Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Many Symptoms - AV Security reinstalling itself, browser redirects, sl


  • This topic is locked This topic is locked

#1
SkittleServal

SkittleServal

    Member

  • Member
  • PipPip
  • 14 posts
Hello. Thank you in advance for taking time out of your no-doubt busy scheduals to assist me with my issue. I am positive that I have virus/malware issues, however, running malwarebytes, avast and spybot (not at the same time of course) have revealed infections, however, upon removal, the problems persist!

Symptoms:

EDIT: Two things I forgot.. The entry, PRC - [2012/02/11 21:59:53 | 000,155,648 | RHS- | M] (31xspipavenoaktr1nua1mkv) -- C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe , in the OTL log.. This program has caused a pre-windows-load dialog to come up saying it was adjusting personal settings or something simliar for this program. I do not recognize it, and that dialog caused windows not to want to start.

Also, some weeks ago, I had to manually remove a program called ping.exe from my windows folder - it would repeatedly open itself and take up huge amounts of memory and CPU (300k+ memory depending) and has not opened again since I did so

Computer runs much more slowly than it used to while gaming.

A program named AV security 2012 keeps installing itself on my system periodically despite having removed it a few times

While using google chrome, or any other browser i've tried, clicking links will occasionally take me to obvious ad/scam sites instead of the actual destination.

On web browsers, random words in almost any website (including this one!) will be highlighted, mousing over them brings up a 'preview window' to another obvious scam/ad site, "Text enhance".

On a couple occasions, my computer's failed to start and i've had to recover it once. This has not happened again since I ran my three anti-virus/malware/spyware programs (Listed in the introduction)

I've also noticed a bit of a loss in my internet speed, specifically on this computer. (I have a laptop in the same room)

I know it's advised not to use hamachi in general, but I try to keep my hamachi network secure. It's private and password protected, but i'll still default to any suggestions regarding hamachi if they're offered. (I have to use it to host internet games right now.)

OTL logfile created on: 2/12/2012 11:53:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ani\Desktop\AMW
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.85 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 74.43% Memory free
15.70 Gb Paging File | 13.60 Gb Available in Paging File | 86.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 514.99 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.11 Gb Total Space | 347.42 Gb Free Space | 74.70% Space Free | Partition Type: NTFS
Drive I: | 941.69 Mb Total Space | 842.78 Mb Free Space | 89.50% Space Free | Partition Type: FAT

Computer Name: ANI-PC | User Name: Ani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 11:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ani\Desktop\AMW\OTL.exe
PRC - [2012/02/11 21:59:53 | 000,155,648 | RHS- | M] (31xspipavenoaktr1nua1mkv) -- C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe
PRC - [2012/02/09 16:31:54 | 000,738,168 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/08 15:50:56 | 000,043,944 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2012/02/08 15:50:54 | 000,065,448 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2012/02/07 13:18:30 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/04 09:55:05 | 000,186,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Temp\javaw.exe
PRC - [2011/12/21 07:01:38 | 001,242,448 | ---- | M] (Valve Corporation) -- H:\Programs\Steam\Steam.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/16 09:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe
PRC - [2009/06/10 13:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Ani\AppData\Local\Temp\csc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/09 20:06:35 | 014,415,144 | ---- | M] () -- H:\Programs\Steam\bin\libcef.dll
MOD - [2012/02/09 20:06:34 | 000,914,216 | ---- | M] () -- H:\Programs\Steam\bin\avcodec-52.dll
MOD - [2012/02/09 20:06:34 | 000,857,896 | ---- | M] () -- H:\Programs\Steam\bin\chromehtml.dll
MOD - [2012/02/09 20:06:34 | 000,155,432 | ---- | M] () -- H:\Programs\Steam\bin\avformat-52.dll
MOD - [2012/02/09 20:06:34 | 000,091,432 | ---- | M] () -- H:\Programs\Steam\bin\avutil-50.dll
MOD - [2012/02/04 09:55:05 | 000,186,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Temp\javaw.exe
MOD - [2012/01/31 07:37:09 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a72ed18d2df70f09c57cf914ce591306\Microsoft.VisualBasic.ni.dll
MOD - [2012/01/27 00:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 00:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 00:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 00:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 00:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/26 21:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2011/11/21 16:47:46 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2011/11/21 16:47:44 | 001,609,728 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2011/11/21 16:47:44 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2011/11/21 16:47:42 | 005,694,976 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2011/11/21 16:46:28 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2011/10/24 10:50:38 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Raptr\easyhook32.dll
MOD - [2011/10/24 10:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2011/10/13 10:39:00 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/13 10:38:51 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/13 10:38:11 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/13 10:37:43 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/10/10 20:52:14 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/09/08 15:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2011/09/08 15:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2011/09/08 15:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2011/09/08 15:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2011/09/08 15:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2011/09/08 15:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2011/09/08 15:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2011/09/08 15:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2011/09/08 15:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2011/09/08 15:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2011/09/08 15:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2011/09/08 15:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2011/02/15 10:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 10:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/22 15:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 14:57:36 | 002,042,368 | ---- | M] () -- C:\Program Files (x86)\Raptr\libtorrent.pyd
MOD - [2010/11/22 14:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 14:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 14:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 14:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 14:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 14:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 14:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll
MOD - [2010/11/22 14:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 14:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 14:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 14:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 14:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 14:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 14:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 14:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 14:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 14:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2009/07/16 09:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/12/31 10:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 12:36:05 | 000,022,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/02/07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/04 19:55:08 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/31 10:20:38 | 000,415,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/18 07:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/05 05:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 05:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 18:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/01 18:25:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/20 22:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/09/20 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/03/22 22:53:04 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2009/12/01 14:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 13:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 18:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/11/22 08:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/12/18 09:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63919

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63919
FF - prefs.js..network.proxy.type: 1


FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@SparkplayMedia.com/Earth Eternal: C:\Users\Ani\Documents\Earth Eternal\Earth Eternal\npSparkPlayerNS.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ani\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ani\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/08 01:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/08 01:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98}: C:\Users\Ani\AppData\Local\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} [2011/07/23 16:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/30 22:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/14 15:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/10 17:28:43 | 000,000,000 | ---D | M]

