Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Autorun; Alureon, orsam detected [Closed]


  • This topic is locked This topic is locked

#1
Gostchyld

Gostchyld

    Member

  • Member
  • PipPip
  • 74 posts
Hello,

I am running Windows XP,on a Lenovo G550 laptop with Microsoft Security Essentials. MSE removed TrojanDropper.Win32/Sirefef.B and later in the day I began experiencing "limited or no connectivity" network issues. I ran Malwarebytes (which has not been updated in 27 days as I could not find a place to DL the virus definitions update independently so I could update using my removable HD) completed a quick scan and a full scan. Did the same with Microsoft Security Essentials and Superantispyware, with no luck. I then attempted a system restore to a few days before the virus was found, which also didn't solve the problem. I downloaded (via my other computer) WinsockxpFix.exe, and RogueKiller.exe and ran both with no improvement as well. I also attempted to download and install new drivers for the belkin wireless card with no luck. The following is the OTL quickscan report. Any assistance would be greatly appreciated!



OTL logfile created on: 2/10/2012 4:47:09 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 73.25% Memory free
5.77 Gb Paging File | 5.18 Gb Available in Paging File | 89.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 41.02 Gb Free Space | 21.71% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 298.09 Gb Total Space | 103.21 Gb Free Space | 34.62% Space Free | Partition Type: NTFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 16:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 14:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 17:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 16:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 03:05:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/04 03:04:37 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/04 03:04:27 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/14 02:18:19 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/14 02:18:15 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:18:15 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/10/14 02:17:51 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/14 02:17:50 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/14 02:17:49 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/14 02:17:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:16:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 02:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 02:16:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/14 02:16:08 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/14 02:15:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:15:52 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:15:47 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/12/25 22:28:22 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/12/25 22:28:22 | 000,429,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Memeo.ShellExtension\4.0.0.114__63b82a8957e80a37\Memeo.ShellExtension.dll
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 01:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/06/24 02:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2009/12/12 18:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 19:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 05:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 05:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 07:40:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29C69F82-F474-4ED3-9E92-2BF90F2642E3}\MpKsled468986.sys -- (MpKsled468986)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 21:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 21:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/16 23:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/16 23:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 15:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 01:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 01:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 15:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 15:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 03:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 10:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 10:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 10:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 10:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 10:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 12:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 12:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 15:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 21:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 16:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 12:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 14:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 03:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}: C:\Documents and Settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6} [2010/07/20 13:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 19:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 19:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 01:29:35 | 000,000,000 | ---D | M]

