Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ping.exe 32* infection

Started by Garlet01 , Dec 07 2011 01:25 PM

  • Please log in to reply

#1
Garlet01
Posted 07 December 2011 - 01:25 PM

Garlet01

    Member

  • Member
  • PipPip
  • 42 posts
I am current infected with a nasty viruse calling itself PING.exe 32* according to my task manger eats all my cpu and makes surfing the web impossiable
when terminating its process it only comes back second b4 heres the OTL:
OTL logfile created on: 12/7/2011 2:18:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ante Koscica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003009 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 64.30% Memory free
7.35 Gb Paging File | 5.82 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 176.17 Gb Free Space | 38.92% Space Free | Partition Type: NTFS

Computer Name: ANTEKOSCICA-PC | User Name: Ante Koscica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/07 14:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ante Koscica\Downloads\OTL.exe
PRC - [2011/11/13 11:13:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/07/31 22:55:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/13 11:13:14 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/05/19 09:42:10 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/04/22 12:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2010/03/17 12:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/12/04 20:28:42 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/05 18:29:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/31 22:55:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/10/21 15:09:00 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/26 14:18:01 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/15 00:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/14 21:46:56 | 000,727,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/24 04:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/04 04:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/25 04:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/07 14:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/06 08:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/12/03 16:37:38 | 000,040,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys -- (wolf)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...34z165a4622d261
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...34z165a4622d261
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...34z165a4622d261
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...34z165a4622d261

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...34z165a4622d261
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=161107
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.gate...34z165a4622d261
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20110805"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20110805&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ante Koscica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ante Koscica\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ante Koscica\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ante Koscica\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ante Koscica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 11:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 14:18:13 | 000,000,000 | ---D | M]

[2011/10/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Extensions
[2011/10/03 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/10 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions
[2011/08/05 11:04:01 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/10/08 12:20:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\[email protected]
[2011/10/10 15:15:12 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\[email protected]
[2011/05/18 18:33:19 | 000,002,242 | ---- | M] () -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\searchplugins\AOL Search.xml
[2011/08/05 11:04:00 | 000,001,945 | ---- | M] () -- C:\Users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\searchplugins\bing-zugo.xml
[2011/11/14 06:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 12:50:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/13 11:13:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/05/18 18:33:19 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2011/09/30 18:22:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/13 11:13:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ante Koscica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ante Koscica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Ante Koscica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKCU..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Ante Koscica\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: DhcpNameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: NameServer = 208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klartew: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll) - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\klartew.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{10697271-c1d4-11e0-93b1-88ae1d100ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{10697271-c1d4-11e0-93b1-88ae1d100ce7}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{10697271-c1d4-11e0-93b1-88ae1d100ce7}\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\{c3212d58-184e-11e1-8e6c-88ae1d100ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{c3212d58-184e-11e1-8e6c-88ae1d100ce7}\Shell\AutoRun\command - "" = E:\automenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 17:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/06 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/06 16:11:49 | 000,325,120 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Ante Koscica\AppData\Local\hdo.exe
[2011/12/06 15:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/06 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/06 13:52:41 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Reviversoft
[2011/12/06 13:51:42 | 000,018,760 | ---- | C] (ReviverSoft) -- C:\Windows\SysNative\roboot64.exe
[2011/12/06 13:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2011/12/04 21:20:39 | 000,000,000 | ---D | C] -- C:\a60e6ae52424934a42198c2941b0bb
[2011/12/04 20:28:42 | 000,670,224 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2011/12/03 15:47:11 | 000,000,000 | ---D | C] -- C:\Game
[2011/12/03 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/12/03 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\IObit
[2011/12/03 14:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/12/01 21:58:13 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Grand Ages Rome
[2011/11/29 19:02:40 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\Desktop\New folder (3)
[2011/11/29 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CorsixTH
[2011/11/29 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\CorsixTH
[2011/11/29 18:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\CorsixTH
[2011/11/29 15:48:42 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Reign of Augustus
[2011/11/29 13:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/28 13:19:33 | 000,000,000 | ---D | C] -- C:\Windows\Simple Port Forwarding
[2011/11/28 13:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding
[2011/11/28 13:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\Desktop\New folder (2)
[2011/11/27 19:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Akella Games
[2011/11/26 14:18:01 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/26 14:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/11/26 14:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/11/19 20:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/11/18 15:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Malwarebytes
[2011/11/18 15:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/18 15:53:17 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/18 15:47:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ante Koscica\Desktop\iexplore.exe
[2011/11/18 15:22:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/11/18 14:52:26 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garena
[2011/11/18 14:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2011/11/18 14:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Classic
[2011/11/17 13:18:38 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/11/16 17:03:18 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Local\ElevatedDiagnostics
[2011/11/14 19:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/14 19:52:42 | 000,000,000 | ---D | C] -- C:\Users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
[2011/11/14 19:52:26 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/11 15:29:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/11/11 15:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/11 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/05/18 17:13:53 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/12/07 14:12:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 13:40:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001UA.job
[2011/12/07 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/07 13:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/07 12:34:20 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:34:20 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:27:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc6f79872145ec.job
[2011/12/07 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/07 12:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/07 12:26:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/07 12:26:26 | 2962,219,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/06 21:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/06 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/06 20:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/06 19:27:02 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/06 19:27:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/06 18:27:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/06 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/06 17:43:44 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/06 17:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/06 17:05:02 | 000,012,076 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 17:05:02 | 000,012,076 | -HS- | M] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/06 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/06 16:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/06 16:11:49 | 000,325,120 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Ante Koscica\AppData\Local\hdo.exe
[2011/12/06 15:45:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/06 15:42:02 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/06 15:42:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/04 20:28:42 | 000,670,224 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem
[2011/12/04 20:22:14 | 000,015,414 | -HS- | M] () -- C:\Users\Ante Koscica\AppData\Local\6m87wd2e03u886
[2011/12/04 20:22:14 | 000,015,414 | -HS- | M] () -- C:\ProgramData\6m87wd2e03u886
[2011/12/04 14:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/04 14:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/04 11:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/04 11:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/04 10:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001Core.job
[2011/12/04 10:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/04 10:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/04 01:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/04 01:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/04 00:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/04 00:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/03 23:50:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/03 23:50:47 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/03 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/03 22:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/03 18:28:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\7XMWv.com.b
[2011/12/03 18:28:01 | 000,000,112 | ---- | M] () -- C:\ProgramData\mXSYmh3.dat
[2011/12/03 18:27:59 | 000,116,224 | ---- | M] () -- C:\Windows\SysWow64\7XMWv.com_
[2011/11/26 14:18:01 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/22 13:59:47 | 000,000,000 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\New Bitmap Image.bmp
[2011/11/19 10:17:29 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/19 09:45:36 | 000,348,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/18 16:26:10 | 000,001,444 | ---- | M] () -- C:\Users\Ante Koscica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/18 15:52:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/18 15:52:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/18 15:51:29 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ante Koscica\Desktop\iexplore.exe
[2011/11/18 15:03:56 | 000,001,044 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\Garena Classic.lnk
[2011/11/18 13:51:29 | 000,051,270 | ---- | M] () -- C:\Users\Ante Koscica\AppData\Roaming\room_v3.dat
[2011/11/16 20:49:09 | 000,002,346 | ---- | M] () -- C:\Users\Ante Koscica\Desktop\Ante