[2011/11/14 15:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ani\AppData\Roaming\Mozilla\Extensions
[2011/12/10 09:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\925ffmb8.default\extensions
[2011/12/10 09:26:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\925ffmb8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012/01/10 17:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/10 17:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Earth Eternal (Enabled) = C:\Users\Ani\Documents\Earth Eternal\Earth Eternal\npSparkPlayerNS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: DivX HiQ = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Fantapper = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
CHR - Extension: Gmail = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/19 03:12:00 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Shop to Win) - {27376903-C3DA-492B-9622-E4AB4DEBBE54} - C:\Program Files (x86)\Shop to Win 6\Shop to Win 6.dll (Shop To Win, LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SocialRibbons) - {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll ()
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [2pyup3hk1m32xuuboy5nh00u] C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe (31xspipavenoaktr1nua1mkv)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MSE] C:\Users\Ani\AppData\Local\Temp\javaw.exe ()
O4 - HKCU..\Run: [NCsoft] File not found
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [skype] C:\Users\Ani\AppData\Local\Temp\wlm.exe ()
O4 - HKCU..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] H:\Programs\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Windows™ Updater] C:\Users\Ani\AppData\Local\Temp\smtp.gmail.com.exe ()
O4 - HKCU..\Run: [WindowsFireWall] C:\Users\Ani\AppData\Local\Temp\/WindowsFireWall.exe ()
O4 - Startup: C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Windows Defender = C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mabinogi.or.tl ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino....2010.05.24.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC4BD4D-D948-48EF-91EE-A114C86D30A1}: DhcpNameServer = 172.16.1.1 172.16.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C05C367-425E-4F1C-865C-4DFCECB7CD61}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919082B8-F2AF-4D2B-8EDE-8F218E295C27}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B50468-3ED7-4023-92A2-CF68DD7872AD}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA3B474C-5248-4A19-AD88-1CCFAFE0E8B2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 14:44:07 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell - "" = AutoRun
O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell\AutoRun\command - "" = F:\check.exe
O33 - MountPoints2\{da6a1841-b9cb-11e0-bab2-1078d2cd7787}\Shell - "" = AutoRun
O33 - MountPoints2\{da6a1841-b9cb-11e0-bab2-1078d2cd7787}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2010/07/29 14:22:16 | 004,203,808 | ---- | M] (Western Digital)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2010/07/29 14:22:16 | 004,203,808 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 11:52:31 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\AMW
[2012/02/12 11:51:05 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/02/12 11:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/12 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/11 21:59:53 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ftate5ic
[2012/02/09 20:06:57 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2012/02/09 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/09 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/02/09 20:06:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/09 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ThuumicShouter
[2012/02/09 07:05:58 | 000,000,000 | ---D | C] -- C:\New folder
[2012/02/07 09:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThuumicShouter
[2012/02/06 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\Ani\Documents\majesty2
[2012/02/05 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ExodusViewer
[2012/02/05 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Local\ExodusViewer
[2012/02/05 16:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exodus Viewer Beta
[2012/02/05 16:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExodusViewerBeta
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C
[2012/02/04 09:55:07 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\PA0JUCWE4F.exe
[2012/02/04 04:12:32 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\0PKUZJ8NR3.exe
[2012/01/31 04:49:17 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\alduins fos_data
[2012/01/31 04:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\Alduins yol_data
[2012/01/31 04:43:47 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\Alduin's shadow voice_data
[2012/01/27 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\gidget_you_creepy_puppy
[2012/01/27 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\gidgetandamber_withboy
[2012/01/27 19:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\storage dogs
[2012/01/27 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\poor amber derp
[2012/01/25 01:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2012/01/25 01:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2012/01/25 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Ani\Documents\Downloads
[2012/01/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\Mumble
[2012/01/21 19:52:32 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Local\Mumble
[2012/01/21 19:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/01/21 19:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/01/16 14:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ecchi-RO Naked
[2012/01/16 14:21:18 | 000,000,000 | ---D | C] -- C:\Ecchi-RO
[2012/01/13 14:22:29 | 000,000,000 | ---D | C] -- C:\Users\Ani\Documents\Furcadia
[2009/07/13 12:46:18 | 000,077,112 | -H-- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\cbc.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 11:58:25 | 000,362,858 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\Java
[2012/02/12 11:57:48 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 11:57:48 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 11:50:50 | 000,001,104 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 11:50:45 | 000,000,924 | ---- | M] () -- C:\Users\Ani\Desktop\NTREGOPT.lnk
[2012/02/12 11:50:45 | 000,000,905 | ---- | M] () -- C:\Users\Ani\Desktop\ERUNT.lnk
[2012/02/12 11:50:03 | 000,792,890 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/12 11:50:03 | 000,669,210 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/12 11:50:03 | 000,125,396 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/12 11:44:13 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 11:44:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/12 11:43:53 | 2028,277,759 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 11:36:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 11:23:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-606387608-774257337-4196163694-1001UA.job
[2012/02/12 08:40:10 | 000,000,402 | ---- | M] () -- C:\windows\tasks\PC Unleashed.job
[2012/02/11 18:00:00 | 000,000,496 | ---- | M] () -- C:\windows\tasks\PC Unleashed Registration3.job
[2012/02/11 16:23:00 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-606387608-774257337-4196163694-1001Core.job
[2012/02/11 11:19:10 | 000,000,040 | ---- | M] () -- C:\Users\Ani\jagex_cl_runescape_LIVE.dat
[2012/02/11 08:11:46 | 000,000,398 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ani.job
[2012/02/10 15:37:02 | 000,000,024 | ---- | M] () -- C:\Users\Ani\jagexappletviewer.preferences
[2012/02/10 04:08:39 | 000,000,420 | ---- | M] () -- C:\windows\tasks\PC Unleashed Defrag.job
[2012/02/09 20:05:58 | 000,320,640 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/02/09 20:04:17 | 000,514,183 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\key
[2012/02/09 19:54:25 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\ThuumicShouter.lnk
[2012/02/09 05:23:43 | 000,002,349 | ---- | M] () -- C:\Users\Ani\Desktop\Google Chrome.lnk
[2012/02/08 08:14:41 | 000,000,211 | ---- | M] () -- C:\Users\Ani\Desktop\Creation Kit.url
[2012/02/08 02:46:02 | 000,000,458 | ---- | M] () -- C:\windows\tasks\PC Unleashed Update Version3.job
[2012/02/07 16:56:24 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\xcghmwou.exe
[2012/02/07 15:25:27 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dlw45npm.exe
[2012/02/07 15:04:28 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\h0c0kvqd.exe
[2012/02/07 14:54:04 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dwt4ocr2.exe
[2012/02/07 14:53:54 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\ygxdw10j.exe
[2012/02/07 14:50:47 | 000,166,400 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\rjiatatj.exe
[2012/02/06 16:06:43 | 001,399,109 | ---- | M] () -- C:\Users\Ani\Desktop\CrescentJulian.png
[2012/02/06 11:16:51 | 000,707,487 | ---- | M] () -- C:\Users\Ani\Desktop\Dream.png
[2012/02/06 02:17:24 | 000,032,896 | ---- | M] () -- C:\tmp_sshot.dds
[2012/02/05 16:17:35 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/02/05 16:12:44 | 001,525,803 | ---- | M] () -- C:\Users\Public\Documents\Dark Dru_001.png
[2012/02/05 13:31:14 | 000,000,876 | ---- | M] () -- C:\Users\Ani\Desktop\Majesty 2.lnk
[2012/02/05 12:25:58 | 002,663,996 | ---- | M] () -- C:\Users\Public\Documents\uhm_001.png
[2012/01/31 04:49:17 | 000,001,342 | ---- | M] () -- C:\Users\Ani\Desktop\alduins fos.aup
[2012/01/31 04:49:09 | 000,166,796 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fo' Test.wav
[2012/01/31 04:47:11 | 000,228,556 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's Shadow 'Yol' Test.wav
[2012/01/31 04:46:19 | 000,001,340 | ---- | M] () -- C:\Users\Ani\Desktop\Alduins yol.aup
[2012/01/31 04:43:47 | 000,000,899 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow voice.aup
[2012/01/31 04:39:57 | 000,197,676 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fus' Test.wav
[2012/01/31 04:23:49 | 000,395,360 | ---- | M] () -- C:\Users\Ani\Desktop\monstertest.wav
[2012/01/31 03:12:37 | 000,786,614 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/30 17:16:54 | 000,001,182 | ---- | M] () -- C:\Users\Ani\Desktop\ Mabinogi .lnk
[2012/01/30 05:20:06 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to MajX.exe.lnk
[2012/01/28 03:31:02 | 000,005,830 | ---- | M] () -- C:\Users\Public\Documents\New Skyrim Monsters Mod - Documentation.rtf
[2012/01/27 19:21:32 | 001,295,162 | ---- | M] () -- C:\Users\Public\Documents\gidget_you_creepy_puppy.zip
[2012/01/27 19:21:21 | 000,135,510 | ---- | M] () -- C:\Users\Public\Documents\Picture 13.png
[2012/01/27 19:21:19 | 000,139,469 | ---- | M] () -- C:\Users\Ani\Picture 14.png
[2012/01/27 19:21:18 | 000,110,503 | ---- | M] () -- C:\Users\Ani\Picture 15.png
[2012/01/27 19:21:14 | 000,138,366 | ---- | M] () -- C:\Users\Ani\Picture 8.png
[2012/01/27 19:21:14 | 000,122,068 | ---- | M] () -- C:\Users\Ani\Picture 9.png
[2012/01/27 19:21:13 | 000,132,947 | ---- | M] () -- C:\Users\Ani\Picture 7.png
[2012/01/27 19:12:10 | 000,187,140 | ---- | M] () -- C:\Users\Public\Documents\sleepyscruff.png
[2012/01/27 19:11:16 | 000,166,221 | ---- | M] () -- C:\Users\Public\Documents\omg epic face jerr.png
[2012/01/27 19:11:07 | 000,164,889 | ---- | M] () -- C:\Users\Ani\a boy with eyes full of character 2.png
[2012/01/27 19:11:06 | 000,145,402 | ---- | M] () -- C:\Users\Ani\a boy with eyes full of character1.png
[2012/01/27 19:11:04 | 000,147,660 | ---- | M] () -- C:\Users\Public\Documents\most_disatisfied_face_ever.png
[2012/01/27 19:09:13 | 000,167,792 | ---- | M] () -- C:\Users\Ani\goofball1.png
[2012/01/27 19:09:13 | 000,165,610 | ---- | M] () -- C:\Users\Ani\goofball2.png
[2012/01/27 19:08:40 | 000,109,595 | ---- | M] () -- C:\Users\Ani\gidget fluff x3.png
[2012/01/27 19:08:39 | 000,181,110 | ---- | M] () -- C:\Users\Ani\gidget on face 1.png
[2012/01/27 19:08:39 | 000,158,435 | ---- | M] () -- C:\Users\Ani\gidget on face 2.png
[2012/01/27 19:08:39 | 000,155,697 | ---- | M] () -- C:\Users\Ani\gidget8.png
[2012/01/27 19:08:39 | 000,154,501 | ---- | M] () -- C:\Users\Ani\gidgt attack1.png
[2012/01/27 19:08:39 | 000,152,600 | ---- | M] () -- C:\Users\Ani\gidget7.png
[2012/01/27 19:08:39 | 000,142,954 | ---- | M] () -- C:\Users\Ani\gidget2.png
[2012/01/27 19:08:39 | 000,134,673 | ---- | M] () -- C:\Users\Ani\gidget4.png
[2012/01/27 19:08:39 | 000,130,663 | ---- | M] () -- C:\Users\Ani\gidget on face 3.png
[2012/01/27 19:08:39 | 000,098,506 | ---- | M] () -- C:\Users\Ani\gidget like dead asleep.png
[2012/01/27 19:08:37 | 000,052,470 | ---- | M] () -- C:\Users\Ani\gidget1.png
[2012/01/27 19:07:49 | 000,544,900 | ---- | M] () -- C:\Users\Public\Documents\gidgetandamber_withboy.zip
[2012/01/27 19:07:46 | 000,153,193 | ---- | M] () -- C:\Users\Public\Documents\gidget 5.png
[2012/01/27 19:02:44 | 000,219,072 | ---- | M] () -- C:\Users\Public\Documents\1gidg.jpg
[2012/01/27 19:02:00 | 002,361,891 | ---- | M] () -- C:\Users\Public\Documents\storage dogs.zip
[2012/01/27 19:00:12 | 001,275,437 | ---- | M] () -- C:\Users\Public\Documents\poor amber derp.zip
[2012/01/27 18:59:44 | 000,137,614 | ---- | M] () -- C:\Users\Public\Documents\youre kidding me.png
[2012/01/27 18:59:39 | 000,122,305 | ---- | M] () -- C:\Users\Public\Documents\gidget hoagie.png
[2012/01/27 18:59:12 | 000,158,289 | ---- | M] () -- C:\Users\Public\Documents\how did that get inyour mouth.png
[2012/01/27 18:59:07 | 000,096,744 | ---- | M] () -- C:\Users\Public\Documents\amber says nothing.png
[2012/01/27 18:58:39 | 000,090,866 | ---- | M] () -- C:\Users\Public\Documents\gidget says shutup.png
[2012/01/27 18:57:58 | 000,082,973 | ---- | M] () -- C:\Users\Public\Documents\this is the face of a dog who just got hit on the head by a water bottle.png
[2012/01/27 18:57:56 | 000,158,604 | ---- | M] () -- C:\Users\Public\Documents\amber_belly.png
[2012/01/26 10:55:35 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/01/26 08:34:45 | 000,417,879 | ---- | M] () -- C:\Users\Ani\Desktop\lootz.png
[2012/01/26 06:07:00 | 000,013,963 | ---- | M] () -- C:\Users\Ani\.recently-used.xbel
[2012/01/25 01:23:13 | 000,000,000 | ---- | M] () -- C:\windows\PowerReg.dat
[2012/01/25 01:23:12 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Majesty.exe.lnk
[2012/01/25 01:22:49 | 000,673,325 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_018.png
[2012/01/24 22:45:44 | 000,530,763 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_017.png
[2012/01/21 22:33:57 | 002,102,841 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_016.png
[2012/01/21 22:33:51 | 002,179,901 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_015.png
[2012/01/21 22:32:48 | 000,485,319 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_014.png
[2012/01/21 22:32:37 | 000,453,072 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_013.png
[2012/01/21 20:02:22 | 000,002,380 | ---- | M] () -- C:\Users\Ani\Documents\MumbleAutomaticCertificateBackup.p12
[2012/01/21 19:52:12 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/01/21 19:28:34 | 001,229,082 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_011.png
[2012/01/21 19:28:13 | 002,174,747 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_012.png
[2012/01/20 19:17:11 | 001,551,307 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_008.png
[2012/01/20 14:19:29 | 000,046,546 | ---- | M] () -- C:\Users\Ani\Desktop\Spoutcraft (3).jar
[2012/01/18 23:44:31 | 001,649,157 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_006.png
[2012/01/18 21:23:54 | 001,721,098 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_003.png
[2012/01/18 21:23:13 | 001,255,433 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_002.png
[2012/01/17 07:15:28 | 000,000,567 | ---- | M] () -- C:\Users\Public\Documents\Waiting Trades.rtf
[2012/01/15 22:34:20 | 000,039,493 | ---- | M] () -- C:\Users\Public\Documents\awesomes.m3u
[2012/01/14 16:30:54 | 000,000,193 | ---- | M] () -- C:\Users\Public\Documents\pwddd.rtf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 11:50:50 | 000,001,104 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 11:50:45 | 000,000,924 | ---- | C] () -- C:\Users\Ani\Desktop\NTREGOPT.lnk
[2012/02/12 11:50:45 | 000,000,905 | ---- | C] () -- C:\Users\Ani\Desktop\ERUNT.lnk
[2012/02/08 08:14:41 | 000,000,211 | ---- | C] () -- C:\Users\Ani\Desktop\Creation Kit.url
[2012/02/07 16:56:24 | 000,036,864 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\xcghmwou.exe
[2012/02/07 15:25:27 | 000,036,864 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\dlw45npm.exe
[2012/02/07 15:04:28 | 000,036,864 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\h0c0kvqd.exe
[2012/02/07 14:54:04 | 000,036,864 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\dwt4ocr2.exe
[2012/02/07 14:53:54 | 000,036,864 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\ygxdw10j.exe
[2012/02/07 14:50:47 | 000,166,400 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\rjiatatj.exe
[2012/02/07 11:13:07 | 000,514,183 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\key
[2012/02/07 09:57:31 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\ThuumicShouter.lnk
[2012/02/06 16:06:33 | 001,399,109 | ---- | C] () -- C:\Users\Ani\Desktop\CrescentJulian.png
[2012/02/06 11:16:45 | 000,707,487 | ---- | C] () -- C:\Users\Ani\Desktop\Dream.png
[2012/02/06 02:17:24 | 000,032,896 | ---- | C] () -- C:\tmp_sshot.dds
[2012/02/05 16:17:35 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/02/05 16:11:50 | 001,525,803 | ---- | C] () -- C:\Users\Public\Documents\Dark Dru_001.png
[2012/02/05 13:31:14 | 000,000,876 | ---- | C] () -- C:\Users\Ani\Desktop\Majesty 2.lnk
[2012/02/05 12:25:10 | 002,663,996 | ---- | C] () -- C:\Users\Public\Documents\uhm_001.png
[2012/02/04 04:13:02 | 000,362,574 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\Java
[2012/01/31 04:49:17 | 000,001,342 | ---- | C] () -- C:\Users\Ani\Desktop\alduins fos.aup
[2012/01/31 04:49:09 | 000,166,796 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fo' Test.wav
[2012/01/31 04:46:30 | 000,228,556 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's Shadow 'Yol' Test.wav
[2012/01/31 04:46:19 | 000,001,340 | ---- | C] () -- C:\Users\Ani\Desktop\Alduins yol.aup
[2012/01/31 04:43:47 | 000,000,899 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow voice.aup
[2012/01/31 04:35:35 | 000,197,676 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fus' Test.wav
[2012/01/31 04:23:49 | 000,395,360 | ---- | C] () -- C:\Users\Ani\Desktop\monstertest.wav
[2012/01/27 20:11:44 | 000,005,830 | ---- | C] () -- C:\Users\Public\Documents\New Skyrim Monsters Mod - Documentation.rtf
[2012/01/27 19:21:22 | 001,295,162 | ---- | C] () -- C:\Users\Public\Documents\gidget_you_creepy_puppy.zip
[2012/01/27 19:21:19 | 000,135,510 | ---- | C] () -- C:\Users\Public\Documents\Picture 13.png
[2012/01/27 19:21:16 | 000,139,469 | ---- | C] () -- C:\Users\Ani\Picture 14.png
[2012/01/27 19:21:16 | 000,110,503 | ---- | C] () -- C:\Users\Ani\Picture 15.png
[2012/01/27 19:21:12 | 000,138,366 | ---- | C] () -- C:\Users\Ani\Picture 8.png
[2012/01/27 19:21:12 | 000,132,947 | ---- | C] () -- C:\Users\Ani\Picture 7.png
[2012/01/27 19:21:12 | 000,122,068 | ---- | C] () -- C:\Users\Ani\Picture 9.png
[2012/01/27 19:12:09 | 000,187,140 | ---- | C] () -- C:\Users\Public\Documents\sleepyscruff.png
[2012/01/27 19:11:14 | 000,166,221 | ---- | C] () -- C:\Users\Public\Documents\omg epic face jerr.png
[2012/01/27 19:11:05 | 000,164,889 | ---- | C] () -- C:\Users\Ani\a boy with eyes full of character 2.png
[2012/01/27 19:11:05 | 000,145,402 | ---- | C] () -- C:\Users\Ani\a boy with eyes full of character1.png
[2012/01/27 19:11:02 | 000,147,660 | ---- | C] () -- C:\Users\Public\Documents\most_disatisfied_face_ever.png
[2012/01/27 19:09:11 | 000,167,792 | ---- | C] () -- C:\Users\Ani\goofball1.png
[2012/01/27 19:09:11 | 000,165,610 | ---- | C] () -- C:\Users\Ani\goofball2.png
[2012/01/27 19:08:36 | 000,181,110 | ---- | C] () -- C:\Users\Ani\gidget on face 1.png
[2012/01/27 19:08:36 | 000,158,435 | ---- | C] () -- C:\Users\Ani\gidget on face 2.png
[2012/01/27 19:08:36 | 000,155,697 | ---- | C] () -- C:\Users\Ani\gidget8.png
[2012/01/27 19:08:36 | 000,154,501 | ---- | C] () -- C:\Users\Ani\gidgt attack1.png
[2012/01/27 19:08:36 | 000,152,600 | ---- | C] () -- C:\Users\Ani\gidget7.png
[2012/01/27 19:08:36 | 000,142,954 | ---- | C] () -- C:\Users\Ani\gidget2.png
[2012/01/27 19:08:36 | 000,134,673 | ---- | C] () -- C:\Users\Ani\gidget4.png
[2012/01/27 19:08:36 | 000,130,663 | ---- | C] () -- C:\Users\Ani\gidget on face 3.png
[2012/01/27 19:08:36 | 000,109,595 | ---- | C] () -- C:\Users\Ani\gidget fluff x3.png
[2012/01/27 19:08:36 | 000,098,506 | ---- | C] () -- C:\Users\Ani\gidget like dead asleep.png
[2012/01/27 19:08:36 | 000,052,470 | ---- | C] () -- C:\Users\Ani\gidget1.png
[2012/01/27 19:07:46 | 000,544,900 | ---- | C] () -- C:\Users\Public\Documents\gidgetandamber_withboy.zip
[2012/01/27 19:07:44 | 000,153,193 | ---- | C] () -- C:\Users\Public\Documents\gidget 5.png
[2012/01/27 19:02:42 | 000,219,072 | ---- | C] () -- C:\Users\Public\Documents\1gidg.jpg
[2012/01/27 19:01:51 | 002,361,891 | ---- | C] () -- C:\Users\Public\Documents\storage dogs.zip
[2012/01/27 19:00:05 | 001,275,437 | ---- | C] () -- C:\Users\Public\Documents\poor amber derp.zip
[2012/01/27 18:59:41 | 000,137,614 | ---- | C] () -- C:\Users\Public\Documents\youre kidding me.png
[2012/01/27 18:59:38 | 000,122,305 | ---- | C] () -- C:\Users\Public\Documents\gidget hoagie.png
[2012/01/27 18:59:11 | 000,158,289 | ---- | C] () -- C:\Users\Public\Documents\how did that get inyour mouth.png
[2012/01/27 18:59:06 | 000,096,744 | ---- | C] () -- C:\Users\Public\Documents\amber says nothing.png
[2012/01/27 18:58:37 | 000,090,866 | ---- | C] () -- C:\Users\Public\Documents\gidget says shutup.png
[2012/01/27 18:57:58 | 000,082,973 | ---- | C] () -- C:\Users\Public\Documents\this is the face of a dog who just got hit on the head by a water bottle.png
[2012/01/27 18:57:54 | 000,158,604 | ---- | C] () -- C:\Users\Public\Documents\amber_belly.png
[2012/01/26 08:34:43 | 000,417,879 | ---- | C] () -- C:\Users\Ani\Desktop\lootz.png
[2012/01/26 06:07:00 | 000,013,963 | ---- | C] () -- C:\Users\Ani\.recently-used.xbel
[2012/01/25 01:23:13 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2012/01/25 01:23:12 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Majesty.exe.lnk
[2012/01/25 01:23:12 | 000,002,369 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to MajX.exe.lnk
[2012/01/25 01:22:36 | 000,673,325 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_018.png
[2012/01/24 22:45:32 | 000,530,763 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_017.png
[2012/01/21 22:32:31 | 002,102,841 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_016.png
[2012/01/21 22:32:28 | 002,179,901 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_015.png
[2012/01/21 22:32:26 | 000,485,319 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_014.png
[2012/01/21 22:32:24 | 000,453,072 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_013.png
[2012/01/21 20:02:22 | 000,002,380 | ---- | C] () -- C:\Users\Ani\Documents\MumbleAutomaticCertificateBackup.p12
[2012/01/21 19:52:12 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/01/21 19:28:09 | 001,229,082 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_011.png
[2012/01/21 19:27:33 | 002,174,747 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_012.png
[2012/01/20 14:19:28 | 000,046,546 | ---- | C] () -- C:\Users\Ani\Desktop\Spoutcraft (3).jar
[2012/01/17 07:12:18 | 000,000,567 | ---- | C] () -- C:\Users\Public\Documents\Waiting Trades.rtf
[2012/01/15 22:34:20 | 000,039,493 | ---- | C] () -- C:\Users\Public\Documents\awesomes.m3u
[2012/01/14 16:30:54 | 000,000,193 | ---- | C] () -- C:\Users\Public\Documents\pwddd.rtf
[2012/01/04 07:17:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/24 03:54:17 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\T7JW2yT2c.com
[2011/11/15 10:54:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\FJoWkW.dat
[2011/10/17 05:30:21 | 000,000,091 | ---- | C] () -- C:\Users\Ani\AppData\Local\fusioncache.dat
[2011/10/16 19:42:43 | 000,786,614 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/05 06:21:58 | 000,233,472 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2011/09/30 04:47:40 | 000,000,024 | ---- | C] () -- C:\windows\SysWow64\sysogg.dll
[2011/09/26 15:45:52 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/09/22 09:08:56 | 003,902,976 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2011/09/01 14:46:06 | 000,123,752 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/09/01 14:26:01 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
[2011/09/01 14:26:00 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
[2011/09/01 14:01:36 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/31 20:10:39 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/31 18:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 18:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/22 11:07:48 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/08/22 11:07:02 | 000,158,208 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011/08/22 11:07:00 | 000,259,584 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011/08/22 11:06:30 | 001,524,224 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011/08/22 11:06:30 | 000,211,456 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011/08/22 11:06:30 | 000,097,280 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011/08/22 11:06:28 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011/08/22 11:06:28 | 000,113,664 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011/08/22 11:06:26 | 000,145,920 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011/08/22 11:06:26 | 000,136,704 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011/08/11 03:02:51 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/08/01 18:30:08 | 000,000,285 | ---- | C] () -- C:\windows\EReg072.dat
[2011/07/26 02:50:55 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\basefileauto.exe
[2011/07/23 16:26:27 | 000,000,120 | ---- | C] () -- C:\Users\Ani\AppData\Local\Epuheyeguw.dat
[2011/07/23 16:26:27 | 000,000,000 | ---- | C] () -- C:\Users\Ani\AppData\Local\Qqubum.bin
[2011/07/06 22:16:28 | 000,012,288 | ---- | C] () -- C:\Users\Ani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 05:42:50 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/05/22 23:46:30 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/04/28 01:43:03 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/04/10 18:04:11 | 000,000,020 | ---- | C] () -- C:\windows\SysWow64\EDAT.INI
[2011/04/07 02:23:51 | 000,117,864 | ---- | C] () -- C:\windows\SysWow64\863a40e9.exe
[2011/04/07 02:23:48 | 000,053,723 | ---- | C] () -- C:\windows\SysWow64\oedhtcyhjip.exe
[2011/03/20 21:13:39 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2011/03/19 02:16:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/06 20:50:36 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/03/06 20:25:44 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/03/03 03:40:08 | 000,150,528 | ---- | C] () -- C:\windows\SysWow64\mkx.dll
[2011/03/03 03:39:56 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\avi.dll
[2011/03/03 03:39:46 | 000,141,824 | ---- | C] () -- C:\windows\SysWow64\mp4.dll
[2011/03/03 03:39:34 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\ogm.dll
[2011/03/03 03:39:02 | 000,113,152 | ---- | C] () -- C:\windows\SysWow64\dsmux.exe
[2011/03/03 03:38:54 | 000,154,112 | ---- | C] () -- C:\windows\SysWow64\ts.dll
[2011/03/03 03:38:40 | 000,249,856 | ---- | C] () -- C:\windows\SysWow64\dxr.dll
[2011/03/03 03:38:10 | 000,097,792 | ---- | C] () -- C:\windows\SysWow64\avs.dll
[2011/03/03 03:38:04 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\mkv2vfr.exe
[2011/03/03 03:37:50 | 000,093,184 | ---- | C] () -- C:\windows\SysWow64\avss.dll
[2011/03/03 03:37:40 | 000,358,400 | ---- | C] () -- C:\windows\SysWow64\gdsmux.exe
[2011/03/03 03:35:32 | 000,080,384 | ---- | C] () -- C:\windows\SysWow64\mkzlib.dll
[2011/03/03 03:35:26 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\mkunicode.dll
[2011/01/19 06:16:55 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2011/01/17 16:15:41 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/01/17 16:09:45 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011/01/17 16:09:45 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/11/19 02:22:29 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2010/08/18 11:56:38 | 000,000,151 | ---- | C] () -- C:\windows\SysWow64\Registration.ini
[2009/08/11 13:21:26 | 000,087,552 | ---- | C] () -- C:\windows\SysWow64\ac3config.exe
[2009/08/11 13:21:20 | 001,021,440 | ---- | C] () -- C:\windows\SysWow64\ac3filter_intl.dll
[2009/07/26 13:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2006/03/03 20:52:00 | 000,088,576 | ---- | C] () -- C:\windows\SysWow64\OptimFROG.dll

========== LOP Check ==========

[2012/01/20 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.minecraft
[2011/12/23 08:41:10 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.purple
[2012/02/03 02:25:33 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.spoutcraft
[2011/09/02 06:18:11 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.spoutcraftLogs
[2012/01/20 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\92B98
[2011/12/10 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\AtomZombieData
[2012/02/01 09:19:18 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Audacity
[2011/12/30 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Avnex
[2011/09/23 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Blender Foundation
[2011/12/13 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Braid
[2011/08/11 03:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Broken Rules
[2011/09/01 14:45:08 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\com.w3i.fliptoast
[2011/08/08 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Crayon Physics Deluxe
[2011/08/01 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DAEMON Tools Lite
[2011/09/19 12:32:57 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DAZ 3D
[2011/11/18 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DqjYCekIVzNx0c2
[2011/10/18 07:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DriverCure
[2011/03/25 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DVDVideoSoft
[2011/09/26 14:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Dyyno
[2011/09/01 14:04:43 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Exent Technologies
[2012/02/05 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ExodusViewer
[2011/11/16 02:18:33 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Firestorm
[2012/01/14 11:04:00 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\foobar2000
[2012/02/11 21:59:53 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ftate5ic
[2012/01/25 00:46:20 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\GetRightToGo
[2011/07/13 06:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\go
[2011/11/15 01:02:43 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\GpnnGG5aQH
[2012/01/26 06:07:00 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\gtk-2.0
[2011/10/08 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\IMVU
[2011/09/14 11:38:02 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\IMVUClient
[2011/11/15 01:02:44 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\k0uuccS1ibD
[2012/02/09 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Mumble
[2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\nDDD33onG4am6sJ
[2011/05/11 02:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\OpenOffice.org
[2011/07/20 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Paltalk
[2011/11/18 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\pbD3pnG4aHsKfLg
[2011/10/18 07:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\PC Unleashed Online
[2012/02/12 11:45:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Raptr
[2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\rfffELL8gTZq
[2011/09/19 13:03:30 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Screaming Bee
[2011/12/14 20:24:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ScummVM
[2012/02/06 14:54:48 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\SecondLife
[2011/03/14 01:02:17 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Subversion
[2011/04/28 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\SystemRequirementsLab
[2011/06/27 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\TeamViewer
[2012/02/09 19:54:25 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ThuumicShouter
[2011/11/18 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\TqqjjYCeekVrzNt
[2012/02/12 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\uTorrent
[2011/11/15 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vAA00uvS2ibFpn5
[2011/11/15 01:02:37 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vrrrzPPNyxA1vSo
[2011/09/01 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\W3i, LLC
[2011/09/06 04:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Windows Live Writer
[2012/02/10 04:08:39 | 000,000,420 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Defrag.job
[2012/02/11 18:00:00 | 000,000,496 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Registration3.job
[2012/02/08 02:46:02 | 000,000,458 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Update Version3.job
[2012/02/12 08:40:10 | 000,000,402 | ---- | M] () -- C:\windows\Tasks\PC Unleashed.job
[2012/01/31 03:04:21 | 000,032,572 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by SkittleServal, 12 February 2012 - 02:12 PM.

  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, SkittleServal! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for SkittleServal only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Whilst I review your log, please do the following:


Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • aswMBR.txt

  • 0

#4
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the quick reply, Nedklaw :) I've read and understand the instructions. I've been refraining from installing any new applications or making any new downloads since I posted the topic, and will continue to do so until we're done. Thanks in advance for the assistance.

Edit: Oop! crossed posts. Continuing to follow instructions though :)

Edited by SkittleServal, 12 February 2012 - 04:09 PM.

  • 0

#5
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
After downloading aswMBR.exe to my desktop, running it, and downloading the avast database after being prompted to - the program did not initiate a scan immediately after downloading, so I clicked the scan button once more. My computer immediately did a physical memory dump and restarted. I decided it'd probably be best to report this and wait for further instructions than to attempt the same right away.
  • 0

#6
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Thanks for letting me know, I should have a reply for you tomorrow.

Night.
  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 2

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 3

If you have Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    MOD - [2012/02/04 09:55:05 | 000,186,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Temp\javaw.exe
    IE - HKCU\..\URLSearchHook: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63919
    FF - prefs.js..network.proxy.http_port: 63919
    FF - prefs.js..network.proxy.type: 1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98}: C:\Users\Ani\AppData\Local\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} [2011/07/23 16:26:26 | 000,000,000 | ---D | M]
    CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
    O2 - BHO: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
    O2 - BHO: (Shop to Win) - {27376903-C3DA-492B-9622-E4AB4DEBBE54} - C:\Program Files (x86)\Shop to Win 6\Shop to Win 6.dll (Shop To Win, LLC)
    O2 - BHO: (SocialRibbons) - {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll ()
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [2pyup3hk1m32xuuboy5nh00u] C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe (31xspipavenoaktr1nua1mkv)
    O4 - HKCU..\Run: [MSE] C:\Users\Ani\AppData\Local\Temp\javaw.exe ()
    O4 - HKCU..\Run: [skype] C:\Users\Ani\AppData\Local\Temp\wlm.exe ()
    O4 - HKCU..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Windows™ Updater] C:\Users\Ani\AppData\Local\Temp\smtp.gmail.com.exe ()
    O4 - HKCU..\Run: [WindowsFireWall] C:\Users\Ani\AppData\Local\Temp\/WindowsFireWall.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Windows Defender = C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell - "" = AutoRun
    O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell\AutoRun\command - "" = F:\check.exe
    [2012/02/11 21:59:53 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ftate5ic
    [2012/02/04 09:55:07 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\PA0JUCWE4F.exe
    [2012/02/04 04:12:32 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\0PKUZJ8NR3.exe
    [2012/02/07 16:56:24 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\xcghmwou.exe
    [2012/02/07 15:25:27 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dlw45npm.exe
    [2012/02/07 15:04:28 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\h0c0kvqd.exe
    [2012/02/07 14:54:04 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dwt4ocr2.exe
    [2012/02/07 14:53:54 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\ygxdw10j.exe
    [2012/02/07 14:50:47 | 000,166,400 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\rjiatatj.exe
    [2012/02/06 02:17:24 | 000,032,896 | ---- | M] () -- C:\tmp_sshot.dds
    [2011/12/24 03:54:17 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\T7JW2yT2c.com
    [2011/11/15 10:54:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\FJoWkW.dat
    [2011/07/26 02:50:55 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\basefileauto.exe
    [2011/07/23 16:26:27 | 000,000,120 | ---- | C] () -- C:\Users\Ani\AppData\Local\Epuheyeguw.dat
    [2011/07/23 16:26:27 | 000,000,000 | ---- | C] () -- C:\Users\Ani\AppData\Local\Qqubum.bin
    [2011/04/07 02:23:51 | 000,117,864 | ---- | C] () -- C:\windows\SysWow64\863a40e9.exe
    [2011/04/07 02:23:48 | 000,053,723 | ---- | C] () -- C:\windows\SysWow64\oedhtcyhjip.exe
    [2012/01/20 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\92B98
    [2011/11/18 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DqjYCekIVzNx0c2
    [2011/11/15 01:02:43 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\GpnnGG5aQH
    [2011/11/15 01:02:44 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\k0uuccS1ibD
    [2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\nDDD33onG4am6sJ
    [2011/11/18 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\pbD3pnG4aHsKfLg
    [2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\rfffELL8gTZq
    [2011/11/18 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\TqqjjYCeekVrzNt
    [2011/11/15 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vAA00uvS2ibFpn5
    [2011/11/15 01:02:37 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vrrrzPPNyxA1vSo
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    
    :Files
    C:\Users\Ani\AppData\Local\Temp\csc.exe
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 5

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 6

  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.


Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.