[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 10:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 10:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/12/01 22:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 19:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 02:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 22:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 02:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 20:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 19:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 12:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 08:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/16 23:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 01:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2010/07/20 13:21:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MICHELE\LOCAL SETTINGS\APPLICATION DATA\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}
[2011/05/16 23:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 03:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/10 07:39:11 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 12:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 12:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 23:53:50 | 000,000,027 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell - "" = AutoRun
O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\1\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\2\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell - "" = AutoRun
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c14e40ee-675c-11df-8cd0-002622c6765f}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 07:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Desktop\RK_Quarantine
[2012/02/10 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2012/02/06 22:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2012/02/06 03:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/02/06 03:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Leahs Tale
[2012/01/25 22:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Grimoire Chronicles
[2012/01/23 22:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\The Golden Years - Way Out West
[2012/01/22 10:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\dvdcss
[2012/01/20 00:27:09 | 000,000,000 | ---D | C] -- C:\games
[2012/01/19 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/16 20:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Heros Tale - Enhanced Edition
[2010/12/15 17:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2010/04/17 04:33:30 | 157,289,278 | ---- | C] (Games ) -- C:\Documents and Settings\Michele\Application Data\LittleNoirMissingGirl.exe
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 16:14:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 16:06:10 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/02/10 16:02:48 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/10 10:06:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/02/10 07:49:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 07:45:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/10 07:44:23 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/10 07:44:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/10 07:40:54 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/02/10 07:40:45 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/10 07:40:31 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/10 07:39:11 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/09 07:15:49 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/09 06:23:27 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/08 21:08:14 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/08 21:08:13 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Google Chrome.lnk
[2012/02/08 02:04:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/08 00:06:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/08 00:06:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/06 03:04:18 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/02/04 07:35:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/29 21:29:26 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Dawn's Light.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | M] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/25 00:33:17 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/25 00:33:17 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/23 22:13:24 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/23 22:13:22 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[2012/01/13 08:00:16 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/09 07:15:49 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/06 03:04:18 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/06 03:04:18 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/01/29 21:29:26 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Dawn's Light.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | C] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/23 22:13:24 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[2012/01/13 03:32:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 03:21:16 | 001,065,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 00:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 19:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 17:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 17:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 22:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 22:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 05:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 05:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 17:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/05/15 07:09:18 | 000,013,490 | -HS- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\83ugwuk5b886k
[2011/05/15 07:09:18 | 000,013,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\83ugwuk5b886k
[2011/02/23 06:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 07:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 07:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 07:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 05:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 17:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 22:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 22:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 16:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 11:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 07:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 22:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 22:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 10:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 06:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 03:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 00:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 17:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 15:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 13:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 13:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 13:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 20:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 20:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/22 23:44:34 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 02:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 02:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 06:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/13 23:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 17:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 01:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 08:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 17:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 01:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 03:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 17:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 17:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 17:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 17:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 17:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 15:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 12:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 12:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 12:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 12:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 15:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 15:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 19:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/01/19 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/09/23 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2010/09/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/01/09 05:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter
[2011/02/06 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2010/11/01 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2011/05/08 21:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/01/20 02:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2009/12/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/13 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan 2
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Finish
[2010/09/05 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/05 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/05/08 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/08 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/10/18 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2010/05/18 18:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/11/12 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/03/14 00:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdensQuest
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 11:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/12/28 05:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2011/08/14 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2011/04/14 23:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2012/02/10 00:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/06/01 03:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/08/26 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2010/08/26 08:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/10 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/10/29 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/09/05 16:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/09/06 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interama
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2010/10/16 11:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Konami
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/09 08:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/12/25 22:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/11/02 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/21 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/25 23:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/11/23 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/14 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/02/07 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/06/13 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/08 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/30 16:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/02/06 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/07/28 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/11/08 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RVLGames
[2011/11/25 22:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/22 17:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/05 16:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/10/20 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/30 12:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/07/19 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009/08/19 05:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/12/27 09:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\.BitTornado
[2010/12/16 04:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\3Stars