========== Files Created - No Company Name ==========

[2011/12/06 17:43:44 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/06 16:11:54 | 000,012,076 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\105818a8j030q312r082c0vio3s4
[2011/12/06 16:11:54 | 000,012,076 | -HS- | C] () -- C:\ProgramData\105818a8j030q312r082c0vio3s4
[2011/12/06 15:43:02 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/06 13:14:57 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\vorbisfile.dll
[2011/12/04 20:07:56 | 000,015,414 | -HS- | C] () -- C:\Users\Ante Koscica\AppData\Local\6m87wd2e03u886
[2011/12/04 20:07:56 | 000,015,414 | -HS- | C] () -- C:\ProgramData\6m87wd2e03u886
[2011/12/03 19:27:06 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\7XMWv.com_
[2011/12/03 18:28:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\7XMWv.com.b
[2011/12/03 18:25:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/03 18:25:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/03 18:25:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/03 18:25:07 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/03 18:25:07 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/03 18:25:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/03 18:25:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/03 18:25:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/03 18:25:05 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/03 18:25:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/03 18:25:04 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/03 18:25:04 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/03 14:50:11 | 000,022,872 | ---- | C] () -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2011/11/27 19:11:33 | 002,390,779 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\Data.hpk
[2011/11/22 13:59:47 | 000,000,000 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\New Bitmap Image.bmp
[2011/11/18 15:52:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/18 15:52:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/18 14:52:27 | 000,001,044 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\Garena Classic.lnk
[2011/11/17 18:06:42 | 000,002,346 | ---- | C] () -- C:\Users\Ante Koscica\Desktop\Ante
[2011/11/15 19:49:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\mXSYmh3.dat
[2011/09/23 20:45:40 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/21 15:45:02 | 000,000,155 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2011/07/31 22:55:39 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/31 22:55:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/07/22 11:47:45 | 000,051,270 | ---- | C] () -- C:\Users\Ante Koscica\AppData\Roaming\room_v3.dat
[2011/07/20 13:21:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/23 14:56:17 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 21:31:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/18 18:03:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/18 17:13:53 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/05/18 17:13:53 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/05/18 17:13:53 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/29 23:09:45 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/04/29 23:09:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/04/29 23:09:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/29 23:09:44 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/04/29 23:09:43 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2011/12/03 10:22:23 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\.minecraft
[2011/05/18 18:34:09 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\acccore
[2011/11/29 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\CorsixTH
[2011/08/12 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\DAEMON Tools Lite
[2011/10/02 08:44:22 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\GameRanger
[2011/08/19 10:23:20 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\go
[2011/12/02 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Grand Ages Rome
[2011/07/22 11:28:33 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\ijjigame
[2011/12/03 14:19:34 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\IObit
[2011/10/19 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Mount&Blade Warband
[2011/10/19 11:44:31 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/10/09 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Need for Speed World
[2011/06/05 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\NeopleLauncherDFO
[2011/07/28 22:50:03 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\ooVoo Details
[2011/08/05 11:03:35 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\OpenCandy
[2011/10/23 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Opera
[2011/09/04 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Packard Bell
[2011/10/03 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Prism
[2011/08/05 11:06:16 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Publish Providers
[2011/12/01 15:25:04 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Reign of Augustus
[2011/12/06 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Reviversoft
[2011/10/31 19:39:01 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Sierra
[2011/05/20 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\SNS
[2011/08/05 11:06:13 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Sony
[2011/10/20 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Spotify
[2011/08/20 11:04:50 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\SystemRequirementsLab
[2011/08/12 15:59:14 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\TeamViewer
[2011/09/22 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\The Creative Assembly
[2011/08/05 15:30:14 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Unity
[2011/12/03 14:50:31 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\uTorrent
[2011/09/01 11:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\Virtual City
[2011/09/01 09:27:22 | 000,000,000 | ---D | M] -- C:\Users\Ante Koscica\AppData\Roaming\YoudaGames
[2011/12/04 00:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/04 00:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/04 10:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/04 10:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/04 11:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/04 11:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/07 12:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/07 12:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/07 13:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/07 13:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/04 14:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/04 01:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/04 14:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/06 15:42:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/06 15:42:02 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/06 16:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/06 16:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/06 17:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/06 17:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/06 18:27:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/06 18:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/06 19:27:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/04 01:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/06 19:27:02 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/06 20:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/06 20:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/06 21:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/06 21:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/03 22:27:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/03 22:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/03 23:50:47 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/03 23:50:47 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/03 19:38:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/03 19:38:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/11/14 21:54:56 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 12/7/2011 2:18:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ante Koscica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003009 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 64.30% Memory free
7.35 Gb Paging File | 5.82 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.65 Gb Total Space | 176.17 Gb Free Space | 38.92% Space Free | Partition Type: NTFS

Computer Name: ANTEKOSCICA-PC | User Name: Ante Koscica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01D03306-3CEE-4630-B6F3-AA78638E9F2F}_is1" = VirtualCity
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 26
"{285A4E07-E07B-44CF-840C-224B7BAC66C5}_is1" = Supreme Ruler Cold War 7.0.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{47d5797d-2cae-4a48-906b-db4bbd69e9ac}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6F9FAD3F-61F9-489C-8431-572D3CB2F75C}" = Glowing Touchpad
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961346DF-FE43-4392-99FC-47B1F5A882C3}" = GKLauncher
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D639D7B1-6A00-4B47-BB62-3A9AEB4B1928}" = KarosOnline_ijji
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIM_7" = AIM 7
"Army Men RTS" = Army Men RTS
"Combat Arms" = Combat Arms
"CorsixTH" = CorsixTH Beta 8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DFO" = DFOLauncher
"DragonNest" = DragonNest
"GameSpy Arcade" = GameSpy Arcade
"Garena Classic 2011" = Garena Classic 2011
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"Google Chrome" = Google Chrome
"Gunz" = ijji - Gunz
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Mount&Blade Warband" = Mount&Blade Warband
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"OpenTTD" = OpenTTD 1.1.0
"Opera 11.52.1100" = Opera 11.52
"PopTag" = PopTag!
"PunkBusterSvc" = PunkBuster Services
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"StartNow Toolbar" = StartNow Toolbar
"Steam App 10620" = Empire: Total War Demo
"Steam App 23450" = Grand Ages: Rome
"Steam App 31740" = Iron Grip: Marauders
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 99900" = Spiral Knights
"SuddenAttackNA" = SuddenAttack
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Game Organizer" = EasyBits GO
"GameRanger" = GameRanger
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Panic Button" = Panic Button
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2011 1:13:20 PM | Computer Name = AnteKoscica-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NisSrv.exe, version: 3.0.8402.0, time stamp:
0x4db8b248 Faulting module name: NisSrv.exe, version: 3.0.8402.0, time stamp: 0x4db8b248
Exception
code: 0xc0000005 Fault offset: 0x000000000001ea0a Faulting process id: 0x7c4 Faulting
application start time: 0x01cc794395d5a232 Faulting application path: c:\Program
Files\Microsoft Security Client\Antimalware\NisSrv.exe Faulting module path: c:\Program
Files\Microsoft Security Client\Antimalware\NisSrv.exe Report Id: 2ada1068-e53e-11e0-adf8-88ae1d100ce7

Error - 9/22/2011 1:40:57 PM | Computer Name = AnteKoscica-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.1065.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 7bc Start
Time: 01cc79458e86c1fb Termination Time: 15 Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report
Id: 01eed10f-e542-11e0-adf8-88ae1d100ce7

Error - 9/22/2011 1:42:25 PM | Computer Name = AnteKoscica-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.1065.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13ac Start
Time: 01cc794ef38990fe Termination Time: 16 Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report
Id: 3a3cc9bd-e542-11e0-adf8-88ae1d100ce7

Error - 9/22/2011 4:06:54 PM | Computer Name = AnteKoscica-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4e67e6c8 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e67e807 Exception code: 0xc0000005 Fault offset: 0x6ffde649 Faulting
process id: 0x10b8 Faulting application start time: 0x01cc794fb61a52cf Faulting application
path: c:\program files (x86)\steam\steamapps\garlet00\team fortress 2\hl2.exe Faulting
module path: filesystem_steam.dll Report Id: 6a1733d6-e556-11e0-adf8-88ae1d100ce7

Error - 9/22/2011 7:05:32 PM | Computer Name = AnteKoscica-PC | Source = Application Hang | ID = 1002
Description = The program Steam.exe version 1.0.1065.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e10 Start
Time: 01cc796e8b9f02fb Termination Time: 10 Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report
Id: 2f91f6e4-e56f-11e0-b4b0-88ae1d100ce7

Error - 9/22/2011 10:00:45 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The first DWORD
in the Data section contains the error code.

Error - 9/22/2011 10:00:45 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Windows Workflow
Foundation 4.0.0.0 (Windows Workflow Foundation 4.0.0.0) failed. The first DWORD
in the Data section contains the error code.

Error - 9/22/2011 10:02:13 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The first DWORD in the Data section contains the
error code.

Error - 9/22/2011 10:02:14 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description =

Error - 9/22/2011 10:02:14 PM | Computer Name = AnteKoscica-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 12/7/2011 1:51:47 PM | Computer Name = AnteKoscica-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/7/2011 1:51:47 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7000
Description = The vtany service failed to start due to the following error: %%1275

Error - 12/7/2011 1:51:47 PM | Computer Name = AnteKoscica-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/7/2011 1:51:47 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7000
Description = The vtany service failed to start due to the following error: %%1275

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7000
Description = The vtany service failed to start due to the following error: %%1275

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7000
Description = The vtany service failed to start due to the following error: %%1275

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\vtany.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/7/2011 1:51:48 PM | Computer Name = AnteKoscica-PC | Source = Service Control Manager | ID = 7000
Description = The vtany service failed to start due to the following error: %%1275


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 07 December 2011 - 06:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
Garlet01
Posted 12 December 2011 - 09:33 AM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Finnished first program going on next program here the file
ComboFix 11-12-12.02 - Ante Koscica 12/12/2011 10:05:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2684 [GMT -5:00]
Running from: c:\users\Ante Koscica\Desktop\New folder (4)\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\CE73\2AD6.tmp
c:\program files (x86)\LP\CE73\444F.tmp
c:\program files (x86)\LP\CE73\6162.tmp
c:\program files (x86)\LP\CE73\B4B0.tmp
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Ante Koscica\AppData\Local\hdo.exe
c:\users\Ante Koscica\AppData\Local\usr.exe
c:\users\Ante Koscica\AppData\Roaming\AcroIEHelpe.dll
c:\users\Ante Koscica\AppData\Roaming\AcroIEHelpe.txt
c:\users\Ante Koscica\AppData\Roaming\appconf32.exe
c:\users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\searchplugins\bing-zugo.xml
c:\users\Ante Koscica\AppData\Roaming\srvblck2.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 15:19 . 2011-12-12 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 14:56 . 2011-12-11 14:56 -------- d-----w- C:\3de15e684e5b5a88083a16b338f8
2011-12-10 18:46 . 2011-12-10 18:46 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Pogo
2011-12-10 18:46 . 2011-12-10 18:46 -------- d-----w- c:\programdata\Pogo
2011-12-10 18:45 . 2011-12-11 02:09 -------- d-----w- c:\program files (x86)\Monopoly City
2011-12-10 15:51 . 2011-12-10 15:51 32256 ----a-w- c:\windows\SysWow64\7XMWv.com
2011-12-10 03:48 . 2011-12-10 03:48 -------- d-----w- C:\a5700f55a8917d88c1b1a7afb40c
2011-12-09 01:11 . 2011-12-09 01:11 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\5053
2011-12-09 00:14 . 2011-12-09 00:14 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\xmldm
2011-12-09 00:14 . 2011-12-09 00:14 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\kock
2011-12-08 03:35 . 2011-12-08 03:35 -------- d-----w- C:\ff95d097057bc4ada87d835e712a851c
2011-12-07 20:48 . 2011-12-07 20:48 -------- d-----w- C:\247212dc3d0b714a331e43d13d
2011-12-06 22:43 . 2011-12-06 22:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-06 18:52 . 2011-12-06 21:50 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Reviversoft
2011-12-06 18:51 . 2011-12-06 18:51 -------- d-----w- c:\program files (x86)\Reviversoft
2011-12-06 18:51 . 2011-08-09 22:26 18760 ----a-w- c:\windows\system32\roboot64.exe
2011-12-06 18:14 . 2011-09-27 10:59 77824 ----a-w- c:\windows\SysWow64\vorbisfile.dll
2011-12-05 02:20 . 2011-12-05 02:20 -------- d-----w- C:\a60e6ae52424934a42198c2941b0bb
2011-12-05 01:31 . 2011-12-05 01:32 -------- d-----w- c:\users\Guest
2011-12-05 01:28 . 2011-12-05 01:28 670224 ----a-w- c:\windows\SysWow64\xsherlock.xem
2011-12-03 20:47 . 2011-12-03 20:47 -------- d-----w- C:\Game
2011-12-03 19:50 . 2011-10-20 04:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-03 19:20 . 2011-12-03 19:20 -------- d-----w- c:\programdata\IObit
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\IObit
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files (x86)\IObit
2011-12-02 02:58 . 2011-12-03 01:15 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Grand Ages Rome
2011-11-29 23:44 . 2011-11-29 23:44 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\CorsixTH
2011-11-29 23:44 . 2011-11-29 23:44 -------- d-----w- c:\program files\CorsixTH
2011-11-29 20:48 . 2011-12-01 20:25 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Reign of Augustus
2011-11-29 18:30 . 2011-11-29 18:30 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-29 18:30 . 2011-11-29 18:30 -------- d-----w- c:\program files\Java
2011-11-28 18:19 . 2011-12-05 01:23 -------- d-----w- c:\program files (x86)\Simple Port Forwarding
2011-11-28 18:19 . 2011-11-28 18:19 -------- d-----w- c:\windows\Simple Port Forwarding
2011-11-28 00:14 . 2007-10-22 08:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2011-11-28 00:10 . 2011-11-28 00:10 -------- d-----w- c:\program files (x86)\Akella Games
2011-11-26 19:18 . 2011-11-26 19:18 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-26 19:17 . 2011-11-26 19:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-20 01:47 . 2011-12-05 01:22 -------- d-----w- c:\programdata\SecTaskMan
2011-11-18 20:53 . 2011-11-18 20:53 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Malwarebytes
2011-11-18 20:53 . 2011-11-18 20:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-18 20:53 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 20:22 . 2011-11-18 20:22 -------- d-----w- c:\windows\system32\SPReview
2011-11-18 19:52 . 2011-11-18 21:27 -------- d-----w- c:\program files (x86)\Garena Classic
2011-11-17 18:18 . 2011-11-17 18:18 -------- d-----w- C:\found.005
2011-11-16 22:03 . 2011-11-16 22:03 -------- d-----w- c:\users\Ante Koscica\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-12-02 23:11 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B954241B-FE25-458B-B108-465E52DF025D}\mpengine.dll
2011-11-18 20:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-18 20:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-08 17:32 . 2011-08-01 04:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-08 17:32 . 2011-08-01 03:55 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-08 17:28 . 2011-08-01 03:55 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 16:29 . 2011-11-09 19:46 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 19:46 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
c:\users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Ante Koscica\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-8-16 1449696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]
2011-11-29 22:47 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 etdphrkf;etdphrkf;c:\windows\system32\drivers\etdphrkf.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\KarosOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wolf;wolf;c:\game\SoftnyxGame\WolfTeamIS\wolf64.sys [2011-12-03 40056]
R3 X6va002;X6va002;c:\users\ANTEKO~1\AppData\Local\Temp\002F8D1.tmp [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-03-17 866336]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-03-08 250368]
R4 ODDPwrSvc;Acer ODD Power Service;c:\program files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6f79872145ec.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 01:59]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 01:59]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001Core.job
- c:\users\Ante Koscica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 00:23]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001UA.job
- c:\users\Ante Koscica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 00:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF30580.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=161107
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=id49c&r=273605115625l0434z165a4622d261
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: NameServer = 208.67.220.220
TCP: Interfaces\{E87118A4-5ACA-4C3D-99FD-08A79A3CA1C1}: NameServer = 208.67.220.220
FF - ProfilePath - c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z164&install_date=20110805
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20110805&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Advanced SystemCare 5 - c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va002]
"ImagePath"="\??\c:\users\ANTEKO~1\AppData\Local\Temp\002F8D1.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,53,29,03,19,b2,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-12-12 10:30:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 15:30
.
Pre-Run: 185,160,400,896 bytes free
Post-Run: 185,941,671,936 bytes free
.
- - End Of File - - 9C69E9E37CCD029728A39159F31D96E0
  • 0

#4
Garlet01
Posted 12 December 2011 - 09:38 AM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
TDSSKiller: no threats found
  • 0

#5
Garlet01
Posted 12 December 2011 - 09:55 AM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ran aswMBR had to click FixMBR log :
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 10:41:02
-----------------------------
10:41:02.502 OS Version: Windows x64 6.1.7601 Service Pack 1
10:41:02.502 Number of processors: 4 586 0x2502
10:41:02.503 ComputerName: ANTEKOSCICA-PC UserName: Ante Koscica
10:41:04.724 Initialize success
10:50:39.098 AVAST engine defs: 11121200
10:50:57.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:50:57.220 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:50:57.250 Disk 0 MBR read successfully
10:50:57.254 Disk 0 MBR scan
10:50:57.262 Disk 0 Windows 7 default MBR code
10:50:57.268 Service scanning
10:50:58.571 Modules scanning
10:50:58.577 Scan finished successfully
10:52:18.157 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:52:18.157 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 10:41:02
-----------------------------
10:41:02.502 OS Version: Windows x64 6.1.7601 Service Pack 1
10:41:02.502 Number of processors: 4 586 0x2502
10:41:02.503 ComputerName: ANTEKOSCICA-PC UserName: Ante Koscica
10:41:04.724 Initialize success
10:50:39.098 AVAST engine defs: 11121200
10:50:57.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:50:57.220 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:50:57.250 Disk 0 MBR read successfully
10:50:57.254 Disk 0 MBR scan
10:50:57.262 Disk 0 Windows 7 default MBR code
10:50:57.268 Service scanning
10:50:58.571 Modules scanning
10:50:58.577 Scan finished successfully
10:52:18.157 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:52:18.157 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"
10:52:34.183 Verifying
10:52:44.214 Disk 0 Windows 601 MBR fixed successfully
10:52:57.143 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:52:57.159 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 10:41:02
-----------------------------
10:41:02.502 OS Version: Windows x64 6.1.7601 Service Pack 1
10:41:02.502 Number of processors: 4 586 0x2502
10:41:02.503 ComputerName: ANTEKOSCICA-PC UserName: Ante Koscica
10:41:04.724 Initialize success
10:50:39.098 AVAST engine defs: 11121200
10:50:57.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:50:57.220 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:50:57.250 Disk 0 MBR read successfully
10:50:57.254 Disk 0 MBR scan
10:50:57.262 Disk 0 Windows 7 default MBR code
10:50:57.268 Service scanning
10:50:58.571 Modules scanning
10:50:58.577 Scan finished successfully
10:52:18.157 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:52:18.157 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"
10:52:34.183 Verifying
10:52:44.214 Disk 0 Windows 601 MBR fixed successfully
10:52:57.143 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:52:57.159 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"
10:53:44.334 Disk 0 MBR has been saved successfully to "C:\Users\Ante Koscica\Desktop\MBR.dat"
10:53:44.334 The log file has been saved successfully to "C:\Users\Ante Koscica\Desktop\aswMBR.txt"
  • 0

#6
RKinner
Posted 12 December 2011 - 12:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Are you having problems running MBAM and a final OTL?
  • 0

#7
Garlet01
Posted 13 December 2011 - 07:22 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
sry i forgot the post this >,,<
ping32*exe and win7 malware came bk after running malwarebytes... so didn;t do the OTL if u want i will
i am going to retry this whole process again tmrw
  • 0

#8
Garlet01
Posted 13 December 2011 - 08:16 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Second thought i will w8 for ur response as u told me not to run combo fix more then once
thanks for u patience
  • 0

#9
RKinner
Posted 13 December 2011 - 11:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Go ahead and run through the whole process again. Then:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

I got the combofix instructions from another site I work on. I think I'm going to edit them to remove the bit about only run it once. With ZeroAccess it is probably wiser to run it twice in a row. I think the problem was they didn't want the log overwritten so as long as you post the log you can run it again.
  • 0

#10
Garlet01
Posted 15 December 2011 - 08:51 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
oky i am about to run Avast....
uuummm the combo report just dissapeared i saved it on desktop
i will inform u on everything tmrw but would u mind helping me with anther problem afterwards?
  • 0

Advertisements

#11
RKinner
Posted 15 December 2011 - 09:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If the combofix log is hidden you can get it back with unhide.exe:

Download, Save and Right click on unhide.exe and Run As Administrator from

http://download.blee...nler/unhide.exe


I'll try to help you with whatever is wrong with your PC.
  • 0

#12
Garlet01
Posted 16 December 2011 - 01:38 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
oky first i am geting half faded icons can;t open them ,,, are they safe if not how do i remove them?
  • 0

#13
Garlet01
Posted 16 December 2011 - 01:38 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ComboFix 11-12-12.02 - Ante Koscica 12/15/2011 21:15:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2890 [GMT -5:00]
Running from: c:\users\Ante Koscica\Desktop\New folder (4)\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ante Koscica\AppData\Local\gre.exe
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-11 14:56 . 2011-12-11 14:56 -------- d-----w- C:\3de15e684e5b5a88083a16b338f8
2011-12-10 18:46 . 2011-12-10 18:46 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Pogo
2011-12-10 18:46 . 2011-12-10 18:46 -------- d-----w- c:\programdata\Pogo
2011-12-10 18:45 . 2011-12-12 16:35 -------- d-----w- c:\program files (x86)\Monopoly City
2011-12-10 15:51 . 2011-12-10 15:51 32256 ----a-w- c:\windows\SysWow64\7XMWv.com
2011-12-10 03:48 . 2011-12-10 03:48 -------- d-----w- C:\a5700f55a8917d88c1b1a7afb40c
2011-12-09 01:11 . 2011-12-09 01:11 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\5053
2011-12-09 00:14 . 2011-12-09 00:14 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\xmldm
2011-12-09 00:14 . 2011-12-09 00:14 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\kock
2011-12-08 03:35 . 2011-12-08 03:35 -------- d-----w- C:\ff95d097057bc4ada87d835e712a851c
2011-12-07 20:48 . 2011-12-07 20:48 -------- d-----w- C:\247212dc3d0b714a331e43d13d
2011-12-06 22:43 . 2011-12-12 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-06 18:52 . 2011-12-06 21:50 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Reviversoft
2011-12-06 18:51 . 2011-12-06 18:51 -------- d-----w- c:\program files (x86)\Reviversoft
2011-12-06 18:51 . 2011-08-09 22:26 18760 ----a-w- c:\windows\system32\roboot64.exe
2011-12-06 18:14 . 2011-09-27 10:59 77824 ----a-w- c:\windows\SysWow64\vorbisfile.dll
2011-12-05 02:20 . 2011-12-05 02:20 -------- d-----w- C:\a60e6ae52424934a42198c2941b0bb
2011-12-05 01:31 . 2011-12-05 01:32 -------- d-----w- c:\users\Guest
2011-12-05 01:28 . 2011-12-05 01:28 670224 ----a-w- c:\windows\SysWow64\xsherlock.xem
2011-12-03 20:47 . 2011-12-03 20:47 -------- d-----w- C:\Game
2011-12-03 19:50 . 2011-10-20 04:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-03 19:20 . 2011-12-03 19:20 -------- d-----w- c:\programdata\IObit
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\IObit
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files (x86)\IObit
2011-12-02 02:58 . 2011-12-03 01:15 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Grand Ages Rome
2011-11-29 23:44 . 2011-11-29 23:44 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\CorsixTH
2011-11-29 23:44 . 2011-11-29 23:44 -------- d-----w- c:\program files\CorsixTH
2011-11-29 20:48 . 2011-12-01 20:25 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Reign of Augustus
2011-11-29 18:30 . 2011-11-29 18:30 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-29 18:30 . 2011-11-29 18:30 -------- d-----w- c:\program files\Java
2011-11-28 18:19 . 2011-12-05 01:23 -------- d-----w- c:\program files (x86)\Simple Port Forwarding
2011-11-28 18:19 . 2011-11-28 18:19 -------- d-----w- c:\windows\Simple Port Forwarding
2011-11-28 00:14 . 2007-10-22 08:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2011-11-28 00:10 . 2011-11-28 00:10 -------- d-----w- c:\program files (x86)\Akella Games
2011-11-26 19:18 . 2011-11-26 19:18 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-26 19:17 . 2011-11-26 19:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-20 01:47 . 2011-12-05 01:22 -------- d-----w- c:\programdata\SecTaskMan
2011-11-18 20:53 . 2011-11-18 20:53 -------- d-----w- c:\users\Ante Koscica\AppData\Roaming\Malwarebytes
2011-11-18 20:53 . 2011-11-18 20:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-18 20:53 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 20:22 . 2011-11-18 20:22 -------- d-----w- c:\windows\system32\SPReview
2011-11-18 19:52 . 2011-11-18 21:27 -------- d-----w- c:\program files (x86)\Garena Classic
2011-11-17 18:18 . 2011-11-17 18:18 -------- d-----w- C:\found.005
2011-11-16 22:03 . 2011-11-16 22:03 -------- d-----w- c:\users\Ante Koscica\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-12-02 23:11 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B954241B-FE25-458B-B108-465E52DF025D}\mpengine.dll
2011-11-18 20:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-18 20:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-08 17:32 . 2011-08-01 04:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-08 17:32 . 2011-08-01 03:55 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-08 17:28 . 2011-08-01 03:55 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-09-29 16:29 . 2011-11-09 19:46 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 19:46 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-12_15.21.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-15 01:05 . 2011-12-15 02:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-11-15 01:05 . 2011-12-12 15:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-15 02:15 . 2011-12-15 00:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2011-11-15 02:15 . 2011-12-12 14:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-14 21:31 . 2011-12-15 01:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121420111215\index.dat
+ 2011-12-14 01:15 . 2011-12-14 02:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121320111214\index.dat
+ 2011-12-14 01:15 . 2011-12-14 01:08 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011120520111212\index.dat
- 2011-11-15 01:07 . 2011-12-12 15:00 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-15 01:07 . 2011-12-15 23:53 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-04-30 03:22 . 2011-12-16 02:11 53560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-16 02:33 31572 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-18 23:14 . 2011-12-16 02:11 17512 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2649898046-3333720630-675435879-1001_UserData.bin
- 2011-07-22 05:59 . 2011-07-22 01:53 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-07-22 05:59 . 2011-12-16 01:56 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-05-18 21:06 . 2011-12-12 14:32 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 21:06 . 2011-12-16 02:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 21:06 . 2011-12-12 14:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-18 21:06 . 2011-12-16 02:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-12 14:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-16 02:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-13 13:15 . 2011-12-13 13:15 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2011-12-13 13:15 . 2011-12-13 13:15 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2011-12-13 13:15 . 2011-12-13 13:15 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\fdc94ff5ebb5cde9a3b018109154cda3\WindowsLiveWriter.ni.exe
+ 2011-12-15 23:32 . 2011-12-15 23:32 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\920d8c143db5deaeafaaf220e1d2861f\WindowsLive.Writer.Api.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\17b4308b0e6d35c1230135ed25fffbfe\stdole.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5011901c735997d46243e3a90e8bd736\Microsoft.Vsa.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\3cb6023aa6ab962babcee9c0ec8991de\Microsoft.VisualC.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aac5bc888c15c2630ea22e517e4e19f8\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4ee55572f0f54a71e24fe3fec094968b\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\e6e4bd9a47848b93cd2dd8a688968741\ehiUserXp.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\94a173b39fa90956937b41c775ac66d7\dfsvc.ni.exe
+ 2011-12-15 23:31 . 2011-12-15 23:31 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
- 2011-12-12 15:20 . 2011-12-12 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-16 02:31 . 2011-12-16 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-16 02:31 . 2011-12-16 02:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-12 15:20 . 2011-12-12 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-12-16 02:26 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-20 22:07 . 2011-12-15 23:20 228240 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2011-12-16 02:30 318052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-12 15:19 318052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-12 02:31 . 2011-12-12 02:31 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 512368 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-06-30 17:30 . 2011-06-30 17:30 671744 c:\windows\Installer\20847f2.msi
+ 2011-12-14 00:54 . 2011-12-16 02:09 223744 c:\windows\assembly\temp\kwrd.dll
- 2011-12-12 14:32 . 2011-12-12 14:32 223744 c:\windows\assembly\temp\kwrd.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\df00a90a0ca189eb49b071dfd9530347\System.Security.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f2304201110addb8170997ff442e87fc\System.Numerics.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\f9b335b9f86afcae5a54949288010a0f\System.Dynamic.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\bbb1323c2a613d3f4e9cfce17e03ee70\System.Drawing.Design.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7f7d2aa985906327e256d05472bdeb3\System.Configuration.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\50925baa7781cd6b13b345750b78cac2\System.ComponentModel.Composition.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ea81a1bfc0d3e8840be37dffb83fc12e\PresentationFramework.Luna.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4498a63f9913a5d47d26de0da220fdc\PresentationFramework.Royale.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\debfd1ead83df514b9a663bf3601669f\PresentationFramework.Classic.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bc6292c4e40c4bf27d35ec5a8065893f\PresentationFramework.Aero.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\f00f9054e5c2a03c888d98c0c392a1dc\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f984bbcdaeb2ed0a3f16f48041f72f45\WindowsLive.Writer.Localization.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b804d163ec66054fe448a0e7a41bd1cb\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a523a5e19d1a53670ea72b3530547620\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a2fb4df08101d5b1ae54f23d8b450e77\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a16ede84bd294845a2babb16275e153c\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7de39b55c8092a90717890ce1b48550e\WindowsLive.Writer.Passport.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\797d44445b8807da77adc9f1abe6cdb1\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\73edfa349026ae56a0f8d5880bdd578d\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\594784567ca4b0ff7be29fb869a9c27d\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\337a858556e37fa49fd8673a7c1c79c1\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e4c0a33b10e13d1a3de810d46319922\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\177d55668c22e57e05161c34391f2f83\WindowsLive.Writer.Controls.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\171006899cd1e049a90a175b31ed7a3a\WindowsLive.Writer.Interop.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\16cdd251e4c1fa735bd276ee251fc8e9\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0bae64f344b03ed5945235dec5adb3b6\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\9fd528c13804c622628ad4652cefeec1\WindowsLive.Client.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\54aff110093134e12558e26c7a038eb7\System.Web.RegularExpressions.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 680448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 310784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\4ede0fecbdb3795efa9dca6b77c2031b\System.Messaging.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8a7d8a1bed270870c645ff47913f062a\System.IdentityModel.Selectors.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.Wrapper.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 628224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8aa064c925a6b6bc885c3bd5bb1f4149\System.Drawing.Design.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a5df8714e91f2e7d0f76081b6581d071\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\66a5094e521e34aecd51e4bae30ac266\System.Configuration.Install.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\6bc5509877a8e98672c09d8279aa93f0\MMCFxCommon.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\75da06cfbcab0c1e87d570e1f89e57a9\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 786432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3ba895a97f175c7b84165998badb814e\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\162342556ee7cad6282e99be346b8651\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\189ddbba16fb3c5b7f2250b3286ad0fa\Microsoft.ManagementConsole.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\547d1806b410977e2d3d5c05e5114d1a\Microsoft.Build.Utilities.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4153cdd9b2d16edd1bba53bea09614a2\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\88cf4cd59af3b638ca7b1e82fab428b5\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\86c1ebc6968927a4ec60d3f14f3fb44e\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\2d30f32b6ca585235fada8fb050f2be5\mcstoredb.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\88e8c62f1004f6f07e591df9723f57bd\EventViewer.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\0bde53bae85a8d27007dc0f7d418df41\ehRecObj.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\fbec5a519a2c5005d43b04b6386406b2\ehiVidCtl.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\832b98f0578e73e8693fea7067c3d2ab\ehiProxy.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\fa383760dc46e586ae40374129164b4e\ehiExtens.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c52cbd60b414e74e81e2d2445f36208a\ehExtHost32.ni.exe
+ 2011-12-15 23:32 . 2011-12-15 23:32 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ca2d56fdb2662c94353b2eba49d47725\ComSvcConfig.ni.exe
+ 2011-12-15 23:31 . 2011-12-15 23:31 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\91855551ad544c05d076b476f2e25002\BDATunePIA.ni.dll
- 2009-07-14 04:54 . 2011-12-12 15:13 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-16 02:26 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-12 12:47 . 2011-12-16 02:08 4231324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2649898046-3333720630-675435879-1001-12288.dat
- 2011-12-12 02:31 . 2011-12-12 02:31 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 1749880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
- 2011-12-12 02:31 . 2011-12-12 02:31 5145936 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 5145936 c:\windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-12-12 02:30 . 2011-12-12 02:30 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-13 13:15 . 2011-12-13 13:15 5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8d8cf1d60737d945a526fb11577d4b8a\WindowsBase.ni.dll
- 2011-12-12 02:32 . 2011-12-12 02:32 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll
+ 2011-12-15 17:30 . 2011-12-15 17:30 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\7abfd34ae39103ceccdfb8b262ed6a97\System.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\eb45dda4b68ae7f29995c3a3d909fbe7\System.Xml.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\526f0a9717cbd8a50d09a10b5ce81c0d\System.Drawing.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\adc8f2f7dff3233f2d72bcef8e58226a\System.Data.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\c25dda9b477a33f9f235292114bb535c\System.Data.SqlXml.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\8e0d083a7ad85b579d176e3594b5f3b8\System.Data.Linq.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\69b1f8a15cdfb26e30c8761fa4f96940\System.Core.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\32454400da56267e19961852345d7a62\Microsoft.CSharp.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ffc77032379d243975ec56989e4a998e\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e226cf5aeb7760713d6ed70df8156676\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3459f2c0bebca726130acf20e12d2e2\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 7963648 c:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 5453312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 2347008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1051136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 8872960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\aaffd889b1ac972c5faf72442e92e6f3\System.Management.Automation.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1117184 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f78fa584bb78607b65e8872d925a96af\System.DirectoryServices.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 6611456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 2508288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\7bfd55df5c38d128885251b92e392943\System.Data.SqlXml.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1171b168dc6db0132146d8e26ae00d22\System.Data.OracleClient.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 2297856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\140333c2f9f1e92323fc9f818c07b737\MIGUIControls.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a31ec9cb215741ea987630aa277ea658\Microsoft.Transactions.Bridge.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\88b4d41e45ea4e4bcebdb5815f9e3c24\Microsoft.PowerShell.Editor.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\47b0ffd2f6b8efcfa4289f0b28bcd4cb\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b11b4fa45813bd841c1af80f9ab8352c\Microsoft.MediaCenter.UI.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\94bcff06d28b48be47c7776cec72bbb1\Microsoft.MediaCenter.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 2335744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a2c9438aa64633f2dc8ef0cf069b57c5\Microsoft.JScript.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\d8c9bc51701795a194e6695a137241e4\Microsoft.Ink.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\b6942de187e833d0ec47d9267270ae2b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1e563d8dfdd4017cdc06ed6e845ff9c7\Microsoft.Build.Tasks.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\84a01599d405e5f2de5eac2da2f13424\Microsoft.Build.Engine.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\a2e0652abfd57dcacef112f2b0beecaf\mcstore.ni.dll
+ 2011-12-15 23:33 . 2011-12-15 23:33 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\67cb5c00eb2555fb2972fe924e592cce\mcepg.ni.dll
- 2009-07-14 04:54 . 2011-12-12 15:13 11010048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-16 02:26 11010048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-19 06:04 . 2011-12-16 01:43 10504752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-11-19 06:04 . 2011-12-12 15:19 10504752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-05-19 04:06 . 2011-05-19 04:06 38672896 c:\windows\Installer\40013.msp
+ 2011-05-19 04:06 . 2011-05-19 04:06 38672896 c:\windows\Installer\40012.msp
- 2011-12-12 14:20 . 2011-12-12 14:20 11722240 c:\windows\assembly\NativeImages_v4.0.30319_64\System\6f3dc4a7cabf8dae89e5f1b76b67e302\System.ni.dll
+ 2011-12-15 17:33 . 2011-12-15 17:33 11722240 c:\windows\assembly\NativeImages_v4.0.30319_64\System\6f3dc4a7cabf8dae89e5f1b76b67e302\System.ni.dll
- 2011-12-12 14:20 . 2011-12-12 14:20 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\727e93705df0ad4eaf442a36e3301e96\mscorlib.ni.dll
+ 2011-12-15 17:33 . 2011-12-15 17:33 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\727e93705df0ad4eaf442a36e3301e96\mscorlib.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll
- 2011-12-12 14:20 . 2011-12-12 14:20 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\85b61e27d3c08c0c8ff19deb75912e1d\System.Windows.Forms.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\b8c5c2ff7dc41edf9d0c45f8cd7830f2\System.Design.ni.dll
+ 2011-12-15 17:32 . 2011-12-15 17:32 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\b8c5c2ff7dc41edf9d0c45f8cd7830f2\System.Design.ni.dll
- 2011-12-12 14:19 . 2011-12-12 14:19 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f1e3e74b135fcd61fa30090a2c2596a6\PresentationFramework.ni.dll
+ 2011-12-15 17:31 . 2011-12-15 17:31 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll
- 2011-12-12 14:18 . 2011-12-12 14:18 11058176 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3fe193ac81b9eafd76aafeec99bdbf6a\PresentationCore.ni.dll
- 2011-12-12 02:32 . 2011-12-12 02:32 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll
+ 2011-12-15 17:30 . 2011-12-15 17:30 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\eb4e1e70734f6efb9c7de7ec5f452c9e\mscorlib.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 11819520 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
+ 2011-12-15 23:32 . 2011-12-15 23:32 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\140798ae061bae9c9110c07d018b66fd\System.Design.ni.dll
+ 2011-12-15 23:31 . 2011-12-15 23:31 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\75f8b.msp
+ 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\75f8a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
c:\users\Ante Koscica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Ante Koscica\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-8-16 1449696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]
2011-11-29 22:47 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 etdphrkf;etdphrkf;c:\windows\system32\drivers\etdphrkf.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\KarosOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wolf;wolf;c:\game\SoftnyxGame\WolfTeamIS\wolf64.sys [2011-12-03 40056]
R3 X6va002;X6va002;c:\users\ANTEKO~1\AppData\Local\Temp\002F8D1.tmp [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-03-17 866336]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-03-08 250368]
R4 ODDPwrSvc;Acer ODD Power Service;c:\program files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc6f79872145ec.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 01:59]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 01:59]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001Core.job
- c:\users\Ante Koscica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 00:23]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2649898046-3333720630-675435879-1001UA.job
- c:\users\Ante Koscica\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 00:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF25712.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?clid=161107
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=id49c&r=273605115625l0434z165a4622d261
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{7A4F623B-9285-4B7D-B04B-6902F83E0D05}: NameServer = 208.67.222.222
TCP: Interfaces\{E87118A4-5ACA-4C3D-99FD-08A79A3CA1C1}: NameServer = 208.67.220.220
FF - ProfilePath - c:\users\Ante Koscica\AppData\Roaming\Mozilla\Firefox\Profiles\te0wne8n.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z164&install_date=20110805
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20110805&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va002]
"ImagePath"="\??\c:\users\ANTEKO~1\AppData\Local\Temp\002F8D1.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,53,29,03,19,b2,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-12-15 21:40:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 02:40
ComboFix2.txt 2011-12-12 15:30
.
Pre-Run: 179,906,469,888 bytes free
Post-Run: 180,506,480,640 bytes free
.
- - End Of File - - FE65735DA365476B9CEA10E63D113C25
  • 0

#14
RKinner
Posted 16 December 2011 - 02:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\etdphrkf.sys
c:\users\ANTEKO~1\AppData\Local\Temp\002F8D1.tmp

Driver::
etdphrkf
X6va002

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

Registry::
[-HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[-HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#15
Garlet01
Posted 16 December 2011 - 04:09 PM

Garlet01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
i shall do but first malwarebyte report

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8381

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/16/2011 4:57:56 PM
mbam-log-2011-12-16 (16-57-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 598152
Time elapsed: 2 hour(s), 13 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ante Koscica\AppData\Local\usr.exe" -a "firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ante Koscica\AppData\Local\usr.exe" -a "firefox.exe") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ante Koscica\AppData\Local\usr.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Users\ante koscica\AppData\Local\gre.exe.vir (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\ante koscica\AppData\Local\usr.exe.vir (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\ante koscica\AppData\Roaming\acroiehelpe.dll.vir (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\System32\7XMWv.com (Trojan.Email) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\7XMWv.com (Trojan.Email) -> Quarantined and deleted successfully.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP