i cant install or download any anti virus
Started by
Virus killer needed
, Dec 25 2011 02:25 PM
#1
Posted 25 December 2011 - 02:25 PM
#2
Posted 25 December 2011 - 06:33 PM
ok i read the instructions here whats going on the computer was crashing showing blue screen then after a while it stop and show the blue screen for a sec and restarts then i try to download bitdefener manager but it would not download so i try to just download the setup but when i try to setup it crashes the computer instantly. So i went and download Malwarebytes' Anti-Malware it cant update but it install and i ran a scan it foudn a couple viruses but the main virus is still there becasue when i try to update it still wont work, i uninstall it and try install bitdefender but no luck blue screen
OTL logfile created on: 25/12/2011 6:55:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1014.07 Mb Total Physical Memory | 96.00 Mb Available Physical Memory | 9.47% Memory free
2.39 Gb Paging File | 1.27 Gb Available in Paging File | 53.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.69 Gb Free Space | 25.09% Space Free | Partition Type: NTFS
Computer Name: LastXP20 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/25 18:53:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/12/04 12:07:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
PRC - [2011/06/13 18:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/15 17:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files\CrossriderWebApps\Crossrider.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/27 04:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/05 04:00:00 | 001,572,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/13 18:16:54 | 003,316,000 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_b427739.dll
MOD - [2011/12/04 12:07:43 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/18 09:57:43 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/30 22:57:34 | 003,572,224 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
MOD - [2011/06/13 18:52:21 | 000,329,272 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\ppgooglenaclpluginchrome.dll
MOD - [2011/06/13 18:52:20 | 003,649,592 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\pdf.dll
MOD - [2011/06/13 18:51:14 | 000,294,456 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\Locales\en-US.dll
MOD - [2011/06/13 18:50:47 | 000,104,520 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avutil-50.dll
MOD - [2011/06/13 18:50:45 | 000,203,848 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avformat-52.dll
MOD - [2011/06/13 18:50:43 | 001,846,344 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avcodec-52.dll
MOD - [2011/06/13 16:18:55 | 006,333,088 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\gcswf32.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/05 04:00:00 | 001,532,416 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/05/05 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/05/05 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/01 23:15:38 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/05/01 23:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2007/10/17 05:32:24 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\FolderSize.dll
MOD - [2007/03/30 13:30:46 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\FileExtToggle.dll
MOD - [2007/03/30 13:27:44 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dll
MOD - [2007/03/30 13:20:28 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\BrowserBack.dll
MOD - [2007/03/30 13:14:18 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\SelectAll.dll
MOD - [2004/12/10 06:51:50 | 000,061,952 | ---- | M] () -- C:\Program Files\Ares\MP3Source.ax
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/13 18:16:54 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe -- (MBAMService)
SRV - [2011/03/08 13:04:00 | 004,089,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Unknown | Running] -- -- (SCDEmu)
DRV - [2011/12/25 11:45:15 | 000,064,000 | ---- | M] (CurioLab S.M.B.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\extit.sys -- (ExterminateIt)
DRV - [2011/12/21 00:18:21 | 000,636,744 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Common Files\Microsoft Shared\Triedit\{8EF3C372-2A65-45b5-B423-F87E1054A832}.sys -- ({8EF3C372-2A65-45b5-B423-F87E1054A832})
DRV - [2011/12/01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NBVol.sys -- (NBVol)
DRV - [2011/12/01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NBVolUp.sys -- (NBVolUp)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/19 00:45:00 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/14 23:54:27 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/14 23:54:26 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/23 01:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2009/12/25 11:50:54 | 000,009,984 | ---- | M] (ZD Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scncap.sys -- (scncap)
DRV - [2007/12/14 12:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.tangotoolbar.net/ [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co...rket={Language}
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/se...fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.jm/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.72.17
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.9
FF - prefs.js..keyword.URL: "http://www.google.co...ch?hl=en-GB&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Users\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/06/20 14:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\All Users\Application Data\CodecCheck\firefox [2011/07/13 17:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 12:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 11:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 12:07:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/06/17 18:19:05 | 000,000,000 | ---D | M]
[2011/07/19 11:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Extensions
[2011/12/20 15:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\bsd7htq7.default\extensions
[2011/09/27 18:19:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\bsd7htq7.default\extensions\[email protected]
[2011/12/04 12:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSD7HTQ7.DEFAULT\EXTENSIONS\[email protected]
[2011/12/04 12:07:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/19 10:40:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/14 14:35:58 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/04 12:07:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/04 12:07:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.1_0\lib/npdapchrome.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Premiumplay Codec-C = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2011/12/25 13:02:32 | 000,439,740 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15122 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll (Wi2Geo)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {121AC508-44AF-45CF-A4E9-DDA8619A4C73} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Zemi Interactive\4Story_US\PrePatch.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Steam] C:\Windows\Steam.exe File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Users\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/02 08:34:35 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Share Your Mood - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\MinibarButton.dll (TODO: <Company name>)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{811951D2-CA06-4836-A40B-9E0CC359FAFA}: DhcpNameServer = 65.183.0.76 65.183.0.86
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/17 06:09:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell - "" = AutoRun
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3249cfa0-9938-11e0-8489-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{3249cfa0-9938-11e0-8489-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{52fc76f0-98d8-11e0-8488-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{52fc76f0-98d8-11e0-8488-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{91a037c3-ccc3-11e0-930b-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{91a037c3-ccc3-11e0-930b-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{938d73c0-fcd1-11e0-a40d-001320c4963c}\Shell\AutoRun\command - "" = I:\A1\V1\try.exe
O33 - MountPoints2\{938d73c0-fcd1-11e0-a40d-001320c4963c}\Shell\open\command - "" = I:\A1\V1\try.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/25 18:53:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/25 16:35:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2011/12/25 16:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2
[2011/12/25 14:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/25 14:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/12/25 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Malwarebytes
[2011/12/25 12:59:31 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Malwarebytes
[2011/12/25 11:45:15 | 000,064,000 | ---- | C] (CurioLab S.M.B.A.) -- C:\WINDOWS\System32\drivers\extit.sys
[2011/12/24 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Spybot - Search & Destroy
[2011/12/24 21:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/12/24 20:43:12 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2011/12/24 20:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/12/24 17:13:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\Soul Reaver 2
[2011/12/23 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\ImgBurn
[2011/12/23 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\dvd
[2011/12/23 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\ImgBurn
[2011/12/23 14:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/23 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\DVD Flick
[2011/12/23 14:22:49 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\DVD Flick
[2011/12/23 14:22:43 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2011/12/23 14:22:43 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2011/12/23 14:22:43 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2011/12/23 14:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2011/12/21 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\GetRight
[2011/12/21 00:31:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\GetRight
[2011/12/19 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\TMNT
[2011/12/19 15:03:50 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Ubisoft
[2011/12/19 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/12/18 19:43:50 | 000,000,000 | ---D | C] -- C:\dell
[2011/12/18 13:34:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\JustCause
[2011/12/17 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\KAPITALSIN
[2011/12/17 21:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\KAPITALSIN
[2011/12/16 23:59:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/16 23:30:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/16 22:27:15 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2011/12/16 21:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\GnuWin32
[2011/12/16 21:04:27 | 000,000,000 | RH-D | C] -- C:\Users\Administrator\Recent
[2011/12/16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\gag4.10
[2011/12/16 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/15 21:00:54 | 000,000,000 | ---D | C] -- C:\SAVE
[2011/12/15 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\My Shared Folder
[2011/12/15 16:29:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/12/15 14:52:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\Devastation
[2011/12/15 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Exterminate It!