Things I want to see in your next reply

  • GooredFix.txt
  • OTL Fix Log
  • OTL.txt
  • ComboFix.txt
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • A screenshot of the Disk Management Window

  • 0

#8
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello

I followed steps 1 and 2 all the way through, but after pasting the code in the appropriate area of OTL, I was given a message (Which unfortunately was closed before I could memorize or screenshot) Along the lines of the program being unable to edit a host file? I've inclinded the log from step #2 in this post, but am holding off on continuing or closing OTL (Which currently says Resetting host files.. DO NOT INTERRUPT) until I have further instruction. OTL doesn't appear to be doing anything right this moment.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:19 on 13/02/2012 (Ani)
Firefox version 8.0 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} -> Success!
Deleting C:\Users\Ani\AppData\Local\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:25 14/11/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [01:28 11/01/2012]

C:\Users\Ani\Application Data\Mozilla\Firefox\Profiles\925ffmb8.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f} [17:26 10/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [09:52 08/06/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [09:52 08/06/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [06:45 31/08/2011]

-=E.O.F=-
  • 0

#9
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Try the following OTL fix instead:

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    MOD - [2012/02/04 09:55:05 | 000,186,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Temp\javaw.exe
    IE - HKCU\..\URLSearchHook: {8b85c843-7f6f-32b4-e50d-ac334058fe0c} - C:\Program Files (x86)\SocialRibbons\Helper.dll ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63919
    FF - prefs.js..network.proxy.http_port: 63919
    FF - prefs.js..network.proxy.type: 1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98}: C:\Users\Ani\AppData\Local\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} [2011/07/23 16:26:26 | 000,000,000 | ---D | M]
    CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
    O2 - BHO: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
    O2 - BHO: (Shop to Win) - {27376903-C3DA-492B-9622-E4AB4DEBBE54} - C:\Program Files (x86)\Shop to Win 6\Shop to Win 6.dll (Shop To Win, LLC)
    O2 - BHO: (SocialRibbons) - {4BE60886-F6AA-4714-8109-EA6D8247DD57} - C:\Program Files (x86)\SocialRibbons\Toolbar.dll ()
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Popstiko Toolbar) - {1804df53-dda6-487d-97ae-9184ba62818d} - C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [2pyup3hk1m32xuuboy5nh00u] C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe (31xspipavenoaktr1nua1mkv)
    O4 - HKCU..\Run: [MSE] C:\Users\Ani\AppData\Local\Temp\javaw.exe ()
    O4 - HKCU..\Run: [skype] C:\Users\Ani\AppData\Local\Temp\wlm.exe ()
    O4 - HKCU..\Run: [Windows Defender] C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Windows™ Updater] C:\Users\Ani\AppData\Local\Temp\smtp.gmail.com.exe ()
    O4 - HKCU..\Run: [WindowsFireWall] C:\Users\Ani\AppData\Local\Temp\/WindowsFireWall.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Windows Defender = C:\Users\Ani\AppData\Roaming\cbc.exe (Microsoft Corporation)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell - "" = AutoRun
    O33 - MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\Shell\AutoRun\command - "" = F:\check.exe
    [2012/02/11 21:59:53 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ftate5ic
    [2012/02/04 09:55:07 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\PA0JUCWE4F.exe
    [2012/02/04 04:12:32 | 000,032,064 | ---- | C] (Microsoft Corporation) -- C:\Users\Ani\AppData\Roaming\0PKUZJ8NR3.exe
    [2012/02/07 16:56:24 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\xcghmwou.exe
    [2012/02/07 15:25:27 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dlw45npm.exe
    [2012/02/07 15:04:28 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\h0c0kvqd.exe
    [2012/02/07 14:54:04 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\dwt4ocr2.exe
    [2012/02/07 14:53:54 | 000,036,864 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\ygxdw10j.exe
    [2012/02/07 14:50:47 | 000,166,400 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\rjiatatj.exe
    [2012/02/06 02:17:24 | 000,032,896 | ---- | M] () -- C:\tmp_sshot.dds
    [2011/12/24 03:54:17 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\T7JW2yT2c.com
    [2011/11/15 10:54:33 | 000,000,112 | ---- | C] () -- C:\ProgramData\FJoWkW.dat
    [2011/07/26 02:50:55 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\basefileauto.exe
    [2011/07/23 16:26:27 | 000,000,120 | ---- | C] () -- C:\Users\Ani\AppData\Local\Epuheyeguw.dat
    [2011/07/23 16:26:27 | 000,000,000 | ---- | C] () -- C:\Users\Ani\AppData\Local\Qqubum.bin
    [2011/04/07 02:23:51 | 000,117,864 | ---- | C] () -- C:\windows\SysWow64\863a40e9.exe
    [2011/04/07 02:23:48 | 000,053,723 | ---- | C] () -- C:\windows\SysWow64\oedhtcyhjip.exe
    [2012/01/20 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\92B98
    [2011/11/18 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DqjYCekIVzNx0c2
    [2011/11/15 01:02:43 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\GpnnGG5aQH
    [2011/11/15 01:02:44 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\k0uuccS1ibD
    [2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\nDDD33onG4am6sJ
    [2011/11/18 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\pbD3pnG4aHsKfLg
    [2011/11/15 01:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\rfffELL8gTZq
    [2011/11/18 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\TqqjjYCeekVrzNt
    [2011/11/15 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vAA00uvS2ibFpn5
    [2011/11/15 01:02:37 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\vrrrzPPNyxA1vSo
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    
    :Files
    C:\Users\Ani\AppData\Local\Temp\csc.exe
    ipconfig /flushdns /c
    
    :Commands 
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run. There should be two (one for the first fix and one for this fix).
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8b85c843-7f6f-32b4-e50d-ac334058fe0c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b85c843-7f6f-32b4-e50d-ac334058fe0c}\ not found.
File C:\Program Files (x86)\SocialRibbons\Helper.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 63919 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98}: C:\Users\Ani\AppData\Local\{F7366B4B-E083-4A43-A0F0-239EF9BE1C98} not found.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1804df53-dda6-487d-97ae-9184ba62818d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1804df53-dda6-487d-97ae-9184ba62818d}\ not found.
File C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27376903-C3DA-492B-9622-E4AB4DEBBE54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27376903-C3DA-492B-9622-E4AB4DEBBE54}\ not found.
File C:\Program Files (x86)\Shop to Win 6\Shop to Win 6.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BE60886-F6AA-4714-8109-EA6D8247DD57}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE60886-F6AA-4714-8109-EA6D8247DD57}\ not found.
File C:\Program Files (x86)\SocialRibbons\Toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ not found.
File C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1804df53-dda6-487d-97ae-9184ba62818d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1804df53-dda6-487d-97ae-9184ba62818d}\ not found.
File C:\Program Files (x86)\popstikotoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender not found.
File C:\Users\Ani\AppData\Roaming\cbc.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2pyup3hk1m32xuuboy5nh00u not found.
File C:\Users\Ani\AppData\Roaming\ftate5ic\1sahoqsc.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSE not found.
File C:\Users\Ani\AppData\Local\Temp\javaw.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\skype not found.
File C:\Users\Ani\AppData\Local\Temp\wlm.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender not found.
File C:\Users\Ani\AppData\Roaming\cbc.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows™ Updater not found.
File C:\Users\Ani\AppData\Local\Temp\smtp.gmail.com.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsFireWall not found.
File C:\Users\Ani\AppData\Local\Temp\/WindowsFireWall.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Windows Defender not found.
File C:\Users\Ani\AppData\Roaming\cbc.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da6a16da-b9cb-11e0-bab2-1078d2cd7787}\ not found.
File F:\check.exe not found.
Folder C:\Users\Ani\AppData\Roaming\ftate5ic\ not found.
File C:\Users\Ani\AppData\Roaming\PA0JUCWE4F.exe not found.
File C:\Users\Ani\AppData\Roaming\0PKUZJ8NR3.exe not found.
File C:\Users\Ani\AppData\Roaming\xcghmwou.exe not found.
File C:\Users\Ani\AppData\Roaming\dlw45npm.exe not found.
File C:\Users\Ani\AppData\Roaming\h0c0kvqd.exe not found.
File C:\Users\Ani\AppData\Roaming\dwt4ocr2.exe not found.
File C:\Users\Ani\AppData\Roaming\ygxdw10j.exe not found.
File C:\Users\Ani\AppData\Roaming\rjiatatj.exe not found.
File C:\tmp_sshot.dds not found.
File C:\windows\SysWow64\T7JW2yT2c.com not found.
File C:\ProgramData\FJoWkW.dat not found.
File C:\Program Files (x86)\basefileauto.exe not found.
File C:\Users\Ani\AppData\Local\Epuheyeguw.dat not found.
File C:\Users\Ani\AppData\Local\Qqubum.bin not found.
File C:\windows\SysWow64\863a40e9.exe not found.
File C:\windows\SysWow64\oedhtcyhjip.exe not found.
Folder C:\Users\Ani\AppData\Roaming\92B98\ not found.
Folder C:\Users\Ani\AppData\Roaming\DqjYCekIVzNx0c2\ not found.
Folder C:\Users\Ani\AppData\Roaming\GpnnGG5aQH\ not found.
Folder C:\Users\Ani\AppData\Roaming\k0uuccS1ibD\ not found.
Folder C:\Users\Ani\AppData\Roaming\nDDD33onG4am6sJ\ not found.
Folder C:\Users\Ani\AppData\Roaming\pbD3pnG4aHsKfLg\ not found.
Folder C:\Users\Ani\AppData\Roaming\rfffELL8gTZq\ not found.
Folder C:\Users\Ani\AppData\Roaming\TqqjjYCeekVrzNt\ not found.
Folder C:\Users\Ani\AppData\Roaming\vAA00uvS2ibFpn5\ not found.
Folder C:\Users\Ani\AppData\Roaming\vrrrzPPNyxA1vSo\ not found.
File/Folder C:\windows\*.tmp not found.
========== FILES ==========
File\Folder C:\Users\Ani\AppData\Local\Temp\csc.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ani\Desktop\AMW\cmd.bat deleted successfully.
C:\Users\Ani\Desktop\AMW\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ani
->Temp folder emptied: 250745821 bytes
->Temporary Internet Files folder emptied: 171687222 bytes
->Java cache emptied: 46580843 bytes
->FireFox cache emptied: 146760692 bytes
->Google Chrome cache emptied: 348381615 bytes
->Flash cache emptied: 379463 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35574739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 4180652428 bytes

Total Files Cleaned = 4,941.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_151722

Files\Folders moved on Reboot...
C:\Users\Ani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...








OTL logfile created on: 2/13/2012 3:41:34 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ani\Desktop\AMW
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.85 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 69.90% Memory free
15.70 Gb Paging File | 13.33 Gb Available in Paging File | 84.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 525.40 Gb Free Space | 57.97% Space Free | Partition Type: NTFS
Drive G: | 665.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 465.11 Gb Total Space | 348.95 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
Drive I: | 941.69 Mb Total Space | 842.78 Mb Free Space | 89.50% Space Free | Partition Type: FAT

Computer Name: ANI-PC | User Name: Ani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 11:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ani\Desktop\AMW\OTL.exe
PRC - [2012/02/08 15:50:56 | 000,043,944 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2012/02/08 15:50:54 | 000,065,448 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2012/02/07 13:18:30 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/12/21 07:01:38 | 001,242,448 | ---- | M] (Valve Corporation) -- H:\Programs\Steam\Steam.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/20 01:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/07/16 09:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/09 20:06:35 | 014,415,144 | ---- | M] () -- H:\Programs\Steam\bin\libcef.dll
MOD - [2012/02/09 20:06:34 | 000,914,216 | ---- | M] () -- H:\Programs\Steam\bin\avcodec-52.dll
MOD - [2012/02/09 20:06:34 | 000,857,896 | ---- | M] () -- H:\Programs\Steam\bin\chromehtml.dll
MOD - [2012/02/09 20:06:34 | 000,155,432 | ---- | M] () -- H:\Programs\Steam\bin\avformat-52.dll
MOD - [2012/02/09 20:06:34 | 000,091,432 | ---- | M] () -- H:\Programs\Steam\bin\avutil-50.dll
MOD - [2012/02/06 12:28:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
MOD - [2012/02/06 12:28:42 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012/02/06 12:28:34 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2012/01/27 00:49:31 | 000,429,040 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 00:49:29 | 003,772,912 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 00:48:06 | 000,122,880 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 00:48:05 | 000,222,208 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 00:48:03 | 001,746,944 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/26 21:41:13 | 008,593,056 | ---- | M] () -- C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2011/11/21 16:47:46 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2011/11/21 16:47:44 | 001,609,728 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2011/11/21 16:47:44 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2011/11/21 16:47:42 | 005,694,976 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2011/11/21 16:46:28 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2011/10/24 10:50:38 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Raptr\easyhook32.dll
MOD - [2011/10/24 10:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2011/10/10 20:52:14 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/09/08 15:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2011/09/08 15:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2011/09/08 15:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2011/09/08 15:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2011/09/08 15:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2011/09/08 15:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2011/09/08 15:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2011/09/08 15:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2011/09/08 15:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2011/09/08 15:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2011/09/08 15:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2011/09/08 15:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2011/02/15 10:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 10:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/22 15:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 14:57:36 | 002,042,368 | ---- | M] () -- C:\Program Files (x86)\Raptr\libtorrent.pyd
MOD - [2010/11/22 14:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 14:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 14:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 14:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 14:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 14:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 14:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll
MOD - [2010/11/22 14:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 14:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 14:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 14:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 14:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 14:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 14:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 14:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 14:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 14:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2009/07/16 09:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\KeyHook.dll
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/12/31 10:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/05 12:36:05 | 000,022,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV:64bit: - [2010/11/11 13:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 13:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 12:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/02/07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/04 19:55:08 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/31 10:20:38 | 000,415,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe -- (Dyyno Launcher)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/18 07:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/05 05:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 05:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 18:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/01 18:25:29 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/20 22:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/09/20 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/03/22 22:53:04 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
DRV:64bit: - [2009/12/01 14:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 13:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 18:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/11/22 08:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/12/18 09:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606387608-774257337-4196163694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-606387608-774257337-4196163694-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606387608-774257337-4196163694-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-606387608-774257337-4196163694-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@SparkplayMedia.com/Earth Eternal: C:\Users\Ani\Documents\Earth Eternal\Earth Eternal\npSparkPlayerNS.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ani\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ani\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/08 01:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/08 01:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/30 22:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/14 15:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/10 17:28:43 | 000,000,000 | ---D | M]

[2011/11/14 15:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ani\AppData\Roaming\Mozilla\Extensions
[2011/12/10 09:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\925ffmb8.default\extensions
[2011/12/10 09:26:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Ani\AppData\Roaming\Mozilla\Firefox\Profiles\925ffmb8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012/01/10 17:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/10 17:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ani\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Earth Eternal (Enabled) = C:\Users\Ani\Documents\Earth Eternal\Earth Eternal\npSparkPlayerNS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: DivX HiQ = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Fantapper = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
CHR - Extension: Gmail = C:\Users\Ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/19 03:12:00 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-606387608-774257337-4196163694-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-606387608-774257337-4196163694-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [NCsoft] File not found
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [Steam] H:\Programs\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-606387608-774257337-4196163694-1001..\Run: [Windows™ Updater] C:\Users\Ani\AppData\Local\Temp\smtp.gmail.com.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [Shockwave Updater] C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1160626.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [Shockwave Updater] C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1160626.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-606387608-774257337-4196163694-1001\..Trusted Domains: mabinogi.or.tl ([]https in Trusted sites)
O15 - HKU\S-1-5-21-606387608-774257337-4196163694-1001\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino....2010.05.24.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC4BD4D-D948-48EF-91EE-A114C86D30A1}: DhcpNameServer = 172.16.1.1 172.16.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C05C367-425E-4F1C-865C-4DFCECB7CD61}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{919082B8-F2AF-4D2B-8EDE-8F218E295C27}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B50468-3ED7-4023-92A2-CF68DD7872AD}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA3B474C-5248-4A19-AD88-1CCFAFE0E8B2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 14:44:07 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{da6a1841-b9cb-11e0-bab2-1078d2cd7787}\Shell - "" = AutoRun
O33 - MountPoints2\{da6a1841-b9cb-11e0-bab2-1078d2cd7787}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2010/07/29 14:22:16 | 004,203,808 | ---- | M] (Western Digital)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2010/07/29 14:22:16 | 004,203,808 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 14:22:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/13 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\GooredFix Backups
[2012/02/13 14:19:26 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Ani\Desktop\GooredFix.exe
[2012/02/13 14:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/02/13 14:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/02/13 14:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/02/12 14:10:13 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Ani\Desktop\aswMBR.exe
[2012/02/12 11:52:31 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\AMW
[2012/02/12 11:51:05 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/02/12 11:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/12 11:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/09 20:06:57 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2012/02/09 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/09 20:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/02/09 20:06:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/09 19:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ThuumicShouter
[2012/02/09 07:05:58 | 000,000,000 | ---D | C] -- C:\New folder
[2012/02/07 09:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThuumicShouter
[2012/02/06 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\Ani\Documents\majesty2
[2012/02/05 16:45:12 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\ExodusViewer
[2012/02/05 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Local\ExodusViewer
[2012/02/05 16:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exodus Viewer Beta
[2012/02/05 16:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExodusViewerBeta
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C
[2012/02/05 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C
[2012/01/31 04:49:17 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\alduins fos_data
[2012/01/31 04:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\Alduins yol_data
[2012/01/31 04:43:47 | 000,000,000 | ---D | C] -- C:\Users\Ani\Desktop\Alduin's shadow voice_data
[2012/01/27 19:22:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\gidget_you_creepy_puppy
[2012/01/27 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\gidgetandamber_withboy
[2012/01/27 19:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\storage dogs
[2012/01/27 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\poor amber derp
[2012/01/25 01:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2012/01/25 01:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2012/01/25 00:45:54 | 000,000,000 | ---D | C] -- C:\Users\Ani\Documents\Downloads
[2012/01/21 19:52:33 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Roaming\Mumble
[2012/01/21 19:52:32 | 000,000,000 | ---D | C] -- C:\Users\Ani\AppData\Local\Mumble
[2012/01/21 19:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/01/21 19:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/01/16 14:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ecchi-RO Naked
[2012/01/16 14:21:18 | 000,000,000 | ---D | C] -- C:\Ecchi-RO

========== Files - Modified Within 30 Days ==========

[2012/02/13 15:36:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 15:31:30 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 15:31:30 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 15:30:18 | 000,792,890 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/02/13 15:30:18 | 000,669,210 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/02/13 15:30:18 | 000,125,396 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/02/13 15:24:26 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 15:24:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/13 15:24:03 | 2028,277,759 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 15:23:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-606387608-774257337-4196163694-1001UA.job
[2012/02/13 15:01:55 | 000,000,024 | ---- | M] () -- C:\Users\Ani\jagexappletviewer.preferences
[2012/02/13 15:01:15 | 000,000,040 | ---- | M] () -- C:\Users\Ani\jagex_cl_runescape_LIVE.dat
[2012/02/13 14:21:48 | 000,457,734 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\Java
[2012/02/13 14:19:21 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Ani\Desktop\GooredFix.exe
[2012/02/13 14:17:21 | 000,823,346 | ---- | M] () -- C:\Users\Ani\Desktop\USBVaccine.zip
[2012/02/13 08:41:05 | 000,000,398 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ani.job
[2012/02/12 18:00:00 | 000,000,496 | ---- | M] () -- C:\windows\tasks\PC Unleashed Registration3.job
[2012/02/12 16:23:00 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-606387608-774257337-4196163694-1001Core.job
[2012/02/12 14:12:52 | 689,869,768 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/12 14:10:48 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Ani\Desktop\aswMBR.exe
[2012/02/12 11:50:50 | 000,001,104 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 11:50:45 | 000,000,924 | ---- | M] () -- C:\Users\Ani\Desktop\NTREGOPT.lnk
[2012/02/12 11:50:45 | 000,000,905 | ---- | M] () -- C:\Users\Ani\Desktop\ERUNT.lnk
[2012/02/12 08:40:10 | 000,000,402 | ---- | M] () -- C:\windows\tasks\PC Unleashed.job
[2012/02/10 04:08:39 | 000,000,420 | ---- | M] () -- C:\windows\tasks\PC Unleashed Defrag.job
[2012/02/09 20:05:58 | 000,320,640 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/02/09 20:04:17 | 000,514,183 | ---- | M] () -- C:\Users\Ani\AppData\Roaming\key
[2012/02/09 19:54:25 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\ThuumicShouter.lnk
[2012/02/09 05:23:43 | 000,002,349 | ---- | M] () -- C:\Users\Ani\Desktop\Google Chrome.lnk
[2012/02/08 08:14:41 | 000,000,211 | ---- | M] () -- C:\Users\Ani\Desktop\Creation Kit.url
[2012/02/08 02:46:02 | 000,000,458 | ---- | M] () -- C:\windows\tasks\PC Unleashed Update Version3.job
[2012/02/06 16:06:43 | 001,399,109 | ---- | M] () -- C:\Users\Ani\Desktop\CrescentJulian.png
[2012/02/06 11:16:51 | 000,707,487 | ---- | M] () -- C:\Users\Ani\Desktop\Dream.png
[2012/02/05 16:17:35 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/02/05 16:12:44 | 001,525,803 | ---- | M] () -- C:\Users\Public\Documents\Dark Dru_001.png
[2012/02/05 13:31:14 | 000,000,876 | ---- | M] () -- C:\Users\Ani\Desktop\Majesty 2.lnk
[2012/02/05 12:25:58 | 002,663,996 | ---- | M] () -- C:\Users\Public\Documents\uhm_001.png
[2012/01/31 04:49:17 | 000,001,342 | ---- | M] () -- C:\Users\Ani\Desktop\alduins fos.aup
[2012/01/31 04:49:09 | 000,166,796 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fo' Test.wav
[2012/01/31 04:47:11 | 000,228,556 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's Shadow 'Yol' Test.wav
[2012/01/31 04:46:19 | 000,001,340 | ---- | M] () -- C:\Users\Ani\Desktop\Alduins yol.aup
[2012/01/31 04:43:47 | 000,000,899 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow voice.aup
[2012/01/31 04:39:57 | 000,197,676 | ---- | M] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fus' Test.wav
[2012/01/31 04:23:49 | 000,395,360 | ---- | M] () -- C:\Users\Ani\Desktop\monstertest.wav
[2012/01/31 03:12:37 | 000,786,614 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/30 17:16:54 | 000,001,182 | ---- | M] () -- C:\Users\Ani\Desktop\ Mabinogi .lnk
[2012/01/30 05:20:06 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to MajX.exe.lnk
[2012/01/28 03:31:02 | 000,005,830 | ---- | M] () -- C:\Users\Public\Documents\New Skyrim Monsters Mod - Documentation.rtf
[2012/01/27 19:21:32 | 001,295,162 | ---- | M] () -- C:\Users\Public\Documents\gidget_you_creepy_puppy.zip
[2012/01/27 19:21:21 | 000,135,510 | ---- | M] () -- C:\Users\Public\Documents\Picture 13.png
[2012/01/27 19:21:19 | 000,139,469 | ---- | M] () -- C:\Users\Ani\Picture 14.png
[2012/01/27 19:21:18 | 000,110,503 | ---- | M] () -- C:\Users\Ani\Picture 15.png
[2012/01/27 19:21:14 | 000,138,366 | ---- | M] () -- C:\Users\Ani\Picture 8.png
[2012/01/27 19:21:14 | 000,122,068 | ---- | M] () -- C:\Users\Ani\Picture 9.png
[2012/01/27 19:21:13 | 000,132,947 | ---- | M] () -- C:\Users\Ani\Picture 7.png
[2012/01/27 19:12:10 | 000,187,140 | ---- | M] () -- C:\Users\Public\Documents\sleepyscruff.png
[2012/01/27 19:11:16 | 000,166,221 | ---- | M] () -- C:\Users\Public\Documents\omg epic face jerr.png
[2012/01/27 19:11:07 | 000,164,889 | ---- | M] () -- C:\Users\Ani\a boy with eyes full of character 2.png
[2012/01/27 19:11:06 | 000,145,402 | ---- | M] () -- C:\Users\Ani\a boy with eyes full of character1.png
[2012/01/27 19:11:04 | 000,147,660 | ---- | M] () -- C:\Users\Public\Documents\most_disatisfied_face_ever.png
[2012/01/27 19:09:13 | 000,167,792 | ---- | M] () -- C:\Users\Ani\goofball1.png
[2012/01/27 19:09:13 | 000,165,610 | ---- | M] () -- C:\Users\Ani\goofball2.png
[2012/01/27 19:08:40 | 000,109,595 | ---- | M] () -- C:\Users\Ani\gidget fluff x3.png
[2012/01/27 19:08:39 | 000,181,110 | ---- | M] () -- C:\Users\Ani\gidget on face 1.png
[2012/01/27 19:08:39 | 000,158,435 | ---- | M] () -- C:\Users\Ani\gidget on face 2.png
[2012/01/27 19:08:39 | 000,155,697 | ---- | M] () -- C:\Users\Ani\gidget8.png
[2012/01/27 19:08:39 | 000,154,501 | ---- | M] () -- C:\Users\Ani\gidgt attack1.png
[2012/01/27 19:08:39 | 000,152,600 | ---- | M] () -- C:\Users\Ani\gidget7.png
[2012/01/27 19:08:39 | 000,142,954 | ---- | M] () -- C:\Users\Ani\gidget2.png
[2012/01/27 19:08:39 | 000,134,673 | ---- | M] () -- C:\Users\Ani\gidget4.png
[2012/01/27 19:08:39 | 000,130,663 | ---- | M] () -- C:\Users\Ani\gidget on face 3.png
[2012/01/27 19:08:39 | 000,098,506 | ---- | M] () -- C:\Users\Ani\gidget like dead asleep.png
[2012/01/27 19:08:37 | 000,052,470 | ---- | M] () -- C:\Users\Ani\gidget1.png
[2012/01/27 19:07:49 | 000,544,900 | ---- | M] () -- C:\Users\Public\Documents\gidgetandamber_withboy.zip
[2012/01/27 19:07:46 | 000,153,193 | ---- | M] () -- C:\Users\Public\Documents\gidget 5.png
[2012/01/27 19:02:44 | 000,219,072 | ---- | M] () -- C:\Users\Public\Documents\1gidg.jpg
[2012/01/27 19:02:00 | 002,361,891 | ---- | M] () -- C:\Users\Public\Documents\storage dogs.zip
[2012/01/27 19:00:12 | 001,275,437 | ---- | M] () -- C:\Users\Public\Documents\poor amber derp.zip
[2012/01/27 18:59:44 | 000,137,614 | ---- | M] () -- C:\Users\Public\Documents\youre kidding me.png
[2012/01/27 18:59:39 | 000,122,305 | ---- | M] () -- C:\Users\Public\Documents\gidget hoagie.png
[2012/01/27 18:59:12 | 000,158,289 | ---- | M] () -- C:\Users\Public\Documents\how did that get inyour mouth.png
[2012/01/27 18:59:07 | 000,096,744 | ---- | M] () -- C:\Users\Public\Documents\amber says nothing.png
[2012/01/27 18:58:39 | 000,090,866 | ---- | M] () -- C:\Users\Public\Documents\gidget says shutup.png
[2012/01/27 18:57:58 | 000,082,973 | ---- | M] () -- C:\Users\Public\Documents\this is the face of a dog who just got hit on the head by a water bottle.png
[2012/01/27 18:57:56 | 000,158,604 | ---- | M] () -- C:\Users\Public\Documents\amber_belly.png
[2012/01/26 10:55:35 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/01/26 08:34:45 | 000,417,879 | ---- | M] () -- C:\Users\Ani\Desktop\lootz.png
[2012/01/26 06:07:00 | 000,013,963 | ---- | M] () -- C:\Users\Ani\.recently-used.xbel
[2012/01/25 01:23:13 | 000,000,000 | ---- | M] () -- C:\windows\PowerReg.dat
[2012/01/25 01:23:12 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Majesty.exe.lnk
[2012/01/25 01:22:49 | 000,673,325 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_018.png
[2012/01/24 22:45:44 | 000,530,763 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_017.png
[2012/01/21 22:33:57 | 002,102,841 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_016.png
[2012/01/21 22:33:51 | 002,179,901 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_015.png
[2012/01/21 22:32:48 | 000,485,319 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_014.png
[2012/01/21 22:32:37 | 000,453,072 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_013.png
[2012/01/21 20:02:22 | 000,002,380 | ---- | M] () -- C:\Users\Ani\Documents\MumbleAutomaticCertificateBackup.p12
[2012/01/21 19:52:12 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/01/21 19:28:34 | 001,229,082 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_011.png
[2012/01/21 19:28:13 | 002,174,747 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_012.png
[2012/01/20 19:17:11 | 001,551,307 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_008.png
[2012/01/20 14:19:29 | 000,046,546 | ---- | M] () -- C:\Users\Ani\Desktop\Spoutcraft (3).jar
[2012/01/18 23:44:31 | 001,649,157 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_006.png
[2012/01/18 21:23:54 | 001,721,098 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_003.png
[2012/01/18 21:23:13 | 001,255,433 | ---- | M] () -- C:\Users\Public\Documents\Snapshot_002.png
[2012/01/17 07:15:28 | 000,000,567 | ---- | M] () -- C:\Users\Public\Documents\Waiting Trades.rtf
[2012/01/15 22:34:20 | 000,039,493 | ---- | M] () -- C:\Users\Public\Documents\awesomes.m3u
[2012/01/14 16:30:54 | 000,000,193 | ---- | M] () -- C:\Users\Public\Documents\pwddd.rtf

========== Files Created - No Company Name ==========

[2012/02/13 14:17:20 | 000,823,346 | ---- | C] () -- C:\Users\Ani\Desktop\USBVaccine.zip
[2012/02/12 11:50:50 | 000,001,104 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/12 11:50:45 | 000,000,924 | ---- | C] () -- C:\Users\Ani\Desktop\NTREGOPT.lnk
[2012/02/12 11:50:45 | 000,000,905 | ---- | C] () -- C:\Users\Ani\Desktop\ERUNT.lnk
[2012/02/08 08:14:41 | 000,000,211 | ---- | C] () -- C:\Users\Ani\Desktop\Creation Kit.url
[2012/02/07 11:13:07 | 000,514,183 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\key
[2012/02/07 09:57:31 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\ThuumicShouter.lnk
[2012/02/06 16:06:33 | 001,399,109 | ---- | C] () -- C:\Users\Ani\Desktop\CrescentJulian.png
[2012/02/06 11:16:45 | 000,707,487 | ---- | C] () -- C:\Users\Ani\Desktop\Dream.png
[2012/02/05 16:17:35 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Exodus Viewer Beta.lnk
[2012/02/05 16:11:50 | 001,525,803 | ---- | C] () -- C:\Users\Public\Documents\Dark Dru_001.png
[2012/02/05 13:31:14 | 000,000,876 | ---- | C] () -- C:\Users\Ani\Desktop\Majesty 2.lnk
[2012/02/05 12:25:10 | 002,663,996 | ---- | C] () -- C:\Users\Public\Documents\uhm_001.png
[2012/02/04 04:13:02 | 000,457,734 | ---- | C] () -- C:\Users\Ani\AppData\Roaming\Java
[2012/01/31 04:49:17 | 000,001,342 | ---- | C] () -- C:\Users\Ani\Desktop\alduins fos.aup
[2012/01/31 04:49:09 | 000,166,796 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fo' Test.wav
[2012/01/31 04:46:30 | 000,228,556 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's Shadow 'Yol' Test.wav
[2012/01/31 04:46:19 | 000,001,340 | ---- | C] () -- C:\Users\Ani\Desktop\Alduins yol.aup
[2012/01/31 04:43:47 | 000,000,899 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow voice.aup
[2012/01/31 04:35:35 | 000,197,676 | ---- | C] () -- C:\Users\Ani\Desktop\Alduin's shadow 'Fus' Test.wav
[2012/01/31 04:23:49 | 000,395,360 | ---- | C] () -- C:\Users\Ani\Desktop\monstertest.wav
[2012/01/27 20:11:44 | 000,005,830 | ---- | C] () -- C:\Users\Public\Documents\New Skyrim Monsters Mod - Documentation.rtf
[2012/01/27 19:21:22 | 001,295,162 | ---- | C] () -- C:\Users\Public\Documents\gidget_you_creepy_puppy.zip
[2012/01/27 19:21:19 | 000,135,510 | ---- | C] () -- C:\Users\Public\Documents\Picture 13.png
[2012/01/27 19:21:16 | 000,139,469 | ---- | C] () -- C:\Users\Ani\Picture 14.png
[2012/01/27 19:21:16 | 000,110,503 | ---- | C] () -- C:\Users\Ani\Picture 15.png
[2012/01/27 19:21:12 | 000,138,366 | ---- | C] () -- C:\Users\Ani\Picture 8.png
[2012/01/27 19:21:12 | 000,132,947 | ---- | C] () -- C:\Users\Ani\Picture 7.png
[2012/01/27 19:21:12 | 000,122,068 | ---- | C] () -- C:\Users\Ani\Picture 9.png
[2012/01/27 19:12:09 | 000,187,140 | ---- | C] () -- C:\Users\Public\Documents\sleepyscruff.png
[2012/01/27 19:11:14 | 000,166,221 | ---- | C] () -- C:\Users\Public\Documents\omg epic face jerr.png
[2012/01/27 19:11:05 | 000,164,889 | ---- | C] () -- C:\Users\Ani\a boy with eyes full of character 2.png
[2012/01/27 19:11:05 | 000,145,402 | ---- | C] () -- C:\Users\Ani\a boy with eyes full of character1.png
[2012/01/27 19:11:02 | 000,147,660 | ---- | C] () -- C:\Users\Public\Documents\most_disatisfied_face_ever.png
[2012/01/27 19:09:11 | 000,167,792 | ---- | C] () -- C:\Users\Ani\goofball1.png
[2012/01/27 19:09:11 | 000,165,610 | ---- | C] () -- C:\Users\Ani\goofball2.png
[2012/01/27 19:08:36 | 000,181,110 | ---- | C] () -- C:\Users\Ani\gidget on face 1.png
[2012/01/27 19:08:36 | 000,158,435 | ---- | C] () -- C:\Users\Ani\gidget on face 2.png
[2012/01/27 19:08:36 | 000,155,697 | ---- | C] () -- C:\Users\Ani\gidget8.png
[2012/01/27 19:08:36 | 000,154,501 | ---- | C] () -- C:\Users\Ani\gidgt attack1.png
[2012/01/27 19:08:36 | 000,152,600 | ---- | C] () -- C:\Users\Ani\gidget7.png
[2012/01/27 19:08:36 | 000,142,954 | ---- | C] () -- C:\Users\Ani\gidget2.png
[2012/01/27 19:08:36 | 000,134,673 | ---- | C] () -- C:\Users\Ani\gidget4.png
[2012/01/27 19:08:36 | 000,130,663 | ---- | C] () -- C:\Users\Ani\gidget on face 3.png
[2012/01/27 19:08:36 | 000,109,595 | ---- | C] () -- C:\Users\Ani\gidget fluff x3.png
[2012/01/27 19:08:36 | 000,098,506 | ---- | C] () -- C:\Users\Ani\gidget like dead asleep.png
[2012/01/27 19:08:36 | 000,052,470 | ---- | C] () -- C:\Users\Ani\gidget1.png
[2012/01/27 19:07:46 | 000,544,900 | ---- | C] () -- C:\Users\Public\Documents\gidgetandamber_withboy.zip
[2012/01/27 19:07:44 | 000,153,193 | ---- | C] () -- C:\Users\Public\Documents\gidget 5.png
[2012/01/27 19:02:42 | 000,219,072 | ---- | C] () -- C:\Users\Public\Documents\1gidg.jpg
[2012/01/27 19:01:51 | 002,361,891 | ---- | C] () -- C:\Users\Public\Documents\storage dogs.zip
[2012/01/27 19:00:05 | 001,275,437 | ---- | C] () -- C:\Users\Public\Documents\poor amber derp.zip
[2012/01/27 18:59:41 | 000,137,614 | ---- | C] () -- C:\Users\Public\Documents\youre kidding me.png
[2012/01/27 18:59:38 | 000,122,305 | ---- | C] () -- C:\Users\Public\Documents\gidget hoagie.png
[2012/01/27 18:59:11 | 000,158,289 | ---- | C] () -- C:\Users\Public\Documents\how did that get inyour mouth.png
[2012/01/27 18:59:06 | 000,096,744 | ---- | C] () -- C:\Users\Public\Documents\amber says nothing.png
[2012/01/27 18:58:37 | 000,090,866 | ---- | C] () -- C:\Users\Public\Documents\gidget says shutup.png
[2012/01/27 18:57:58 | 000,082,973 | ---- | C] () -- C:\Users\Public\Documents\this is the face of a dog who just got hit on the head by a water bottle.png
[2012/01/27 18:57:54 | 000,158,604 | ---- | C] () -- C:\Users\Public\Documents\amber_belly.png
[2012/01/26 08:34:43 | 000,417,879 | ---- | C] () -- C:\Users\Ani\Desktop\lootz.png
[2012/01/26 06:07:00 | 000,013,963 | ---- | C] () -- C:\Users\Ani\.recently-used.xbel
[2012/01/25 01:23:13 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2012/01/25 01:23:12 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Majesty.exe.lnk
[2012/01/25 01:23:12 | 000,002,369 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to MajX.exe.lnk
[2012/01/25 01:22:36 | 000,673,325 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_018.png
[2012/01/24 22:45:32 | 000,530,763 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_017.png
[2012/01/21 22:32:31 | 002,102,841 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_016.png
[2012/01/21 22:32:28 | 002,179,901 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_015.png
[2012/01/21 22:32:26 | 000,485,319 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_014.png
[2012/01/21 22:32:24 | 000,453,072 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_013.png
[2012/01/21 20:02:22 | 000,002,380 | ---- | C] () -- C:\Users\Ani\Documents\MumbleAutomaticCertificateBackup.p12
[2012/01/21 19:52:12 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/01/21 19:28:09 | 001,229,082 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_011.png
[2012/01/21 19:27:33 | 002,174,747 | ---- | C] () -- C:\Users\Public\Documents\Snapshot_012.png
[2012/01/20 14:19:28 | 000,046,546 | ---- | C] () -- C:\Users\Ani\Desktop\Spoutcraft (3).jar
[2012/01/17 07:12:18 | 000,000,567 | ---- | C] () -- C:\Users\Public\Documents\Waiting Trades.rtf
[2012/01/15 22:34:20 | 000,039,493 | ---- | C] () -- C:\Users\Public\Documents\awesomes.m3u
[2012/01/14 16:30:54 | 000,000,193 | ---- | C] () -- C:\Users\Public\Documents\pwddd.rtf
[2012/01/04 07:17:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/10/17 05:30:21 | 000,000,091 | ---- | C] () -- C:\Users\Ani\AppData\Local\fusioncache.dat
[2011/10/16 19:42:43 | 000,786,614 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/05 06:21:58 | 000,233,472 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2011/09/30 04:47:40 | 000,000,024 | ---- | C] () -- C:\windows\SysWow64\sysogg.dll
[2011/09/26 15:45:52 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/09/22 09:08:56 | 003,902,976 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2011/09/01 14:46:06 | 000,123,752 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/09/01 14:26:01 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
[2011/09/01 14:26:00 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
[2011/09/01 14:01:36 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/31 20:10:39 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/31 18:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/08/31 18:46:00 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/08/22 11:07:48 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/08/22 11:07:02 | 000,158,208 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011/08/22 11:07:00 | 000,259,584 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011/08/22 11:06:30 | 001,524,224 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011/08/22 11:06:30 | 000,211,456 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011/08/22 11:06:30 | 000,097,280 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011/08/22 11:06:28 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011/08/22 11:06:28 | 000,113,664 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011/08/22 11:06:26 | 000,145,920 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011/08/22 11:06:26 | 000,136,704 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011/08/11 03:02:51 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/08/01 18:30:08 | 000,000,285 | ---- | C] () -- C:\windows\EReg072.dat
[2011/07/06 22:16:28 | 000,012,288 | ---- | C] () -- C:\Users\Ani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 05:42:50 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/05/22 23:46:30 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/04/28 01:43:03 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/04/10 18:04:11 | 000,000,020 | ---- | C] () -- C:\windows\SysWow64\EDAT.INI
[2011/03/20 21:13:39 | 000,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2011/03/19 02:16:26 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/06 20:50:36 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/03/06 20:25:44 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/03/03 03:40:08 | 000,150,528 | ---- | C] () -- C:\windows\SysWow64\mkx.dll
[2011/03/03 03:39:56 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\avi.dll
[2011/03/03 03:39:46 | 000,141,824 | ---- | C] () -- C:\windows\SysWow64\mp4.dll
[2011/03/03 03:39:34 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\ogm.dll
[2011/03/03 03:39:02 | 000,113,152 | ---- | C] () -- C:\windows\SysWow64\dsmux.exe
[2011/03/03 03:38:54 | 000,154,112 | ---- | C] () -- C:\windows\SysWow64\ts.dll
[2011/03/03 03:38:40 | 000,249,856 | ---- | C] () -- C:\windows\SysWow64\dxr.dll
[2011/03/03 03:38:10 | 000,097,792 | ---- | C] () -- C:\windows\SysWow64\avs.dll
[2011/03/03 03:38:04 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\mkv2vfr.exe
[2011/03/03 03:37:50 | 000,093,184 | ---- | C] () -- C:\windows\SysWow64\avss.dll
[2011/03/03 03:37:40 | 000,358,400 | ---- | C] () -- C:\windows\SysWow64\gdsmux.exe
[2011/03/03 03:35:32 | 000,080,384 | ---- | C] () -- C:\windows\SysWow64\mkzlib.dll
[2011/03/03 03:35:26 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\mkunicode.dll
[2011/01/19 06:16:55 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2011/01/17 16:15:41 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/01/17 16:09:45 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011/01/17 16:09:45 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/11/19 02:22:29 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2010/08/18 11:56:38 | 000,000,151 | ---- | C] () -- C:\windows\SysWow64\Registration.ini
[2009/08/11 13:21:26 | 000,087,552 | ---- | C] () -- C:\windows\SysWow64\ac3config.exe
[2009/08/11 13:21:20 | 001,021,440 | ---- | C] () -- C:\windows\SysWow64\ac3filter_intl.dll
[2009/07/26 13:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2006/03/03 20:52:00 | 000,088,576 | ---- | C] () -- C:\windows\SysWow64\OptimFROG.dll

========== LOP Check ==========

[2012/01/20 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.minecraft
[2011/12/23 08:41:10 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.purple
[2012/02/03 02:25:33 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.spoutcraft
[2011/09/02 06:18:11 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\.spoutcraftLogs
[2011/12/10 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\AtomZombieData
[2012/02/01 09:19:18 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Audacity
[2011/12/30 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Avnex
[2011/09/23 15:10:13 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Blender Foundation
[2011/12/13 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Braid
[2011/08/11 03:02:52 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Broken Rules
[2011/09/01 14:45:08 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\com.w3i.fliptoast
[2011/08/08 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Crayon Physics Deluxe
[2011/08/01 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DAEMON Tools Lite
[2011/09/19 12:32:57 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DAZ 3D
[2011/10/18 07:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DriverCure
[2011/03/25 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\DVDVideoSoft
[2011/09/26 14:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Dyyno
[2011/09/01 14:04:43 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Exent Technologies
[2012/02/05 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ExodusViewer
[2011/11/16 02:18:33 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Firestorm
[2012/01/14 11:04:00 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\foobar2000
[2012/01/25 00:46:20 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\GetRightToGo
[2011/07/13 06:20:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\go
[2012/01/26 06:07:00 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\gtk-2.0
[2011/10/08 20:05:55 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\IMVU
[2011/09/14 11:38:02 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\IMVUClient
[2012/02/09 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Mumble
[2011/05/11 02:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\OpenOffice.org
[2011/07/20 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Paltalk
[2011/10/18 07:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\PC Unleashed Online
[2012/02/13 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Raptr
[2011/09/19 13:03:30 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Screaming Bee
[2011/12/14 20:24:28 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ScummVM
[2012/02/06 14:54:48 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\SecondLife
[2011/03/14 01:02:17 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Subversion
[2011/04/28 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\SystemRequirementsLab
[2011/06/27 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\TeamViewer
[2012/02/09 19:54:25 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\ThuumicShouter
[2012/02/13 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\uTorrent
[2011/09/01 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\W3i, LLC
[2011/09/06 04:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ani\AppData\Roaming\Windows Live Writer
[2012/02/10 04:08:39 | 000,000,420 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Defrag.job
[2012/02/12 18:00:00 | 000,000,496 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Registration3.job
[2012/02/08 02:46:02 | 000,000,458 | ---- | M] () -- C:\windows\Tasks\PC Unleashed Update Version3.job
[2012/02/12 08:40:10 | 000,000,402 | ---- | M] () -- C:\windows\Tasks\PC Unleashed.job
[2012/01/31 03:04:21 | 000,032,572 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Fix and scan run, here are the logs :) Thanks for the help so far.
  • 0

Advertisements


#11
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Can you now complete Steps 4, 5 and 6 in post #7.
  • 0

#12
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I believe combofix stalled at stage 48. should I retry?
  • 0

#13
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Try running it again in Safe Mode. Make sure not to click the ComboFix window as this can cause it to stall.
Press and hold F8 before the Windows logo appears. Then use the arrow keys to select Safe Mode and then press Enter.

If it still doesn't work, move onto Step 6 in #7.
  • 0

#14
SkittleServal

SkittleServal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for the delay, did not have access to the computer for some time.

I tried to use f8 (and then the other f# keys) before, after and during the windows logo on multiple startups and nothing is getting it to bring up an option to switch to safe mode.
  • 0

#15
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Have you tried repeatedly pressing F8 before the Windows logo appears?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP