57 | 000,000,000 | -H-D | M] (DNS Cache) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/10/01 01:21:40 | 000,000,000 | -H-D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:15 | 000,000,000 | -H-D | M] (British English Dictionary) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/08/25 20:57:40 | 000,000,000 | -H-D | M] ("Xmarks") -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/09/13 12:21:34 | 000,000,000 | -H-D | M] (Webmail Ad Blocker) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/09/19 01:13:54 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/09/19 01:13:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:16 | 000,000,000 | -H-D | M] (Smart Bookmarks Bar) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/05/02 12:10:17 | 000,000,000 | -H-D | M] (Tab Counter) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\tabcounter@morac
[2011/10/01 01:21:41 | 000,000,000 | -H-D | M] (BlackFox V1-Blue) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/08/26 13:00:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\extensions\[email protected]
[2011/11/01 10:08:47 | 000,001,032 | -H-- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\exigo.xml
[2010/04/30 18:04:17 | 000,001,504 | -H-- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\imdb.xml
[2010/04/24 17:18:48 | 000,002,352 | -H-- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\search-firefox-addons.xml
[2010/05/25 00:38:29 | 000,004,140 | -H-- | M] () -- C:\Users\Magical\AppData\Roaming\Mozilla\Firefox\Profiles\8ts1yyzy.default\searchplugins\youtube.xml
[2011/11/03 23:24:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/01 20:50:24 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/09/28 09:35:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/21 00:07:17 | 000,001,538 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/21 00:07:17 | 000,000,947 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/04/21 00:07:17 | 000,000,769 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/04/21 00:07:17 | 000,001,135 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCYCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCYtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Magical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Magical\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC80F5F-8843-40AD-930A-E6ECA0C8B00F}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/22 11:24:38 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{82808511-a0b8-11e0-9341-f80f410c79fa}\Shell - "" = AutoRun
O33 - MountPoints2\{82808511-a0b8-11e0-9341-f80f410c79fa}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/04 08:34:11 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{A48E29C5-8D30-46E1-B3DD-A4ACBB35EE02}
[2011/11/04 08:33:59 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Local\{5CBBD8B9-07D0-4110-B258-D84D562E514F}
[2011/11/03 23:33:46 | 000,000,000 | ---D | C] -- C:\Users\Magical\AppData\Roaming\Malwarebytes
[2011/11/03 23:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 23:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/03 23:32:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/03 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/03 19:32:52 | 000,069,376 | -H-- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/11/03 19:32:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/03 19:32:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/03 18:43:56 | 000,200,976 | -H-- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/11/03 18:06:53 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/11/03 18:04:15 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/03 17:50:36 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D4C94249-A4BD-4B7D-887D-884E143AAD16}
[2011/11/03 05:49:54 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D63D7844-9801-42DD-ADE6-4831ED93C8D2}
[2011/11/02 17:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{87E3EBB1-7FF7-4901-99D7-4DAF46AAF9D3}
[2011/11/02 05:48:33 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{43EDBA0A-6DD0-4C23-B7E8-B1B0A86B9334}
[2011/11/01 17:47:55 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{EE36652D-BAFE-4F17-9AD5-3E4DF5765A31}
[2011/11/01 05:47:18 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{637D5548-7DE6-49B0-8549-1D983001FA07}
[2011/10/31 17:46:40 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{F784FAAE-CC16-49BD-947A-884C8279F464}
[2011/10/31 11:18:29 | 000,000,000 | -H-D | C] -- C:\Users\Magical\Documents\Stuff that used to be in dropbox
[2011/10/31 05:46:02 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{92CBC907-2386-47DA-9958-63C7EFF57ED9}
[2011/10/30 17:45:25 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{35E733DD-0BA5-440F-BEC9-749E4867548A}
[2011/10/30 05:44:49 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{5CC4A491-409E-49DE-8278-786C38FA7BDC}
[2011/10/29 17:44:12 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{E6782204-61AC-493C-8AEE-B5AE825874DB}
[2011/10/29 05:43:37 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{3DC0B751-9BC6-48F2-BF39-B648D11D53A9}
[2011/10/28 17:43:01 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{0EB83299-8115-4D51-BAEE-DDCE4741254F}
[2011/10/28 05:42:27 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{F6424066-E600-4DB4-9273-8C01C900025C}
[2011/10/27 17:41:51 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{72A3BAC0-E766-4697-B006-B74608057CE6}
[2011/10/27 05:41:10 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{FEC61A44-90AF-4347-AB20-B68D9194669F}
[2011/10/26 17:40:35 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{B0B050C5-5F13-4BAD-A334-9AE589773182}
[2011/10/26 05:40:03 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{356B0CFB-26EC-426E-BAA3-CE05C2C1E2D8}
[2011/10/25 17:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{359FCEBE-7990-4F97-8198-6428C2F088D8}
[2011/10/25 05:39:00 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{3423A6EF-E8A0-4978-BDF1-A6F60AC59B71}
[2011/10/24 17:38:30 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{C4A081CD-94AF-4B21-B42F-5497DE775F41}
[2011/10/24 09:28:37 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\Microsoft Games
[2011/10/24 05:38:00 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{1B2D8A7F-970E-4E8D-AF8B-A9C01CBE25A5}
[2011/10/23 17:37:31 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{057FD8D5-C992-49A9-8440-32AE88F0147D}
[2011/10/23 05:37:02 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{74AB5993-50A0-4A03-B589-BBAB27058FAA}
[2011/10/22 17:36:34 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{EF1C193A-AA47-4766-858B-451EE4B2264B}
[2011/10/22 05:36:05 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{C2455C65-BAA2-4CDE-AB5C-564F2B642691}
[2011/10/21 17:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{B4811046-0A7C-4EB3-AE30-71FDF60F6D3A}
[2011/10/21 05:35:10 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{AB1B270B-9B8F-4DFB-AA09-EFD20202A95F}
[2011/10/20 17:34:42 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{96729716-95F0-4756-B7F6-733504C3DB04}
[2011/10/20 05:34:15 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{E18A4DE2-43C9-4E85-A2F7-B9958155721C}
[2011/10/19 17:33:48 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{914C5AF3-7A88-4746-827F-D8796D7416B3}
[2011/10/19 05:33:22 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{5B50832A-E4C7-4B3A-A7C3-6E89EB1C6274}
[2011/10/18 17:32:56 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{A6BB88B6-104F-415F-8CCD-DC9481BBF595}
[2011/10/18 05:32:29 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{EFEB572C-D1D9-4530-8431-CA99C5A2B1BA}
[2011/10/17 17:32:03 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{3F7D4546-3096-44C8-95F8-66A13E36889A}
[2011/10/17 05:31:38 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{F04A283D-3DF0-4E47-97F6-B0F60FF22E74}
[2011/10/16 17:31:13 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{C77AB15E-D2D2-4D01-AAF2-DAE89EDF0681}
[2011/10/16 17:31:01 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D32288D7-0AD4-46B7-951E-68DF21812BC2}
[2011/10/16 05:30:36 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{49224AAA-B72B-48D4-AE4D-0E96E06D77E2}
[2011/10/16 05:30:24 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{9B2182A1-7784-4409-B137-583188119E0A}
[2011/10/15 17:30:11 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{12170724-B536-47A0-9536-1D73EE3EC65F}
[2011/10/15 17:29:58 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{41CE4D19-B15E-4373-A390-12C55057950E}
[2011/10/15 05:29:44 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{9AEFF161-36B8-48F0-B59D-4E1EFC764BA3}
[2011/10/15 05:29:33 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{71C7E389-A36B-4DB6-BF3B-BF4F172E8B45}
[2011/10/14 17:29:19 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{C5857948-6208-4D04-A183-16EA4B94E248}
[2011/10/14 17:29:08 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{15AF7EB9-E426-4F55-AC62-471E12838F1C}
[2011/10/14 05:28:54 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{74E29617-D529-4D3B-BDC4-E70078294605}
[2011/10/14 05:28:43 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{7FB1650C-7722-4E51-9422-0F809C002631}
[2011/10/13 17:28:30 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{79B49105-364E-4824-9B35-8CD2544A0E5D}
[2011/10/13 17:28:18 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{E9EA43A9-B45F-4857-A27B-9461F3ABBA75}
[2011/10/13 05:28:05 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{B4F7B2F1-8E62-45A4-83AF-3C9386A96FA0}
[2011/10/13 05:27:54 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{AC2C66DF-C97F-4810-8CE5-91052FB079DB}
[2011/10/12 17:27:40 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{7F16F78E-F53D-4015-A913-CAE75C349B20}
[2011/10/12 17:27:29 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D9EE5708-1E40-4763-983A-BE05C43E4F0E}
[2011/10/12 05:27:16 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{A9161CE8-0324-47C7-8821-4A20A3F34C92}
[2011/10/12 05:27:05 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{99D0AE6F-359B-4118-919D-FF95612EB0D7}
[2011/10/11 17:26:52 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D6294A31-0536-42BA-8386-2D389D2F4592}
[2011/10/11 17:26:41 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{CC10FF82-BAEF-44B9-AEF7-CCCA3F22F520}
[2011/10/11 05:26:28 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{D252F5D3-437A-4786-9D3E-97C9976296CB}
[2011/10/11 05:26:16 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{35AE3E6C-147D-468B-BC8D-BAE4A07200C5}
[2011/10/10 17:26:02 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{15BA36FC-E267-4315-B6D8-4B67C074CD16}
[2011/10/10 17:25:50 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{B58A9741-8E1C-4B81-AEA2-A31F6006089C}
[2011/10/10 05:25:37 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{F2C5BD47-335D-4F21-9AEC-03EA3E9F328D}
[2011/10/10 05:25:25 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{02D9E395-17AD-4759-973F-1BD34112D35E}
[2011/10/09 17:25:12 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{98F81106-B978-4FC7-9DD6-EAC4020886A1}
[2011/10/09 17:25:01 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{287F8A1C-4988-4995-90B2-FDBFC2E3BB2B}
[2011/10/09 05:24:48 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{A12E1A15-2B35-4E2D-9025-97204EF4D04C}
[2011/10/09 05:24:37 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{A0AC5230-54F9-4250-AB18-9374D4849C29}
[2011/10/08 17:24:24 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{98C66D56-39E5-422A-A0CD-F45B41B07044}
[2011/10/08 17:24:12 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{3EEA039C-8C67-41CD-95CA-1EA7E2D6C516}
[2011/10/08 05:23:59 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{07952418-5AD2-48D0-A445-9B5A570DA4C4}
[2011/10/08 05:23:48 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{1D1C6212-0364-431C-AB4E-CFE5D9A32F5C}
[2011/10/07 17:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{4189085C-5F8B-453E-A979-3250D8F99B4D}
[2011/10/07 17:23:24 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{EB1F7C68-BF26-49FC-A5DF-49D5C7553349}
[2011/10/07 05:23:11 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{CF6D2F6B-B80D-4040-93C3-602CD109337C}
[2011/10/07 05:23:00 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{857B2201-BB20-44B7-8823-0DEA85701A4A}
[2011/10/06 17:22:47 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{A8F44B56-8077-44AB-B26B-8B5547A3FD3C}
[2011/10/06 17:22:36 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{0EBB3F86-BD15-4173-963C-26BF96FE36A1}
[2011/10/06 05:22:23 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{E2145067-BF04-4B7B-9EF8-E6C8D9720B85}
[2011/10/06 05:22:12 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{FED5C3EF-701E-44DC-BC02-5DB2920A4793}
[2011/10/05 17:21:58 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{5EF3E427-51BD-4907-ADAC-E239CE47C106}
[2011/10/05 17:21:47 | 000,000,000 | -H-D | C] -- C:\Users\Magical\AppData\Local\{90F5F4BF-92C6-4898-A666-F1081F04B2AA}
[2011/06/27 10:56:06 | 000,305,152 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyhcp.dll
[2011/05/30 09:33:55 | 001,417,728 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011/05/30 09:33:55 | 001,099,264 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011/05/30 09:33:55 | 000,695,808 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011/05/30 09:33:55 | 000,659,456 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011/05/30 09:33:55 | 000,566,192 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011/05/30 09:33:55 | 000,487,424 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011/05/30 09:33:55 | 000,409,600 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011/05/30 09:33:55 | 000,249,856 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011/05/30 09:33:55 | 000,238,592 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011/05/30 09:33:55 | 000,235,952 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011/05/30 09:33:55 | 000,233,392 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011/05/30 09:33:55 | 000,226,816 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011/05/30 09:33:55 | 000,181,168 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011/05/30 09:33:55 | 000,035,328 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011/05/30 09:33:55 | 000,010,752 | -H-- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011/05/27 23:06:47 | 000,270,128 | -H-- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/04 09:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At20.job
[2011/11/04 09:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At19.job
[2011/11/04 09:22:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 09:22:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 08:32:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 08:32:55 | 523,116,543 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/03 23:32:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/03 23:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At48.job
[2011/11/03 23:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At47.job
[2011/11/03 23:16:51 | 000,727,182 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/03 23:16:51 | 000,616,356 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/03 23:16:51 | 000,106,478 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/03 23:07:21 | 004,285,928 | -H-- | M] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 23:03:23 | 000,066,464 | -H-- | M] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 22:29:02 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At46.job
[2011/11/03 22:29:02 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At45.job
[2011/11/03 21:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At44.job
[2011/11/03 21:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At43.job
[2011/11/03 20:29:14 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At42.job
[2011/11/03 20:29:03 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At41.job
[2011/11/03 19:40:48 | 000,016,432 | -H-- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/03 19:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At40.job
[2011/11/03 19:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At39.job
[2011/11/03 18:50:47 | 000,274,552 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/03 18:50:39 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At8.job
[2011/11/03 18:50:39 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At6.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At9.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At7.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At5.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At4.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At38.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At36.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At34.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At32.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At30.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At28.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At26.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At24.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At22.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At2.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At37.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At35.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At33.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At31.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At3.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At29.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At27.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At25.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At23.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At21.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At18.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At16.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At14.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At12.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\At10.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At17.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At15.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At13.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At11.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\At1.job
[2011/11/03 18:44:38 | 000,000,118 | -H-- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | -H-- | M] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[2011/11/03 18:34:02 | 000,000,112 | -H-- | M] () -- C:\ProgramData\ljRkx05F5.dat
[2011/11/03 18:11:55 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/11/03 18:11:03 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/03 18:11:03 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/03 18:06:54 | 000,000,685 | -H-- | M] () -- C:\Users\Magical\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/03 18:06:54 | 000,000,661 | -H-- | M] () -- C:\Users\Magical\Desktop\System Restore.lnk
[2011/11/03 12:17:41 | 000,000,064 | -H-- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/03 12:17:41 | 000,000,044 | -H-- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/28 19:35:28 | 000,069,376 | -H-- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/03 23:32:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/03 21:04:28 | 000,016,432 | -H-- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/11/03 18:47:29 | 004,285,928 | -H-- | C] () -- C:\Users\Magical\AppData\Local\census.cache
[2011/11/03 18:47:25 | 000,066,464 | -H-- | C] () -- C:\Users\Magical\AppData\Local\ars.cache
[2011/11/03 18:44:38 | 000,000,118 | -H-- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/11/03 18:43:17 | 000,000,036 | -H-- | C] () -- C:\Users\Magical\AppData\Local\housecall.guid.cache
[2011/11/03 18:31:47 | 000,000,112 | -H-- | C] () -- C:\ProgramData\ljRkx05F5.dat
[2011/11/03 18:31:35 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At48.job
[2011/11/03 18:31:35 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At47.job
[2011/11/03 18:31:34 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At46.job
[2011/11/03 18:31:34 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At44.job
[2011/11/03 18:31:34 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At45.job
[2011/11/03 18:31:33 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At42.job
[2011/11/03 18:31:33 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At40.job
[2011/11/03 18:31:33 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At38.job
[2011/11/03 18:31:33 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At36.job
[2011/11/03 18:31:33 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At43.job
[2011/11/03 18:31:33 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At41.job
[2011/11/03 18:31:33 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At39.job
[2011/11/03 18:31:33 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At37.job
[2011/11/03 18:31:33 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At35.job
[2011/11/03 18:31:32 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At34.job
[2011/11/03 18:31:32 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At32.job
[2011/11/03 18:31:32 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At30.job
[2011/11/03 18:31:32 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At33.job
[2011/11/03 18:31:32 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At31.job
[2011/11/03 18:31:31 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At28.job
[2011/11/03 18:31:31 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At26.job
[2011/11/03 18:31:31 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At29.job
[2011/11/03 18:31:31 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At27.job
[2011/11/03 18:31:30 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At25.job
[2011/11/03 18:31:29 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At24.job
[2011/11/03 18:31:29 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At22.job
[2011/11/03 18:31:29 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At23.job
[2011/11/03 18:31:28 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At20.job
[2011/11/03 18:31:28 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At18.job
[2011/11/03 18:31:28 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At21.job
[2011/11/03 18:31:28 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At19.job
[2011/11/03 18:31:27 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At16.job
[2011/11/03 18:31:27 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At14.job
[2011/11/03 18:31:27 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At17.job
[2011/11/03 18:31:27 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At15.job
[2011/11/03 18:31:27 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At13.job
[2011/11/03 18:31:26 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At12.job
[2011/11/03 18:31:26 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At10.job
[2011/11/03 18:31:26 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At9.job
[2011/11/03 18:31:26 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At11.job
[2011/11/03 18:31:25 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At8.job
[2011/11/03 18:31:25 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At6.job
[2011/11/03 18:31:25 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At7.job
[2011/11/03 18:31:25 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At5.job
[2011/11/03 18:31:24 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At4.job
[2011/11/03 18:31:24 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\At2.job
[2011/11/03 18:31:24 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At3.job
[2011/11/03 18:31:22 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\At1.job
[2011/11/03 18:06:56 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/11/03 18:06:55 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/11/03 18:06:54 | 000,000,685 | -H-- | C] () -- C:\Users\Magical\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/03 18:06:54 | 000,000,661 | -H-- | C] () -- C:\Users\Magical\Desktop\System Restore.lnk
[2011/11/03 18:06:49 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/07/17 19:38:27 | 000,013,082 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/17 19:38:20 | 004,022,504 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/17 19:38:20 | 000,018,123 | -H-- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/06/19 20:45:14 | 001,007,358 | -H-- | C] () -- C:\Program Files\Windows-Theme-Manager-Setup.exe
[2011/06/02 14:12:06 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/30 09:33:55 | 000,385,024 | -H-- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011/05/30 09:33:55 | 000,194,048 | -H-- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011/05/30 08:25:56 | 000,734,810 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 21:28:30 | 000,007,609 | -H-- | C] () -- C:\Users\Magical\AppData\Local\resmon.resmoncfg
[2011/05/02 11:19:02 | 000,000,064 | -H-- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 11:19:02 | 000,000,044 | -H-- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/01 20:52:30 | 000,000,600 | -H-- | C] () -- C:\Users\Magical\AppData\Roaming\winscp.rnd
[2011/05/01 18:30:50 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/01 18:09:29 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/02/10 07:57:24 | 000,002,975 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 12:08:21 | 000,131,984 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2010/10/27 12:02:31 | 000,008,192 | -H-- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/05/02 12:33:43 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\acccore
[2011/09/05 21:21:33 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\dBpoweramp
[2011/11/03 18:10:18 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\Dropbox
[2011/11/03 00:05:08 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\foobar2000
[2011/05/02 12:27:31 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\Notepad++
[2011/05/01 15:51:51 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\OEM
[2011/11/03 18:07:29 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\SoftGrid Client
[2011/10/31 15:12:20 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\TeraCopy
[2011/06/19 20:47:46 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\ThemeManager
[2011/05/30 08:26:29 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\TP
[2011/11/04 08:34:40 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\uTorrent
[2011/07/31 04:35:25 | 000,000,000 | -H-D | M] -- C:\Users\Magical\AppData\Roaming\Windows Live Writer
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At1.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At10.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At11.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At12.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At13.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At14.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At15.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At16.job
[2011/11/03 18:50:36 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At17.job
[2011/11/03 18:50:36 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At18.job
[2011/11/04 09:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At19.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At2.job
[2011/11/04 09:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At20.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At21.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At22.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At23.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At24.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At25.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At26.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At27.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At28.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At29.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At3.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At30.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At31.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At32.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At33.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At34.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At35.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At36.job
[2011/11/03 18:50:38 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At37.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At38.job
[2011/11/03 19:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At39.job
[2011/11/03 18:50:38 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At4.job
[2011/11/03 19:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At40.job
[2011/11/03 20:29:03 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At41.job
[2011/11/03 20:29:14 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At42.job
[2011/11/03 21:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At43.job
[2011/11/03 21:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At44.job
[2011/11/03 22:29:02 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At45.job
[2011/11/03 22:29:02 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At46.job
[2011/11/03 23:29:00 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At47.job
[2011/11/03 23:29:00 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At48.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At5.job
[2011/11/03 18:50:39 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At6.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At7.job
[2011/11/03 18:50:39 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\At8.job
[2011/11/03 18:50:39 | 000,000,350 | -H-- | M] () -- C:\Windows\Tasks\At9.job
[2009/07/14 06:08:49 | 000,010,722 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >
Anyone who go tot he bottom of this massive post is a brave soul and deserves a medal - Thanks for looking, thanks for being here and I hope that there is a solution to this. Please let me know if there is anything I missed or anything additional that you need to know.
Magical -/- Magic
Edit: I decided to look and see what was using up so much of my computers resources and there appears to be a programme called PING.EXE *32 that is eating up 88% of my CPU at the times that my computer is being loud. I killed the process as it really isn't needed to have it on *all the time* but I have a feeling that it may need more other than that. I hope doing this wasn't "a bad thing"
Edit 2: It started itself back up again and is again using 88% of the resources - I'm going to leave it as is now as it was only off for about 2 minutes.
Edited by Magicless, 04 November 2011 - 03:58 AM.