[2011/12/15 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2011/12/15 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Curiolab
[2011/12/15 10:08:13 | 000,000,000 | ---D | C] -- C:\Users\All Users\Uniblue
[2011/12/14 21:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Digitalo Studios
[2011/12/14 21:49:52 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Devastation
[2011/12/14 21:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2011/12/14 16:35:12 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Sierra
[2011/12/14 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/12/14 15:55:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Start Menu\Programs\Sierra
[2011/12/14 15:55:13 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/12/14 14:35:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Babylon
[2011/12/14 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Babylon
[2011/12/14 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Babylon
[2011/12/14 00:54:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Copy of econ
[2011/12/13 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\econ
[2011/12/12 21:28:35 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\MW2Bot
[2011/12/12 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\MW2Bot
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Quick Screen Capture
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Screen Capture
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\MyCaptures
[2011/11/30 20:57:34 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\CamStudio
[2011/11/30 20:57:32 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2011/11/27 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\SourceTec
[2011/11/27 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2011/07/13 17:36:42 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.RocketDivision.StarBurnX.dll
[2011/07/13 17:36:42 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.VIDEOEDITLib.dll
[2011/07/13 17:36:42 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.dvdauthorLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/25 19:04:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
[2011/12/25 18:53:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/25 18:50:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
[2011/12/25 18:13:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 16:42:38 | 000,004,029 | ---- | M] () -- C:\Users\Administrator\Desktop\Attach.zip
[2011/12/25 16:35:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2011/12/25 15:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 15:28:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/25 13:13:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 13:02:40 | 000,002,964 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/25 13:02:32 | 000,439,740 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/25 11:45:15 | 000,064,000 | ---- | M] (CurioLab S.M.B.A.) -- C:\WINDOWS\System32\drivers\extit.sys
[2011/12/25 09:25:59 | 000,000,375 | RHS- | M] () -- C:\boot.ini
[2011/12/24 22:04:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/24 21:54:33 | 000,015,698 | ---- | M] () -- C:\Users\All Users\Application Data\bdinstall.bin
[2011/12/24 21:54:22 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/24 21:53:43 | 000,100,208 | ---- | M] () -- C:\Users\All Users\Application Data\1324781602.bdinstall.bin
[2011/12/24 21:50:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/24 20:27:27 | 000,000,330 | ---- | M] () -- C:\WINDOWS\sierra.ini
[2011/12/23 14:23:04 | 000,001,546 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/23 14:23:04 | 000,001,528 | ---- | M] () -- C:\Users\All Users\Desktop\ImgBurn.lnk
[2011/12/23 14:22:49 | 000,001,577 | ---- | M] () -- C:\Users\Administrator\Desktop\DVD Flick.lnk
[2011/12/22 15:43:45 | 000,032,768 | ---- | M] () -- C:\t1l8.30
[2011/12/22 13:01:45 | 000,000,531 | ---- | M] () -- C:\Users\Administrator\Desktop\Trevor Off-Key - Do Jamaica [wegotitfirst.com].mp3.lnk
[2011/12/22 12:51:26 | 000,001,476 | ---- | M] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2011/12/22 12:50:37 | 000,000,777 | ---- | M] () -- C:\Users\All Users\Desktop\DivX Plus Player.lnk
[2011/12/19 15:05:13 | 000,001,594 | ---- | M] () -- C:\Users\All Users\Desktop\TMNT.lnk
[2011/12/18 18:44:49 | 000,020,480 | ---- | M] () -- C:\t2dk.1g
[2011/12/18 15:14:44 | 003,145,856 | ---- | M] () -- C:\fb_0.dds
[2011/12/18 15:14:44 | 003,145,784 | ---- | M] () -- C:\fb_0.bmp
[2011/12/18 15:02:39 | 003,145,856 | ---- | M] () -- C:\fb_1.dds
[2011/12/18 15:02:39 | 003,145,784 | ---- | M] () -- C:\fb_1.bmp
[2011/12/17 21:52:50 | 000,001,533 | ---- | M] () -- C:\Users\Administrator\Desktop\Play to Just Cause.lnk
[2011/12/17 02:45:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/17 02:45:44 | 000,000,375 | -H-- | M] () -- C:\Boot.BAK
[2011/12/16 23:30:22 | 000,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/12/16 23:22:20 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/12/16 21:01:24 | 119,416,832 | ---- | M] () -- C:\Users\Administrator\Desktop\gparted-live-0.11.0-2.iso
[2011/12/15 20:51:12 | 000,001,474 | ---- | M] () -- C:\Users\Administrator\Desktop\Opposing Force.LNK
[2011/12/15 12:37:16 | 000,000,756 | ---- | M] () -- C:\Users\All Users\Desktop\Exterminate It!.lnk
[2011/12/14 21:49:54 | 000,001,707 | ---- | M] () -- C:\Users\All Users\Desktop\Play Devastation.lnk
[2011/12/14 17:11:37 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/14 17:11:37 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/14 17:11:36 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/14 16:35:17 | 000,001,431 | ---- | M] () -- C:\Users\Administrator\Desktop\Gunman Chronicles.lnk
[2011/12/14 15:55:58 | 000,001,461 | ---- | M] () -- C:\Users\Administrator\Desktop\Blue Shift.LNK
[2011/12/14 14:36:03 | 000,000,237 | ---- | M] () -- C:\user.js
[2011/12/14 00:57:12 | 000,711,487 | ---- | M] () -- C:\Users\Administrator\Desktop\econ.zip
[2011/12/14 00:54:52 | 000,444,333 | ---- | M] () -- C:\Users\Administrator\Desktop\econ.rar
[2011/12/12 21:28:35 | 000,000,672 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MW2Bot.lnk
[2011/12/09 19:58:38 | 001,440,948 | ---- | M] () -- C:\hello.bmp
[2011/12/07 19:56:45 | 000,000,643 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/12/07 19:56:45 | 000,000,618 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/12/06 22:30:55 | 001,529,021 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_1325.jpg
[2011/12/06 16:36:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 22:45:11 | 000,029,328 | ---- | M] () -- C:\Users\Administrator\Desktop\320292_10150272727624822_560429821_7831725_6693137_n.jpg
[2011/12/05 06:39:05 | 000,496,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 06:39:05 | 000,084,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/04 01:46:11 | 000,001,816 | ---- | M] () -- C:\WINDOWS\TSearch.INI
[2011/12/04 01:46:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\HexEditor_FindList.hed
[2011/11/30 21:02:43 | 000,000,683 | ---- | M] () -- C:\Users\Administrator\Desktop\Quick Screen Capture.lnk
[2011/11/27 22:33:42 | 000,000,023 | ---- | M] () -- C:\WINDOWS\SWFDecompiler.INI
[2011/11/27 22:33:28 | 000,000,839 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/25 16:42:38 | 000,004,029 | ---- | C] () -- C:\Users\Administrator\Desktop\Attach.zip
[2011/12/25 16:40:19 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe
[2011/12/25 12:59:30 | 000,002,964 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/24 21:54:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/24 21:53:43 | 000,100,208 | ---- | C] () -- C:\Users\All Users\Application Data\1324781602.bdinstall.bin
[2011/12/24 20:43:07 | 000,015,698 | ---- | C] () -- C:\Users\All Users\Application Data\bdinstall.bin
[2011/12/23 14:23:04 | 000,001,546 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/23 14:23:04 | 000,001,528 | ---- | C] () -- C:\Users\All Users\Desktop\ImgBurn.lnk
[2011/12/23 14:22:49 | 000,001,577 | ---- | C] () -- C:\Users\Administrator\Desktop\DVD Flick.lnk
[2011/12/22 15:43:45 | 000,032,768 | ---- | C] () -- C:\t1l8.30
[2011/12/22 13:01:45 | 000,000,531 | ---- | C] () -- C:\Users\Administrator\Desktop\Trevor Off-Key - Do Jamaica [wegotitfirst.com].mp3.lnk
[2011/12/22 12:50:37 | 000,000,777 | ---- | C] () -- C:\Users\All Users\Desktop\DivX Plus Player.lnk
[2011/12/19 15:05:13 | 000,001,594 | ---- | C] () -- C:\Users\All Users\Desktop\TMNT.lnk
[2011/12/18 18:44:49 | 000,020,480 | ---- | C] () -- C:\t2dk.1g
[2011/12/18 15:02:39 | 003,145,856 | ---- | C] () -- C:\fb_1.dds
[2011/12/18 15:02:39 | 003,145,784 | ---- | C] () -- C:\fb_1.bmp
[2011/12/18 13:36:31 | 003,145,856 | ---- | C] () -- C:\fb_0.dds
[2011/12/18 13:36:31 | 003,145,784 | ---- | C] () -- C:\fb_0.bmp
[2011/12/17 21:52:50 | 000,001,533 | ---- | C] () -- C:\Users\Administrator\Desktop\Play to Just Cause.lnk
[2011/12/16 23:30:06 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/12/16 23:30:06 | 000,000,375 | -H-- | C] () -- C:\Boot.BAK
[2011/12/16 23:30:02 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/12/16 21:05:08 | 119,416,832 | ---- | C] () -- C:\Users\Administrator\Desktop\gparted-live-0.11.0-2.iso
[2011/12/16 20:10:45 | 000,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/12/16 20:10:45 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/12/15 20:51:12 | 000,001,474 | ---- | C] () -- C:\Users\Administrator\Desktop\Opposing Force.LNK
[2011/12/15 19:35:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2011/12/15 10:34:32 | 000,000,756 | ---- | C] () -- C:\Users\All Users\Desktop\Exterminate It!.lnk
[2011/12/14 21:49:54 | 000,001,707 | ---- | C] () -- C:\Users\All Users\Desktop\Play Devastation.lnk
[2011/12/14 17:11:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/14 17:11:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/14 17:11:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/14 16:35:17 | 000,001,431 | ---- | C] () -- C:\Users\Administrator\Desktop\Gunman Chronicles.lnk
[2011/12/14 16:35:17 | 000,000,330 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2011/12/14 15:55:58 | 000,001,461 | ---- | C] () -- C:\Users\Administrator\Desktop\Blue Shift.LNK
[2011/12/14 15:21:16 | 941,293,568 | ---- | C] () -- C:\Users\Administrator\Desktop\[PSP] Midnight Club - LA Remix (EUR) [PyTon].iso
[2011/12/14 14:36:02 | 000,000,237 | ---- | C] () -- C:\user.js
[2011/12/14 00:57:12 | 000,711,487 | ---- | C] () -- C:\Users\Administrator\Desktop\econ.zip
[2011/12/14 00:54:25 | 000,444,333 | ---- | C] () -- C:\Users\Administrator\Desktop\econ.rar
[2011/12/12 21:28:35 | 000,000,672 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MW2Bot.lnk
[2011/12/09 19:58:38 | 001,440,948 | ---- | C] () -- C:\hello.bmp
[2011/12/09 16:06:50 | 012,582,912 | ---- | C] () -- C:\Users\Administrator\Desktop\GoldenEye 007.z64
[2011/12/06 22:30:30 | 001,529,021 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_1325.jpg
[2011/12/05 22:45:20 | 000,029,328 | ---- | C] () -- C:\Users\Administrator\Desktop\320292_10150272727624822_560429821_7831725_6693137_n.jpg
[2011/12/04 12:07:52 | 000,000,730 | ---- | C] () -- C:\Users\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/04 01:08:58 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2011/11/30 21:02:43 | 000,000,683 | ---- | C] () -- C:\Users\Administrator\Desktop\Quick Screen Capture.lnk
[2011/11/27 22:33:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2011/11/27 22:33:28 | 000,000,839 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2011/11/13 23:42:29 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/11/13 23:42:29 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/11/13 23:42:29 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/11/04 19:51:58 | 000,000,348 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2011/11/04 19:30:45 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/03 19:10:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/09/25 19:43:47 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/09/25 19:43:46 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\Application Data\PnkBstrK.sys
[2011/09/25 19:43:26 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/09/25 19:43:23 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/07/21 17:52:39 | 000,000,008 | ---- | C] () -- C:\Users\Administrator\Local Settings\Application Data\.mpid
[2011/07/15 19:25:09 | 000,000,271 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/07/15 00:35:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011/07/14 23:54:27 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/07/14 23:54:26 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/07/13 17:39:38 | 000,016,384 | ---- | C] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 17:36:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.VIDEOEDITLib.dll
[2011/07/13 17:36:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.dvdauthorLib.dll
[2011/07/13 17:28:50 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\vid_conv2.dll
[2011/07/13 17:28:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\vid_core2.dll
[2011/07/13 17:28:48 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/07/13 17:28:48 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/07/13 17:28:48 | 000,731,136 | ---- | C] () -- C:\WINDOWS\System32\vid_format2.dll
[2011/07/13 17:28:48 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/07/13 17:28:48 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/07/13 17:28:48 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/07/13 17:28:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/07/13 17:28:48 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/07/13 17:28:48 | 000,069,560 | ---- | C] () -- C:\WINDOWS\System32\vid_multi2.dll
[2011/07/13 17:28:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/07/13 17:28:48 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2011/06/30 21:46:35 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WPE PRO - modified.INI
[2011/06/18 10:42:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/06/18 09:16:05 | 000,544,480 | ---- | C] () -- C:\Users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/17 15:53:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/17 15:41:53 | 000,014,281 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2011/06/17 15:41:53 | 000,000,143 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/06/17 15:41:52 | 000,013,339 | ---- | C] () -- C:\WINDOWS\System32\WAIT.EXE
[2011/06/17 15:41:51 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2011/06/17 15:41:39 | 000,000,794 | ---- | C] () -- C:\WINDOWS\Removes.ini
[2011/06/17 15:41:22 | 000,477,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/17 07:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/17 06:41:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2011/06/17 06:41:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\ppAppDrive.ini
[2011/06/17 06:35:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\renuser.exe
[2011/06/17 06:29:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/17 06:29:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/06/17 06:29:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/17 06:26:58 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ThumbView_Lite.dll
[2011/06/17 06:26:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\tbhookin.dll
[2011/06/17 06:26:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ts_settings.ini
[2011/06/17 06:26:40 | 001,152,165 | ---- | C] () -- C:\WINDOWS\System32\HFExtract.exe
[2011/06/17 06:26:40 | 000,708,272 | ---- | C] () -- C:\WINDOWS\System32\Universal Silent Switch Finder.exe
[2011/06/17 06:26:40 | 000,699,508 | ---- | C] () -- C:\WINDOWS\System32\UpxGui.exe
[2011/06/17 06:26:40 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PCalc.exe
[2011/06/17 06:26:40 | 000,210,432 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.exe
[2011/06/17 06:26:40 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2011/06/17 06:26:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\metapath.exe
[2011/06/17 06:26:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Cabarc.exe
[2011/06/17 06:26:40 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2011/06/17 06:26:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\WallChan.exe
[2011/06/17 06:26:40 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\Cabtool.exe
[2011/06/17 06:26:40 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2011/06/17 06:26:40 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\WC.com
[2011/06/17 06:26:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2011/06/17 06:26:12 | 000,494,557 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011/06/17 06:26:12 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011/06/17 06:26:11 | 000,566,624 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2011/06/17 06:26:11 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10.dll
[2011/06/17 06:25:54 | 000,000,006 | ---- | C] () -- C:\WINDOWS\SetupSMenu.ini
[2011/06/17 06:25:54 | 000,000,006 | ---- | C] () -- C:\WINDOWS\LastXPSetupSMenu.ini
[2011/06/17 06:20:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 06:05:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/17 06:04:38 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008/05/05 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/05/05 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/05/05 04:00:00 | 000,496,706 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/05/05 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/05/05 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/05/05 04:00:00 | 000,084,616 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/05/05 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/05/05 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/05/05 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/05/05 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/05/05 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/05 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
========== LOP Check ==========
[2011/12/14 14:35:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Babylon
[2011/12/23 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\BitTorrent
[2011/11/13 23:43:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\CheckPoint
[2011/11/08 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\com.essexreddevelopment.mergepdfmac
[2011/12/15 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Curiolab
[2011/07/19 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\DAEMON Tools Pro
[2011/06/18 00:42:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Garena
[2011/07/02 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Gearbox Software
[2011/12/23 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\GetRight
[2011/09/11 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\GetRightToGo
[2011/12/25 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\ImgBurn
[2011/07/23 01:15:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\IObit
[2011/11/14 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\MailFrontier
[2011/07/21 01:18:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Minibar
[2011/08/17 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\NPLUTO Corporation
[2011/11/05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Opera
[2011/11/27 01:36:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\PriceGong
[2011/08/23 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Research In Motion
[2011/07/21 00:51:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Rovio
[2011/09/25 18:52:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\SickBrick
[2011/12/20 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\TMNT
[2011/07/14 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Unity
[2011/06/17 06:30:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\uTorrent
[2011/11/06 00:21:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\WebcamMax
[2011/08/22 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\2CBB
[2011/12/14 14:35:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Babylon
[2011/11/13 23:39:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\CheckPoint
[2011/07/13 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\CodecCheck
[2011/07/19 00:44:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\DAEMON Tools Pro
[2011/08/10 19:23:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\GarenaMessenger
[2011/12/23 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\GetRight
[2011/12/14 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\InstallMate
[2011/07/22 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\IObit
[2011/11/14 00:16:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Kaspersky SDK
[2011/08/15 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Nexon
[2011/12/15 10:21:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\NexonUS
[2011/11/19 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PMB Files
[2011/07/13 16:42:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Premium
[2011/11/06 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PSPVC
[2011/08/02 01:50:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Research In Motion
[2011/06/17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\SpeedBit
[2011/11/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\TEMP
[2011/11/13 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\WinZip
[2011/11/02 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\WinZipEC
[2011/09/24 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\YouTube Downloader
[2011/07/13 14:23:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2011/07/23 12:33:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/12/24 21:50:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/25 18:50:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 198 bytes -> C:\Users\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Application Data\TEMP:2B11E0DF
< End of report >
OTL logfile created on: 25/12/2011 6:55:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1014.07 Mb Total Physical Memory | 96.00 Mb Available Physical Memory | 9.47% Memory free
2.39 Gb Paging File | 1.27 Gb Available in Paging File | 53.21% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.69 Gb Free Space | 25.09% Space Free | Partition Type: NTFS
Computer Name: LastXP20 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/25 18:53:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/12/04 12:07:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
PRC - [2011/06/13 18:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/05/15 17:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files\CrossriderWebApps\Crossrider.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/27 04:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/05 04:00:00 | 001,572,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/13 18:16:54 | 003,316,000 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_b427739.dll
MOD - [2011/12/04 12:07:43 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/18 09:57:43 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/30 22:57:34 | 003,572,224 | ---- | M] () -- C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.exe
MOD - [2011/06/13 18:52:21 | 000,329,272 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\ppgooglenaclpluginchrome.dll
MOD - [2011/06/13 18:52:20 | 003,649,592 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\pdf.dll
MOD - [2011/06/13 18:51:14 | 000,294,456 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\Locales\en-US.dll
MOD - [2011/06/13 18:50:47 | 000,104,520 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avutil-50.dll
MOD - [2011/06/13 18:50:45 | 000,203,848 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avformat-52.dll
MOD - [2011/06/13 18:50:43 | 001,846,344 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\avcodec-52.dll
MOD - [2011/06/13 16:18:55 | 006,333,088 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\gcswf32.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/05 04:00:00 | 001,532,416 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/05/05 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/05/05 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/05/01 23:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/01 23:15:38 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/05/01 23:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2007/10/17 05:32:24 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\FolderSize.dll
MOD - [2007/03/30 13:30:46 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\FileExtToggle.dll
MOD - [2007/03/30 13:27:44 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dll
MOD - [2007/03/30 13:20:28 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\BrowserBack.dll
MOD - [2007/03/30 13:14:18 | 000,122,880 | ---- | M] () -- C:\WINDOWS\system32\ShellExt\SelectAll.dll
MOD - [2004/12/10 06:51:50 | 000,061,952 | ---- | M] () -- C:\Program Files\Ares\MP3Source.ax
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/13 18:16:54 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware2\mbamservice.exe -- (MBAMService)
SRV - [2011/03/08 13:04:00 | 004,089,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Unknown | Running] -- -- (SCDEmu)
DRV - [2011/12/25 11:45:15 | 000,064,000 | ---- | M] (CurioLab S.M.B.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\extit.sys -- (ExterminateIt)
DRV - [2011/12/21 00:18:21 | 000,636,744 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Common Files\Microsoft Shared\Triedit\{8EF3C372-2A65-45b5-B423-F87E1054A832}.sys -- ({8EF3C372-2A65-45b5-B423-F87E1054A832})
DRV - [2011/12/01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NBVol.sys -- (NBVol)
DRV - [2011/12/01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\NBVolUp.sys -- (NBVolUp)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/19 00:45:00 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/07/14 23:54:27 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/14 23:54:26 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/23 01:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2009/12/25 11:50:54 | 000,009,984 | ---- | M] (ZD Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scncap.sys -- (scncap)
DRV - [2007/12/14 12:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.tangotoolbar.net/ [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co...rket={Language}
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/se...fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.jm/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.72.17
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.9
FF - prefs.js..keyword.URL: "http://www.google.co...ch?hl=en-GB&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Users\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/06/20 14:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\All Users\Application Data\CodecCheck\firefox [2011/07/13 17:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 12:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 11:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 12:07:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/06/17 18:19:05 | 000,000,000 | ---D | M]
[2011/07/19 11:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Extensions
[2011/12/20 15:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\bsd7htq7.default\extensions
[2011/09/27 18:19:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\bsd7htq7.default\extensions\[email protected]
[2011/12/04 12:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BSD7HTQ7.DEFAULT\EXTENSIONS\[email protected]
[2011/12/04 12:07:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/19 10:40:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/14 14:35:58 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/04 12:07:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/04 12:07:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.1_0\lib/npdapchrome.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Premiumplay Codec-C = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2011/12/25 13:02:32 | 000,439,740 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15122 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll (Wi2Geo)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {121AC508-44AF-45CF-A4E9-DDA8619A4C73} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Zemi Interactive\4Story_US\PrePatch.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Steam] C:\Windows\Steam.exe File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Users\Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/02 08:34:35 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Share Your Mood - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\MinibarButton.dll (TODO: <Company name>)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.183.0.76 65.183.0.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{811951D2-CA06-4836-A40B-9E0CC359FAFA}: DhcpNameServer = 65.183.0.76 65.183.0.86
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/17 06:09:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell - "" = AutoRun
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24d91dc0-f395-11e0-abc2-001320c4963c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3249cfa0-9938-11e0-8489-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{3249cfa0-9938-11e0-8489-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{52fc76f0-98d8-11e0-8488-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{52fc76f0-98d8-11e0-8488-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{91a037c3-ccc3-11e0-930b-001320c4963c}\Shell\AutoRun\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{91a037c3-ccc3-11e0-930b-001320c4963c}\Shell\open\command - "" = H:\A1\V1\try.exe
O33 - MountPoints2\{938d73c0-fcd1-11e0-a40d-001320c4963c}\Shell\AutoRun\command - "" = I:\A1\V1\try.exe
O33 - MountPoints2\{938d73c0-fcd1-11e0-a40d-001320c4963c}\Shell\open\command - "" = I:\A1\V1\try.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/25 18:53:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/25 16:35:39 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2011/12/25 16:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2
[2011/12/25 14:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/25 14:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/12/25 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Malwarebytes
[2011/12/25 12:59:31 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Malwarebytes
[2011/12/25 11:45:15 | 000,064,000 | ---- | C] (CurioLab S.M.B.A.) -- C:\WINDOWS\System32\drivers\extit.sys
[2011/12/24 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Spybot - Search & Destroy
[2011/12/24 21:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011/12/24 20:43:12 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2011/12/24 20:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2011/12/24 17:13:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\Soul Reaver 2
[2011/12/23 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\ImgBurn
[2011/12/23 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\dvd
[2011/12/23 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\ImgBurn
[2011/12/23 14:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/23 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\DVD Flick
[2011/12/23 14:22:49 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\DVD Flick
[2011/12/23 14:22:43 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2011/12/23 14:22:43 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2011/12/23 14:22:43 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2011/12/23 14:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2011/12/21 00:33:32 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\GetRight
[2011/12/21 00:31:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\GetRight
[2011/12/19 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\TMNT
[2011/12/19 15:03:50 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Ubisoft
[2011/12/19 14:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/12/18 19:43:50 | 000,000,000 | ---D | C] -- C:\dell
[2011/12/18 13:34:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\JustCause
[2011/12/17 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\KAPITALSIN
[2011/12/17 21:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\KAPITALSIN
[2011/12/16 23:59:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/16 23:30:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/16 22:27:15 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2011/12/16 21:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\GnuWin32
[2011/12/16 21:04:27 | 000,000,000 | RH-D | C] -- C:\Users\Administrator\Recent
[2011/12/16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\gag4.10
[2011/12/16 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/15 21:00:54 | 000,000,000 | ---D | C] -- C:\SAVE
[2011/12/15 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\My Shared Folder
[2011/12/15 16:29:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/12/15 14:52:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\Devastation
[2011/12/15 12:37:15 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Exterminate It!
[2011/12/15 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2011/12/15 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Curiolab
[2011/12/15 10:08:13 | 000,000,000 | ---D | C] -- C:\Users\All Users\Uniblue
[2011/12/14 21:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Digitalo Studios
[2011/12/14 21:49:52 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Devastation
[2011/12/14 21:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2011/12/14 16:35:12 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Sierra
[2011/12/14 16:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/12/14 15:55:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Start Menu\Programs\Sierra
[2011/12/14 15:55:13 | 000,000,000 | ---D | C] -- C:\Sierra
[2011/12/14 14:35:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Babylon
[2011/12/14 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\Babylon
[2011/12/14 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\Babylon
[2011/12/14 00:54:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Copy of econ
[2011/12/13 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\econ
[2011/12/12 21:28:35 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\MW2Bot
[2011/12/12 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\MW2Bot
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\Quick Screen Capture
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Screen Capture
[2011/11/30 21:02:42 | 000,000,000 | ---D | C] -- C:\MyCaptures
[2011/11/30 20:57:34 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\CamStudio
[2011/11/30 20:57:32 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\WINDOWS\System32\CamCodec.dll
[2011/11/27 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\All Users\Start Menu\Programs\SourceTec
[2011/11/27 22:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2011/07/13 17:36:42 | 000,090,112 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.RocketDivision.StarBurnX.dll
[2011/07/13 17:36:42 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.VIDEOEDITLib.dll
[2011/07/13 17:36:42 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.dvdauthorLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/25 19:04:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
[2011/12/25 18:53:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/25 18:50:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
[2011/12/25 18:13:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/25 16:42:38 | 000,004,029 | ---- | M] () -- C:\Users\Administrator\Desktop\Attach.zip
[2011/12/25 16:35:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2011/12/25 15:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 15:28:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/25 13:13:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/25 13:02:40 | 000,002,964 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/25 13:02:32 | 000,439,740 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/25 11:45:15 | 000,064,000 | ---- | M] (CurioLab S.M.B.A.) -- C:\WINDOWS\System32\drivers\extit.sys
[2011/12/25 09:25:59 | 000,000,375 | RHS- | M] () -- C:\boot.ini
[2011/12/24 22:04:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/24 21:54:33 | 000,015,698 | ---- | M] () -- C:\Users\All Users\Application Data\bdinstall.bin
[2011/12/24 21:54:22 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/24 21:53:43 | 000,100,208 | ---- | M] () -- C:\Users\All Users\Application Data\1324781602.bdinstall.bin
[2011/12/24 21:50:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/24 20:27:27 | 000,000,330 | ---- | M] () -- C:\WINDOWS\sierra.ini
[2011/12/23 14:23:04 | 000,001,546 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/23 14:23:04 | 000,001,528 | ---- | M] () -- C:\Users\All Users\Desktop\ImgBurn.lnk
[2011/12/23 14:22:49 | 000,001,577 | ---- | M] () -- C:\Users\Administrator\Desktop\DVD Flick.lnk
[2011/12/22 15:43:45 | 000,032,768 | ---- | M] () -- C:\t1l8.30
[2011/12/22 13:01:45 | 000,000,531 | ---- | M] () -- C:\Users\Administrator\Desktop\Trevor Off-Key - Do Jamaica [wegotitfirst.com].mp3.lnk
[2011/12/22 12:51:26 | 000,001,476 | ---- | M] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2011/12/22 12:50:37 | 000,000,777 | ---- | M] () -- C:\Users\All Users\Desktop\DivX Plus Player.lnk
[2011/12/19 15:05:13 | 000,001,594 | ---- | M] () -- C:\Users\All Users\Desktop\TMNT.lnk
[2011/12/18 18:44:49 | 000,020,480 | ---- | M] () -- C:\t2dk.1g
[2011/12/18 15:14:44 | 003,145,856 | ---- | M] () -- C:\fb_0.dds
[2011/12/18 15:14:44 | 003,145,784 | ---- | M] () -- C:\fb_0.bmp
[2011/12/18 15:02:39 | 003,145,856 | ---- | M] () -- C:\fb_1.dds
[2011/12/18 15:02:39 | 003,145,784 | ---- | M] () -- C:\fb_1.bmp
[2011/12/17 21:52:50 | 000,001,533 | ---- | M] () -- C:\Users\Administrator\Desktop\Play to Just Cause.lnk
[2011/12/17 02:45:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/17 02:45:44 | 000,000,375 | -H-- | M] () -- C:\Boot.BAK
[2011/12/16 23:30:22 | 000,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/12/16 23:22:20 | 000,001,887 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/12/16 21:01:24 | 119,416,832 | ---- | M] () -- C:\Users\Administrator\Desktop\gparted-live-0.11.0-2.iso
[2011/12/15 20:51:12 | 000,001,474 | ---- | M] () -- C:\Users\Administrator\Desktop\Opposing Force.LNK
[2011/12/15 12:37:16 | 000,000,756 | ---- | M] () -- C:\Users\All Users\Desktop\Exterminate It!.lnk
[2011/12/14 21:49:54 | 000,001,707 | ---- | M] () -- C:\Users\All Users\Desktop\Play Devastation.lnk
[2011/12/14 17:11:37 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/14 17:11:37 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/14 17:11:36 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/14 16:35:17 | 000,001,431 | ---- | M] () -- C:\Users\Administrator\Desktop\Gunman Chronicles.lnk
[2011/12/14 15:55:58 | 000,001,461 | ---- | M] () -- C:\Users\Administrator\Desktop\Blue Shift.LNK
[2011/12/14 14:36:03 | 000,000,237 | ---- | M] () -- C:\user.js
[2011/12/14 00:57:12 | 000,711,487 | ---- | M] () -- C:\Users\Administrator\Desktop\econ.zip
[2011/12/14 00:54:52 | 000,444,333 | ---- | M] () -- C:\Users\Administrator\Desktop\econ.rar
[2011/12/12 21:28:35 | 000,000,672 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MW2Bot.lnk
[2011/12/09 19:58:38 | 001,440,948 | ---- | M] () -- C:\hello.bmp
[2011/12/07 19:56:45 | 000,000,643 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot Lite.lnk
[2011/12/07 19:56:45 | 000,000,618 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FarmVilleBot.lnk
[2011/12/06 22:30:55 | 001,529,021 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG_1325.jpg
[2011/12/06 16:36:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 22:45:11 | 000,029,328 | ---- | M] () -- C:\Users\Administrator\Desktop\320292_10150272727624822_560429821_7831725_6693137_n.jpg
[2011/12/05 06:39:05 | 000,496,706 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 06:39:05 | 000,084,616 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/04 01:46:11 | 000,001,816 | ---- | M] () -- C:\WINDOWS\TSearch.INI
[2011/12/04 01:46:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\HexEditor_FindList.hed
[2011/11/30 21:02:43 | 000,000,683 | ---- | M] () -- C:\Users\Administrator\Desktop\Quick Screen Capture.lnk
[2011/11/27 22:33:42 | 000,000,023 | ---- | M] () -- C:\WINDOWS\SWFDecompiler.INI
[2011/11/27 22:33:28 | 000,000,839 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/25 16:42:38 | 000,004,029 | ---- | C] () -- C:\Users\Administrator\Desktop\Attach.zip
[2011/12/25 16:40:19 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.exe
[2011/12/25 12:59:30 | 000,002,964 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/12/24 21:54:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/24 21:53:43 | 000,100,208 | ---- | C] () -- C:\Users\All Users\Application Data\1324781602.bdinstall.bin
[2011/12/24 20:43:07 | 000,015,698 | ---- | C] () -- C:\Users\All Users\Application Data\bdinstall.bin
[2011/12/23 14:23:04 | 000,001,546 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/23 14:23:04 | 000,001,528 | ---- | C] () -- C:\Users\All Users\Desktop\ImgBurn.lnk
[2011/12/23 14:22:49 | 000,001,577 | ---- | C] () -- C:\Users\Administrator\Desktop\DVD Flick.lnk
[2011/12/22 15:43:45 | 000,032,768 | ---- | C] () -- C:\t1l8.30
[2011/12/22 13:01:45 | 000,000,531 | ---- | C] () -- C:\Users\Administrator\Desktop\Trevor Off-Key - Do Jamaica [wegotitfirst.com].mp3.lnk
[2011/12/22 12:50:37 | 000,000,777 | ---- | C] () -- C:\Users\All Users\Desktop\DivX Plus Player.lnk
[2011/12/19 15:05:13 | 000,001,594 | ---- | C] () -- C:\Users\All Users\Desktop\TMNT.lnk
[2011/12/18 18:44:49 | 000,020,480 | ---- | C] () -- C:\t2dk.1g
[2011/12/18 15:02:39 | 003,145,856 | ---- | C] () -- C:\fb_1.dds
[2011/12/18 15:02:39 | 003,145,784 | ---- | C] () -- C:\fb_1.bmp
[2011/12/18 13:36:31 | 003,145,856 | ---- | C] () -- C:\fb_0.dds
[2011/12/18 13:36:31 | 003,145,784 | ---- | C] () -- C:\fb_0.bmp
[2011/12/17 21:52:50 | 000,001,533 | ---- | C] () -- C:\Users\Administrator\Desktop\Play to Just Cause.lnk
[2011/12/16 23:30:06 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/12/16 23:30:06 | 000,000,375 | -H-- | C] () -- C:\Boot.BAK
[2011/12/16 23:30:02 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011/12/16 21:05:08 | 119,416,832 | ---- | C] () -- C:\Users\Administrator\Desktop\gparted-live-0.11.0-2.iso
[2011/12/16 20:10:45 | 000,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/12/16 20:10:45 | 000,001,887 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/12/15 20:51:12 | 000,001,474 | ---- | C] () -- C:\Users\Administrator\Desktop\Opposing Force.LNK
[2011/12/15 19:35:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2011/12/15 10:34:32 | 000,000,756 | ---- | C] () -- C:\Users\All Users\Desktop\Exterminate It!.lnk
[2011/12/14 21:49:54 | 000,001,707 | ---- | C] () -- C:\Users\All Users\Desktop\Play Devastation.lnk
[2011/12/14 17:11:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/14 17:11:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/14 17:11:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/14 16:35:17 | 000,001,431 | ---- | C] () -- C:\Users\Administrator\Desktop\Gunman Chronicles.lnk
[2011/12/14 16:35:17 | 000,000,330 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2011/12/14 15:55:58 | 000,001,461 | ---- | C] () -- C:\Users\Administrator\Desktop\Blue Shift.LNK
[2011/12/14 15:21:16 | 941,293,568 | ---- | C] () -- C:\Users\Administrator\Desktop\[PSP] Midnight Club - LA Remix (EUR) [PyTon].iso
[2011/12/14 14:36:02 | 000,000,237 | ---- | C] () -- C:\user.js
[2011/12/14 00:57:12 | 000,711,487 | ---- | C] () -- C:\Users\Administrator\Desktop\econ.zip
[2011/12/14 00:54:25 | 000,444,333 | ---- | C] () -- C:\Users\Administrator\Desktop\econ.rar
[2011/12/12 21:28:35 | 000,000,672 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MW2Bot.lnk
[2011/12/09 19:58:38 | 001,440,948 | ---- | C] () -- C:\hello.bmp
[2011/12/09 16:06:50 | 012,582,912 | ---- | C] () -- C:\Users\Administrator\Desktop\GoldenEye 007.z64
[2011/12/06 22:30:30 | 001,529,021 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG_1325.jpg
[2011/12/05 22:45:20 | 000,029,328 | ---- | C] () -- C:\Users\Administrator\Desktop\320292_10150272727624822_560429821_7831725_6693137_n.jpg
[2011/12/04 12:07:52 | 000,000,730 | ---- | C] () -- C:\Users\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/04 01:08:58 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2011/11/30 21:02:43 | 000,000,683 | ---- | C] () -- C:\Users\Administrator\Desktop\Quick Screen Capture.lnk
[2011/11/27 22:33:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2011/11/27 22:33:28 | 000,000,839 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2011/11/13 23:42:29 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/11/13 23:42:29 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/11/13 23:42:29 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/11/04 19:51:58 | 000,000,348 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2011/11/04 19:30:45 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/03 19:10:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/09/25 19:43:47 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/09/25 19:43:46 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\Application Data\PnkBstrK.sys
[2011/09/25 19:43:26 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/09/25 19:43:23 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/07/21 17:52:39 | 000,000,008 | ---- | C] () -- C:\Users\Administrator\Local Settings\Application Data\.mpid
[2011/07/15 19:25:09 | 000,000,271 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/07/15 00:35:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011/07/14 23:54:27 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/07/14 23:54:26 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/07/13 17:39:38 | 000,016,384 | ---- | C] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/13 17:36:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.VIDEOEDITLib.dll
[2011/07/13 17:36:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.dvdauthorLib.dll
[2011/07/13 17:28:50 | 000,221,696 | ---- | C] () -- C:\WINDOWS\System32\vid_conv2.dll
[2011/07/13 17:28:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\vid_core2.dll
[2011/07/13 17:28:48 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2011/07/13 17:28:48 | 006,088,192 | ---- | C] () -- C:\WINDOWS\System32\vid_trans2.dll
[2011/07/13 17:28:48 | 000,731,136 | ---- | C] () -- C:\WINDOWS\System32\vid_format2.dll
[2011/07/13 17:28:48 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2011/07/13 17:28:48 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/07/13 17:28:48 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2011/07/13 17:28:48 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2011/07/13 17:28:48 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2011/07/13 17:28:48 | 000,069,560 | ---- | C] () -- C:\WINDOWS\System32\vid_multi2.dll
[2011/07/13 17:28:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2011/07/13 17:28:48 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2011/06/30 21:46:35 | 000,000,332 | ---- | C] () -- C:\WINDOWS\WPE PRO - modified.INI
[2011/06/18 10:42:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/06/18 09:16:05 | 000,544,480 | ---- | C] () -- C:\Users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/17 15:53:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/17 15:41:53 | 000,014,281 | ---- | C] () -- C:\WINDOWS\System32\sleep.exe
[2011/06/17 15:41:53 | 000,000,143 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/06/17 15:41:52 | 000,013,339 | ---- | C] () -- C:\WINDOWS\System32\WAIT.EXE
[2011/06/17 15:41:51 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\DELTREE.EXE
[2011/06/17 15:41:39 | 000,000,794 | ---- | C] () -- C:\WINDOWS\Removes.ini
[2011/06/17 15:41:22 | 000,477,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/17 07:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/17 06:41:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\ppGameDrive.ini
[2011/06/17 06:41:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\ppAppDrive.ini
[2011/06/17 06:35:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\renuser.exe
[2011/06/17 06:29:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/17 06:29:01 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/06/17 06:29:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/17 06:26:58 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ThumbView_Lite.dll
[2011/06/17 06:26:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\tbhookin.dll
[2011/06/17 06:26:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ts_settings.ini
[2011/06/17 06:26:40 | 001,152,165 | ---- | C] () -- C:\WINDOWS\System32\HFExtract.exe
[2011/06/17 06:26:40 | 000,708,272 | ---- | C] () -- C:\WINDOWS\System32\Universal Silent Switch Finder.exe
[2011/06/17 06:26:40 | 000,699,508 | ---- | C] () -- C:\WINDOWS\System32\UpxGui.exe
[2011/06/17 06:26:40 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PCalc.exe
[2011/06/17 06:26:40 | 000,210,432 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.exe
[2011/06/17 06:26:40 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2011/06/17 06:26:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\metapath.exe
[2011/06/17 06:26:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Cabarc.exe
[2011/06/17 06:26:40 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2011/06/17 06:26:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\WallChan.exe
[2011/06/17 06:26:40 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\Cabtool.exe
[2011/06/17 06:26:40 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2011/06/17 06:26:40 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\WC.com
[2011/06/17 06:26:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2011/06/17 06:26:12 | 000,494,557 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011/06/17 06:26:12 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011/06/17 06:26:11 | 000,566,624 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2011/06/17 06:26:11 | 000,519,912 | ---- | C] () -- C:\WINDOWS\System32\d3dx10.dll
[2011/06/17 06:25:54 | 000,000,006 | ---- | C] () -- C:\WINDOWS\SetupSMenu.ini
[2011/06/17 06:25:54 | 000,000,006 | ---- | C] () -- C:\WINDOWS\LastXPSetupSMenu.ini
[2011/06/17 06:20:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 06:05:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/17 06:04:38 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/02/28 10:17:48 | 003,284,480 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008/05/05 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/05/05 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/05/05 04:00:00 | 000,496,706 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/05/05 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/05/05 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/05/05 04:00:00 | 000,084,616 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/05/05 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/05/05 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/05/05 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/05/05 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/05/05 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/05 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
========== LOP Check ==========
[2011/12/14 14:35:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Babylon
[2011/12/23 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\BitTorrent
[2011/11/13 23:43:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\CheckPoint
[2011/11/08 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\com.essexreddevelopment.mergepdfmac
[2011/12/15 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Curiolab
[2011/07/19 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\DAEMON Tools Pro
[2011/06/18 00:42:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Garena
[2011/07/02 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Gearbox Software
[2011/12/23 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\GetRight
[2011/09/11 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\GetRightToGo
[2011/12/25 16:21:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\ImgBurn
[2011/07/23 01:15:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\IObit
[2011/11/14 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\MailFrontier
[2011/07/21 01:18:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Minibar
[2011/08/17 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\NPLUTO Corporation
[2011/11/05 18:33:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Opera
[2011/11/27 01:36:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\PriceGong
[2011/08/23 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Research In Motion
[2011/07/21 00:51:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Rovio
[2011/09/25 18:52:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\SickBrick
[2011/12/20 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\TMNT
[2011/07/14 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Unity
[2011/06/17 06:30:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\uTorrent
[2011/11/06 00:21:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\WebcamMax
[2011/08/22 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\2CBB
[2011/12/14 14:35:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Babylon
[2011/11/13 23:39:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\CheckPoint
[2011/07/13 17:12:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\CodecCheck
[2011/07/19 00:44:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\DAEMON Tools Pro
[2011/08/10 19:23:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\GarenaMessenger
[2011/12/23 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\GetRight
[2011/12/14 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\InstallMate
[2011/07/22 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\IObit
[2011/11/14 00:16:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Kaspersky SDK
[2011/08/15 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Nexon
[2011/12/15 10:21:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\NexonUS
[2011/11/19 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PMB Files
[2011/07/13 16:42:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Premium
[2011/11/06 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\PSPVC
[2011/08/02 01:50:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\Research In Motion
[2011/06/17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\SpeedBit
[2011/11/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\TEMP
[2011/11/13 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\WinZip
[2011/11/02 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\WinZipEC
[2011/09/24 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\Application Data\YouTube Downloader
[2011/07/13 14:23:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2011/07/23 12:33:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/12/24 21:50:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500Core.job
[2011/12/25 18:50:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1383384898-1177238915-500UA.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 198 bytes -> C:\Users\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Application Data\TEMP:2B11E0DF
< End of report >
Edited by Virus killer needed, 25 December 2011 - 06:37 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users