[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Absolutist
[2010/01/19 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\acccore
[2010/10/25 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aerohills
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar
[2012/02/06 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlawarSouthpoint
[2011/06/12 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlderGames
[2010/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artifex Mundi
[2010/03/21 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artogon
[2010/03/15 20:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond 3
[2011/01/24 19:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond II
[2010/10/25 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Awem
[2011/12/01 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Azureus
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Finish
[2010/10/03 17:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Fish Games
[2012/01/09 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Blue Tea Games
[2010/06/24 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Boolat Games
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Brawsome
[2010/09/28 02:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Casual Mechanics
[2010/04/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ChaYoWo Games
[2010/09/06 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\CobiMobi
[2011/04/22 00:09:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Michele\Application Data\CrystalSpace
[2011/10/16 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Daedalic Entertainment
[2010/03/12 00:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DarkParablesBriarRose_BFG
[2010/12/22 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dawn's Light
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\dingogames
[2010/04/27 17:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DivoGames
[2010/05/12 14:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dragon Altar Games
[2009/12/27 10:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EcoRescue
[2010/03/21 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ElementalsTheMagicKey
[2011/10/18 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Elephant Games
[2010/09/20 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enki Games
[2010/08/26 16:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enlightenus2_BFG
[2010/06/08 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS G-Studio
[2010/10/29 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS Game Studios
[2011/05/07 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EternalEden
[2011/02/07 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ethereal Darkness Interactive
[2011/12/07 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FALCOM
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Floodlight Games
[2010/10/03 05:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FlyWheelGames
[2010/09/20 05:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Freeze Tag
[2010/09/30 02:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Friday's games
[2010/04/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Fugazo
[2010/09/05 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FussyLogic
[2010/04/29 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Game Mill Entertainment
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameHouse
[2011/06/15 01:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameInvest
[2010/04/04 18:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameMill Entertainment
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gamers Digital
[2010/02/11 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Games
[2010/09/05 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GamesCafe
[2010/06/05 06:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gestalt Games
[2010/09/07 02:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ghost Ship Studios
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GOA
[2010/10/14 01:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\gtk-2.0
[2010/03/02 01:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GTM_Bodie
[2011/10/18 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Harmonic Flow
[2011/06/07 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HdO Adventure
[2010/09/06 05:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hidato
[2010/12/03 02:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HillStoneAnimationStudios
[2010/06/05 05:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HiT-MM
[2011/07/19 12:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Image Zone Express
[2010/06/17 04:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\InterVideo
[2010/11/10 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\iWin
[2010/10/19 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Jetdogs Studios
[2010/04/22 20:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\JoyBits
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2010/09/28 01:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KingArthur
[2011/01/15 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LaxiusForceII_Saves
[2010/06/16 01:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lazy Turtle Games
[2010/12/25 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leadertech
[2012/02/06 04:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/01/08 16:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LegacyInteractive
[2011/08/16 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lilly and Sasha
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Games Company
[2010/04/26 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Noir Stories
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ludia
[2010/11/05 03:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MA2
[2010/11/02 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MAI
[2010/12/25 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Memeo
[2011/01/20 04:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Meridian93
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Merscom
[2011/01/18 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Millennium_Saves
[2010/11/05 22:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MM3_Saves
[2011/05/27 03:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MumboJumbo
[2010/09/30 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mutant Arcade
[2010/11/05 21:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mystery of Mortlake Mansion
[2010/03/20 16:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MysteryStudio
[2010/05/21 23:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Namco
[2010/04/16 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Nevosoft
[2010/12/14 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OpenOffice.org
[2012/02/09 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orneon
[2010/09/23 03:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OtherSide Realm of Eons
[2010/03/27 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Peace Craft
[2010/10/16 06:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\perfect future studio
[2010/06/22 01:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ph03nixNewMedia
[2011/06/13 21:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayFirst
[2010/10/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayPond
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PoBros
[2011/08/16 04:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PriceGong
[2010/06/06 11:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Private Moon Studios
[2010/11/09 01:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\QB9
[2010/09/06 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\quickclick
[2010/04/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Reflexivev1002
[2011/02/15 22:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\RenPy
[2011/12/05 23:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Rovio
[2010/10/04 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sahmon Games
[2010/12/25 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Seagate
[2010/03/19 22:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SerpentOfIsis
[2010/04/04 23:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Settlement. Colossus
[2010/06/05 10:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SevenSails
[2010/03/24 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Silverback Productions
[2010/05/06 18:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Skunk Studios
[2011/11/28 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Snip-It Pro
[2010/10/21 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Specialbit
[2010/12/10 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SpinTop Games
[2010/03/09 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SprillRichiEng
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SulusGames
[2011/06/07 21:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sylia_Saves
[2010/09/28 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ten Heavens
[2011/06/07 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Teyon
[2010/11/17 09:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\The Path
[2010/11/06 01:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ThreeDays2
[2010/07/19 23:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TikisLab
[2011/11/14 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\To the Moon - Freebird Games
[2010/09/28 01:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TOMI2.THE GATES OF FATE
[2011/06/01 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TrickySoftware
[2010/04/05 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Trillian
[2010/10/27 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ubisoft
[2011/11/24 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Update
[2012/02/09 21:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\uTorrent
[2010/06/04 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VampireSaga
[2011/03/07 03:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar
[2011/03/07 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar - Strategy Guide
[2011/03/22 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VBA-M
[2010/04/26 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VendelGAMES
[2010/01/18 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual City
[2010/03/30 02:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual Prophecy
[2010/09/29 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vogat Interactive
[2010/09/21 01:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Whisper of a Rose Saves
[2011/06/10 06:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\WhiteBirdsProductions
[2011/06/04 01:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2010/12/03 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\World-LooM
[2010/09/14 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\YoudaGames
[2012/02/10 07:44:23 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/08 02:04:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/02/10 07:45:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/13 08:00:16 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 07:40:54 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/02/10 16:02:48 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1604D047
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A6D6E537
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:058A7351
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA1919C7
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:409D7106
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:18BFD8F8
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:8DD20B4A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B4686D7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B049A42
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:FA1999D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:107ABE61
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2F1D743F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:774A0E14
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F52A6209
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6FD3C973
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3807D082

< End of report >
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way. One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - when you are using it the current malware infection could propagate further infections - forcing us to do a second or even third round of disinfection after the first. If you do have to use it please disconnect it from the Internet - that way the current malware cannot propagate further infections. I will get back to you soon with further instructions. Expect no more than 24 hours between your post and my response unless World War 3 breaks out and no more than 36 hours between your intial OTL log post and my reponse to that. Good luck!
  • 0

#3
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I am awaiting further direction. Thanks for your help!
  • 0

#4
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
BTW, since my initial OTL log, I did install a single game (I believe it was an old re-installation so it should be safe) but I manually cut off the wireless card through the physical computer - not wireless properties. Let me know if you need me to run any further scans before we can get to work. I have used geeks to go before, so I am familiar with the format of the forums and such. I also am not opposed to using the factory reset button for the laptop if we are not successful. Oh and one more thing. The computer was working after MSE found and removed the virus on my weekly scheduled scan. However, I noticed my computer was running slow, and ran temp file cleaner which caused a reboot. Following the actual reboot is when I began to see problems. (this was all prior to running MBAM, Superantispyware, and MSE full scans, all of which happened before the OTL report. Hope this info helps and thanks again.
  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello Gostchyld. I have finished analyzing your OTL log. There are a couple things to clean. Also there is a file that might or might not be malware that we will upload to a special website to analyze. We will run a program called aswMBR to scan your system for nasty infections prevalent these days. And finally a special program to analyze your Windows Internet components.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    
    O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\1\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\2\Command - "" = F:\.\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
    [2012/02/08 02:04:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/05/15 07:09:18 | 000,013,490 | -HS- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\83ugwuk5b886k
    [2011/05/15 07:09:18 | 000,013,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\83ugwuk5b886k
    
    :Files
    
    C:\WINDOWS\tasks\At*.job
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply as well.

Please also post extras.txt from the same folder as OTL.

Step 2

There are several suspicious files on your machine that might or might not be malware. We will scan them to verify. Let me know if you have any trouble following these instructions. Please do the following:

  • Go to this site
  • Click the browse button on the top of the page
  • Navigate to this file C:\WINDOWS\gamedelete.exe and click the open button
  • Click the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button
  • Once the Scan is completed, click on the Copy to Clipboard button at the bottom of the page. This will copy the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Step 3

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer no
    Posted Image
  • Click the Scan button to start scan
    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 4

  • run farbar service scanner
    Posted Image
  • Tick "All" options.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
OTL quick scan log (OTL.txt)
Extras.txt
virscan upload results
aswMBR log
Farbar Service Scanner log (FSS.txt)

  • 0

#6
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Since I currently don't have the best of internet connections, I will most likely post each of these separately to prevent duplication. Please bear with me as I have to DL UL and DL prior to utilizing the tools. Thanks again.
  • 0

#7
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OK, just to clarify, the computer that is infected is not currently capable of connecting with the internet. I'm going to re-read step 2 to see if I can make it happen. Step 1 is in progress.
  • 0

#8
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Still running OTL, and will post shortly. I definitely can't complete Step 2, but unless otherwise instructed will move on to steps 3 and 4.
  • 0

#9
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Step 1: OTL moved files:



========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
File F:\.\RECYCLER\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
File F:\.\RECYCLER\RECYCLER\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1982fa40-2815-11db-9392-00023fe8283b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\Documents and Settings\Michele\Local Settings\Application Data\83ugwuk5b886k moved successfully.
C:\Documents and Settings\All Users\Application Data\83ugwuk5b886k moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02122012_220642
  • 0

#10
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Step 1: OTL quick scan log file:



OTL logfile created on: 2/12/2012 10:10:07 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.98% Memory free
5.77 Gb Paging File | 5.24 Gb Available in Paging File | 90.81% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 40.31 Gb Free Space | 21.34% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 298.09 Gb Total Space | 102.53 Gb Free Space | 34.40% Space Free | Partition Type: NTFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/10 16:40:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michele\Desktop\Comp Cleanup\OTL.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 10:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/12 14:59:14 | 004,464,640 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/06/10 17:32:56 | 001,282,048 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/03/11 01:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
PRC - [2008/04/13 16:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 03:05:19 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2011/12/11 00:41:52 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011/10/14 02:18:19 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/14 02:18:15 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/14 02:17:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 02:16:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 02:16:38 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
MOD - [2011/10/14 02:16:33 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/14 02:16:08 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/14 02:15:58 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 02:15:52 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 02:15:47 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 02:15:35 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 10:06:14 | 005,407,850 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MOD - [2011/03/08 10:07:36 | 000,553,984 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll
MOD - [2011/02/17 16:13:30 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\CAgdLNote.dll
MOD - [2011/02/14 16:02:58 | 002,417,664 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
MOD - [2011/02/02 09:32:20 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\Report.dll
MOD - [2011/01/27 17:24:00 | 000,188,416 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\CAgdOutlook.dll
MOD - [2011/01/05 14:39:06 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\CalEngine.dll
MOD - [2011/01/05 14:01:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PimNotes.dll
MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 01:29:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2010/09/14 14:01:00 | 000,212,992 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\VistaCalendar.dll
MOD - [2010/06/24 02:02:41 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/03/06 22:31:36 | 000,024,110 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
MOD - [2010/02/10 11:36:20 | 009,565,184 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
MOD - [2010/02/10 11:11:00 | 001,148,416 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
MOD - [2010/02/10 11:08:16 | 000,398,336 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll
MOD - [2009/12/12 18:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/06/22 13:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2008/10/14 13:15:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\BisonC07\BisonM07.exe
MOD - [2008/05/21 19:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2005/06/24 05:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/11 00:40:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/08 21:40:59 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/11/05 01:29:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 01:29:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/30 09:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/02/17 05:49:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2012/02/12 22:08:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29C69F82-F474-4ED3-9E92-2BF90F2642E3}\MpKsle962d083.sys -- (MpKsle962d083)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/08 21:40:27 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 21:40:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/16 23:30:35 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/05/16 23:30:35 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/12/13 15:38:07 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2010/11/05 01:29:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/11/05 01:29:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/22 15:52:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/22 15:52:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/12/30 03:25:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 10:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 10:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 10:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 10:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 10:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/05/22 12:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/04/23 12:54:36 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/03/25 15:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 15:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 15:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 15:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 15:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 15:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 15:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/10/23 15:49:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/09/10 21:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/11 16:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 12:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/07/23 14:04:24 | 000,022,528 | ---- | M] (SoundGenetics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aubridge.sys -- (audiobridge)
DRV - [2007/05/23 03:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B F2 94 47 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FLVTube"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo-FLVTube"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.4.1
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}: C:\Documents and Settings\Michele\Local Settings\Application Data\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6} [2010/07/20 13:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 19:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 19:45:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Michele\Application Data\Move Networks [2010/01/05 01:29:35 | 000,000,000 | ---D | M]

[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Extensions
[2009/12/26 10:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions
[2009/12/26 10:49:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/12/01 22:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions
[2010/05/25 19:45:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/23 02:01:30 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 22:15:11 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/07/23 02:01:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/10 20:14:41 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\bing.xml
[2010/12/11 19:22:47 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Mozilla\Firefox\Profiles\zx1479pg.default\searchplugins\conduit.xml
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/14 12:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 04:31:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 08:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/16 23:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 01:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/19 21:21:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/01/05 01:29:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MICHELE\APPLICATION DATA\MOVE NETWORKS
[2010/07/20 13:21:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\MICHELE\LOCAL SETTINGS\APPLICATION DATA\{265D0102-EDEA-400C-8D9D-E39BF3EDB5F6}
[2011/05/16 23:29:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/05 03:16:05 | 000,001,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FLVTube.xml.bak

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michele\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Michele\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Logitech Device Detection = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michele\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/12 22:06:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Michele\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1261819129968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E352C986-9B29-4289-BE9A-FCB761F2C5F3}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 12:41:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 12:40:41 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 23:53:50 | 000,000,027 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell - "" = AutoRun
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49c5746a-0fd0-11e0-8d54-002622c6765f}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{c14e40ee-675c-11df-8cd0-002622c6765f}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 22:06:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 07:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Desktop\RK_Quarantine
[2012/02/10 00:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2012/02/09 06:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2012/02/06 22:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2012/02/06 03:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/02/06 03:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\Leahs Tale
[2012/01/25 22:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Grimoire Chronicles
[2012/01/23 22:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Start Menu\Programs\The Golden Years - Way Out West
[2012/01/22 10:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michele\Application Data\dvdcss
[2012/01/20 00:27:09 | 000,000,000 | ---D | C] -- C:\games
[2012/01/19 21:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/16 20:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Heros Tale - Enhanced Edition
[2010/12/15 17:53:56 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2010/04/17 04:33:30 | 157,289,278 | ---- | C] (Games ) -- C:\Documents and Settings\Michele\Application Data\LittleNoirMissingGirl.exe
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/12 22:14:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 22:13:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/12 22:10:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/12 22:10:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 22:08:13 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/02/12 22:08:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 22:07:53 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/12 22:06:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/12 22:06:10 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007UA.job
[2012/02/12 16:01:40 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/12 10:06:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4139560822-1196392724-1434190299-1007Core.job
[2012/02/11 07:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/11 01:50:49 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Kuros.lnk
[2012/02/11 01:28:32 | 000,001,671 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Green Moon.lnk
[2012/02/10 07:49:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 07:15:49 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/09 06:23:27 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/08 21:08:14 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Michele\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/08 21:08:13 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Google Chrome.lnk
[2012/02/08 00:06:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/08 00:06:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/06 03:04:18 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | M] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/25 00:33:17 | 000,532,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/25 00:33:17 | 000,099,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/23 22:13:24 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/23 22:13:22 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\Michele\Desktop\Download More Free Full Games from FoxyGames.Info.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[1 C:\Documents and Settings\Michele\My Documents\*.tmp files -> C:\Documents and Settings\Michele\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 01:50:49 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Kuros.lnk
[2012/02/11 01:28:32 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Green Moon.lnk
[2012/02/09 07:15:49 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\World of Zellians Kingdom Builder.lnk
[2012/02/06 03:04:18 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
[2012/02/06 03:04:18 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Leahs Tale.lnk
[2012/01/26 21:54:34 | 000,207,347 | ---- | C] () -- C:\Documents and Settings\Michele\My Documents\Taxessf2011.pdf
[2012/01/25 22:48:07 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\Grimoire Chronicles.lnk
[2012/01/23 22:13:24 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\Michele\Desktop\The Golden Years - Way Out West.lnk
[2012/01/16 20:42:42 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Heros Tale - Enhanced Edition.lnk
[2012/01/11 03:21:16 | 001,065,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/13 00:20:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Captive.INI
[2011/08/14 19:20:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/11 17:02:27 | 000,113,040 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/07/11 17:02:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/06/03 22:45:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/03 22:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/01 05:06:51 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011/06/01 05:06:51 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011/05/18 17:42:02 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2011/02/23 06:41:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2011/01/30 07:11:49 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011/01/30 07:11:48 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011/01/30 07:11:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011/01/30 05:51:46 | 000,084,360 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2010/12/15 17:53:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/12/10 22:52:47 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/12/10 22:52:46 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/12/07 16:58:00 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/05 11:22:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2010/12/03 07:20:48 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2010/11/24 22:43:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JMAN.INI
[2010/11/05 22:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/10/30 10:47:48 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/10/16 06:20:36 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Michele\Application Data\prefsdb.dat
[2010/10/05 03:21:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/10 00:02:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/09/07 17:59:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Secrets.INI
[2010/08/23 15:45:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/24 13:16:09 | 000,003,054 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/07/20 13:21:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adojusucamunu.dat
[2010/07/20 13:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tcedifohahuroze.bin
[2010/04/22 20:06:16 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/03/24 20:47:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/22 23:44:34 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Michele\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 02:29:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/21 02:29:47 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/15 06:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2010/01/13 23:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/01/13 17:44:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2010/01/12 01:47:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2010/01/10 08:04:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/08 17:45:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2010/01/05 01:28:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/30 03:37:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/14 17:26:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/14 17:15:26 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/09/14 17:14:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/14 17:14:11 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/14 17:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 15:46:04 | 000,069,632 | ---- | C] () -- C:\WINDOWS\Memeo.ShellExtension.WicIO.dll
[2006/08/10 12:52:50 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/10 12:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/10 12:31:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/10 12:30:34 | 003,608,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/29 15:54:25 | 000,001,322 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 15:00:00 | 000,532,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 15:00:00 | 000,099,096 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/10/09 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/10/09 19:59:00 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/01/19 13:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/09/23 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2010/09/27 20:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/01/09 05:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALLConverter
[2011/02/06 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2010/11/01 14:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2011/05/08 21:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/01/20 02:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aveyond I
[2009/12/26 10:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/13 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan 2
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Finish
[2010/09/05 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/05 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/05/08 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/08 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/10/18 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2010/05/18 18:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2010/11/12 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/03/14 00:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EdensQuest
[2010/11/25 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/15 11:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/12/28 05:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2011/08/14 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exorcist DS 7
[2011/04/14 23:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2012/02/10 00:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/06/01 03:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/08/26 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
[2010/08/26 08:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/11/10 08:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/10/29 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/09/05 16:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/09/06 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Interama
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KatGames
[2010/10/16 11:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Konami
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/09 08:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2010/12/25 22:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/02/12 18:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/11/02 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/21 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/02/25 23:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2011/11/23 00:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/04/14 23:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2011/02/07 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/08 21:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2010/04/30 16:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2011/02/06 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/01 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2010/07/28 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/11/08 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RVLGames
[2012/02/11 01:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/05/22 17:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/05 16:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2011/10/20 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/30 12:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/01/31 09:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2010/07/19 23:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009/08/19 05:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/12/27 09:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\.BitTornado
[2010/12/16 04:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\3Stars
[2010/04/08 01:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Absolutist
[2010/01/19 13:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\acccore
[2010/10/25 15:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aerohills
[2012/01/23 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar
[2012/02/06 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Alawar Entertainment
[2010/10/16 12:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlawarSouthpoint
[2011/06/12 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\AlderGames
[2010/10/04 08:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artifex Mundi
[2010/03/21 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Artogon
[2010/03/15 20:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond 3
[2011/01/24 19:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Aveyond II
[2010/10/25 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Awem
[2011/12/01 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Azureus
[2011/05/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Finish
[2010/10/03 17:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Big Fish Games
[2012/01/09 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Blue Tea Games
[2010/06/24 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Boolat Games
[2010/10/28 21:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Brawsome
[2010/09/28 02:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Casual Mechanics
[2010/04/24 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ChaYoWo Games
[2010/09/06 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\CobiMobi
[2011/04/22 00:09:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Michele\Application Data\CrystalSpace
[2011/10/16 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Daedalic Entertainment
[2010/03/12 00:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DarkParablesBriarRose_BFG
[2010/12/22 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dawn's Light
[2011/06/10 02:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\dingogames
[2010/04/27 17:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\DivoGames
[2010/05/12 14:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Dragon Altar Games
[2009/12/27 10:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EcoRescue
[2010/03/21 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ElementalsTheMagicKey
[2011/10/18 23:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Elephant Games
[2010/09/20 08:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enki Games
[2010/08/26 16:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Enlightenus2_BFG
[2010/06/08 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS G-Studio
[2010/10/29 00:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ERS Game Studios
[2011/05/07 00:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\EternalEden
[2011/02/07 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ethereal Darkness Interactive
[2011/12/07 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FALCOM
[2010/10/15 06:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Flood Light Games
[2010/10/03 02:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Floodlight Games
[2010/10/03 05:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FlyWheelGames
[2010/09/20 05:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Freeze Tag
[2010/09/30 02:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Friday's games
[2010/04/28 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Fugazo
[2010/09/05 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\FussyLogic
[2010/04/29 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Game Mill Entertainment
[2010/10/22 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameHouse
[2011/06/15 01:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameInvest
[2010/04/04 18:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GameMill Entertainment
[2010/09/22 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gamers Digital
[2010/02/11 12:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Games
[2010/09/05 13:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GamesCafe
[2010/06/05 06:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Gestalt Games
[2010/09/07 02:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ghost Ship Studios
[2010/03/31 20:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GOA
[2010/10/14 01:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\gtk-2.0
[2010/03/02 01:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\GTM_Bodie
[2011/10/18 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Harmonic Flow
[2011/06/07 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HdO Adventure
[2010/09/06 05:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Hidato
[2010/12/03 02:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HillStoneAnimationStudios
[2010/06/05 05:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\HiT-MM
[2011/07/19 12:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Image Zone Express
[2010/06/17 04:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\InterVideo
[2010/11/10 19:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\iWin
[2010/10/19 13:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Jetdogs Studios
[2010/04/22 20:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\JoyBits
[2012/02/09 06:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KatGames
[2010/09/28 01:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\KingArthur
[2011/01/15 20:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LaxiusForceII_Saves
[2010/06/16 01:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lazy Turtle Games
[2010/12/25 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leadertech
[2012/02/06 04:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Leahs_Tale
[2012/01/08 16:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\LegacyInteractive
[2011/08/16 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Lilly and Sasha
[2009/12/27 00:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Games Company
[2010/04/26 19:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Little Noir Stories
[2010/11/04 04:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ludia
[2010/11/05 03:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MA2
[2010/11/02 12:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MAI
[2010/12/25 23:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Memeo
[2011/01/20 04:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Meridian93
[2010/02/16 01:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Merscom
[2011/01/18 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Millennium_Saves
[2010/11/05 22:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MM3_Saves
[2011/05/27 03:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MumboJumbo
[2010/09/30 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mutant Arcade
[2010/11/05 21:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Mystery of Mortlake Mansion
[2010/03/20 16:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\MysteryStudio
[2010/05/21 23:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Namco
[2010/04/16 01:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Nevosoft
[2010/12/14 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OpenOffice.org
[2012/02/09 15:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Orneon
[2010/09/23 03:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\OtherSide Realm of Eons
[2010/03/27 23:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Peace Craft
[2010/10/16 06:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\perfect future studio
[2010/06/22 01:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ph03nixNewMedia
[2012/02/11 01:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayFirst
[2010/10/19 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PlayPond
[2010/02/08 22:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PoBros
[2011/08/16 04:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\PriceGong
[2010/06/06 11:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Private Moon Studios
[2010/11/09 01:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\QB9
[2010/09/06 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\quickclick
[2010/04/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Reflexivev1002
[2011/02/15 22:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\RenPy
[2011/12/05 23:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Rovio
[2010/10/04 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sahmon Games
[2010/12/25 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Seagate
[2010/03/19 22:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SerpentOfIsis
[2010/04/04 23:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Settlement. Colossus
[2010/06/05 10:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SevenSails
[2010/03/24 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Silverback Productions
[2010/05/06 18:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Skunk Studios
[2011/11/28 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Snip-It Pro
[2010/10/21 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Specialbit
[2010/12/10 21:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SpinTop Games
[2010/03/09 21:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SprillRichiEng
[2011/06/12 02:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\SulusGames
[2011/06/07 21:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Sylia_Saves
[2010/09/28 08:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ten Heavens
[2011/06/07 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Teyon
[2010/11/17 09:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\The Path
[2010/11/06 01:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\ThreeDays2
[2010/07/19 23:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TikisLab
[2011/11/14 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\To the Moon - Freebird Games
[2010/09/28 01:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TOMI2.THE GATES OF FATE
[2011/06/01 17:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\TrickySoftware
[2010/04/05 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Trillian
[2010/10/27 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Ubisoft
[2011/11/24 16:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Update
[2012/02/12 22:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\uTorrent
[2010/06/04 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VampireSaga
[2011/03/07 03:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar
[2011/03/07 03:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vastar - Strategy Guide
[2011/03/22 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VBA-M
[2010/04/26 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\VendelGAMES
[2010/01/18 18:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual City
[2010/03/30 02:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Virtual Prophecy
[2010/09/29 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Vogat Interactive
[2010/09/21 01:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Whisper of a Rose Saves
[2011/06/10 06:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\WhiteBirdsProductions
[2011/06/04 01:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\Windows Search
[2010/12/03 07:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\World-LooM
[2010/09/14 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michele\Application Data\YoudaGames
[2012/02/12 22:10:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/12 22:13:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/01/13 08:00:16 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/12 22:08:13 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2012/02/12 16:01:40 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1604D047
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A6D6E537
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:058A7351
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:EA1919C7
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:409D7106
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:18BFD8F8
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:8DD20B4A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B4686D7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5B049A42
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:FA1999D1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:107ABE61
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2F1D743F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:774A0E14
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F52A6209
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:6FD3C973
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3807D082

< End of report >
  • 0

Advertisements


#11
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Unable to complete step 2.
Step 3: aswMBR report:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-12 23:06:46
-----------------------------
23:06:46.000 OS Version: Windows 5.1.2600 Service Pack 3
23:06:46.000 Number of processors: 2 586 0x170A
23:06:46.000 ComputerName: MGLAPTOP UserName: Michele
23:06:47.359 Initialize success
23:07:14.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:07:14.578 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:07:14.578 Disk 0 MBR read successfully
23:07:14.578 Disk 0 MBR scan
23:07:14.578 Disk 0 Windows 7 default MBR code
23:07:14.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193470 MB offset 2048
23:07:14.593 Disk 0 Partition - 00 0F Extended LBA 29894 MB offset 396230656
23:07:14.625 Disk 0 Partition 2 00 12 Compaq diag NTFS 15108 MB offset 457453568
23:07:14.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29893 MB offset 396232704
23:07:14.656 Disk 0 scanning sectors +488396464
23:07:14.734 Disk 0 scanning C:\WINDOWS\system32\drivers
23:07:24.343 Service scanning
23:07:24.640 Service MpKsle962d083 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29C69F82-F474-4ED3-9E92-2BF90F2642E3}\MpKsle962d083.sys **LOCKED** 32
23:07:24.734 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:07:25.265 Modules scanning
23:07:30.593 Disk 0 trace - called modules:
23:07:30.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spco.sys hal.dll >>UNKNOWN [0x8ad3b938]<<
23:07:30.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb2558]
23:07:30.625 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8acb3028]
23:07:30.625 Scan finished successfully
23:08:11.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele\Desktop\Comp Cleanup\MBR.dat"
23:08:11.906 The log file has been saved successfully to "C:\Documents and Settings\Michele\Desktop\Comp Cleanup\aswMBR021212.txt"
23:11:04.562 Disk 0 MBR has been saved successfully to "L:\Comp Cleanup\MBR.dat"
23:11:04.562 The log file has been saved successfully to "L:\Comp Cleanup\aswMBR021212.txt"
  • 0

#12
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Step 4: Farkbar....

Farbar Service Scanner Version: 12-02-2012 01
Ran by Michele (administrator) on 12-02-2012 at 23:09:04
Running from "C:\Documents and Settings\Michele\Desktop\Comp Cleanup"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#13
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello Gostchyld. You are missing a critical system file. We will now look for a copy of this file on your hard drive. Please do the following on your crippled computer (poor computer :( ):

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    /md5start
    afd.sys
    /md5stop
  • Click the None button
  • Click the Run Scan button. Post the log it produces in your next reply.

  • 0

#14
Gostchyld

Gostchyld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OTL logfile created on: 2/14/2012 3:49:52 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michele\Desktop\Comp Cleanup
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 73.32% Memory free
5.77 Gb Paging File | 5.16 Gb Available in Paging File | 89.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 188.93 Gb Total Space | 40.27 Gb Free Space | 21.32% Space Free | Partition Type: NTFS
Drive D: | 29.19 Gb Total Space | 24.80 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive E: | 400.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 298.09 Gb Total Space | 102.54 Gb Free Space | 34.40% Space Free | Partition Type: NTFS

Computer Name: MGLAPTOP | User Name: Michele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: AFD.SYS >
[2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/04/13 11:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 11:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 08:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 05:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 15:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/10/16 09:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 08:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 08:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< End of report >
  • 0

#15
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello Gostchyld. I found a legit copy of the missing system file. We will now put it where it belongs. We will also run Farbar Service Scanner again to see if everything is working now that we fixed the system file.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    
    copy C:\WINDOWS\system32\dllcache\afd.sys C:\WINDOWS\system32\Drivers\afd.sys /c
    
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply as well.

Please also post extras.txt from the same folder as OTL.

Step 2

  • run farbar service scanner

    Posted Image
  • Tick All options.
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things to see in your next post:
OTL fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
OTL.txt
Extras.txt
FSS.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP