Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

im getting bsod ran test on separate topic think malware issue please

Started by John Lauhoff , May 05 2012 08:11 PM

  • This topic is locked This topic is locked

#1
John Lauhoff
Posted 05 May 2012 - 08:11 PM

John Lauhoff

    Member

  • Member
  • PipPipPip
  • 104 posts
i was having bsod issues and was on this thread http://www.geekstogo...help-me-please/ the moderator directed me to this area i ran OTL my lo listed below please help


OTL Extras logfile created on: 5/5/2012 9:03:23 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 77.10% Memory free
16.00 Gb Paging File | 13.82 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 751.63 Gb Free Space | 53.80% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2681A7B4-1022-4700-AA60-43EE6D0D5689}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2D200550-9A60-4900-9C25-79733EE462D5}" = lport=49202 | protocol=6 | dir=in | name=akamai netsession interface |
"{5CE3F6B4-6898-4082-9D21-8C958EB330C2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{63BACE75-372D-4C7C-92E8-238A0902C608}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{63D4EAEE-597C-40C3-9A1B-D8A13F0B7005}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{A82E0099-C4D2-4BE9-83B6-F074CC073E01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AC65CFF8-530E-4079-869B-DE35151E14A0}" = lport=49180 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269B84D-3B90-408E-BE7A-2BF21E76AC37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{046DC51F-C649-4092-A9EB-F4218AABD6C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0C72D1EF-AC23-4C42-B614-BB4151A5B290}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{0C80E7DC-F186-4906-9138-E8745FC63E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{0CEE70FB-A65A-45BC-8AA9-8E65F64D0560}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{0D5E3CCE-9574-4E14-A39C-C916859BE82F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0EF066A8-0AFC-478A-8C0F-5172F06B0497}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23C2D594-B75F-4589-AE61-9FC453A8B08E}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{2934E7C4-4943-433C-B480-8EDD6798591C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{310A65B2-5ECB-4BFE-B66A-70CC9F312B97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{32248E86-15BA-4560-AAA9-B9518E433E23}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{350C9777-0909-4747-842D-10E8F6E3B78F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{41651129-BE0C-4271-B9DC-5D61967A414E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{434395E8-A779-41F0-BEA4-0061993F0C75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5561E48C-F1F8-49C4-BB66-F626F222B3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{5833919E-E792-459B-893D-89EF931655AE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{58D26430-27C2-4B53-94BB-5B60F480EEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5D5D98A7-2774-4F5F-9ECB-66F3FE4248DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{5E0D20DD-25E0-4F41-8BC8-200A085C14B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |
"{6AC9B8D7-3507-4721-B1DD-508EEDB1516C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{72ABBF1B-6A75-4319-AA96-793E85615C18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7379A3DA-C6AE-4067-A213-88BDA817E776}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{73C522F8-E1F4-4979-BDFD-F28B577A250A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7579ED12-F6E1-4AE5-BC9E-BEC12FD906DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7A29AFEB-1BFA-4831-867C-84AF471361EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{7A517D1E-DC41-462D-9BDC-4AC1CA0AB60C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{7F61E41A-6118-4A22-A798-89AB55D9D2B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{8C516A64-CE2E-43D0-AA87-4A4365139A6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{933FC300-5CEC-43AA-B7AD-0CCAFE109D89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{97999F5E-AA27-4C83-BEB8-BDA2BABC9937}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ridge racer unbounded demo\rru_demo.exe |
"{9AB28F43-5286-4FD5-AFB0-3AD4DC35C902}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{9D0000BC-757F-4FAF-9789-27F5B7E64DB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{A1B11318-04CC-4F26-9A3D-72D595B8EEE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{A822A244-DFB4-46FE-82FA-F8A3357D478D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC949135-5063-451A-932C-263A456CD6AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AF60E065-04D0-4DAA-A599-341182792B34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B33D2C6E-92A8-487A-AB40-E242E5ACA97F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B84E7B80-824F-4507-8AD4-36CE4306796C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{B9BC0ED9-E4C9-42F8-A7F8-096FE1229E22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BA95632F-BBA9-4E2B-A509-948AE4E4B032}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5EE5D41-0B91-4EB6-A184-1F00A6E2527A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{C672BCDC-30D7-4E62-B4CC-9CB9E545357E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB766E0C-899F-486D-B9B7-C43BF31AE81F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBC60B24-03C2-4615-9BBD-64D575BD7EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{D03A64F8-0E29-446C-A8BF-FEA61B82F2EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{D97FE879-255A-4DE4-9764-E12995C78A34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{DEAEEAF0-A227-46C2-AFC3-7710E002918E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E057A659-976F-4DF0-BC40-B3664236C48F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{E4178EBE-B0FF-4E64-9FB1-7143748E6073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{EA035602-006D-4A02-869C-9839142EEB7B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{F672E8E3-2F20-407F-8983-647381627A04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F876271A-8FC0-4757-9736-D3B3BB1AA817}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FB674AFB-0187-4BC2-A82D-DD21562202F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{FBAC37AE-1CA9-4784-903F-1E56D136D93E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{FBB93816-1449-4B64-AD0B-DA99A3258FA0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{64BC8ACE-067A-496E-8584-5017E5744D87}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"TCP Query User{661E0A9E-9027-4DB2-9F7E-56108EFEDBD0}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"TCP Query User{894BFE35-27C4-4144-9BE6-48B85673839C}C:\program files (x86)\steam\steamapps\hazeydaze007\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hazeydaze007\team fortress 2\hl2.exe |
"TCP Query User{A5BFF0DC-6EF3-4E5F-A34E-560D0C29927D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C1360488-2FD8-4C4D-8BEB-126255FD2A7B}C:\users\john\downloads\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\john\downloads\redsn0w_win_0.9.9b9d\redsn0w.exe |
"TCP Query User{FEF04751-F834-4622-BEAA-126E5066C845}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{188C8A7D-CAB1-48ED-B474-74CF278EAD52}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{3501BAEC-ACB4-4B0A-BBD1-9BF9606291F0}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"UDP Query User{4ECA453C-7A71-442A-B46B-A97B8BF1A41C}C:\users\john\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6F5D27A7-8157-4422-B5C4-0121FAF450FD}C:\users\john\downloads\redsn0w_win_0.9.9b9d\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\john\downloads\redsn0w_win_0.9.9b9d\redsn0w.exe |
"UDP Query User{9BF1B4D3-C09E-4ABF-B84F-5898D3FE6CA7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F1E92572-5EB5-4352-8FB4-5431034D5354}C:\program files (x86)\steam\steamapps\hazeydaze007\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hazeydaze007\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{616C0A4D-457D-488E-9C07-2E7ADFE4F65A}" = Microsoft Corporation
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9CF5E9B6-75C1-6899-00CD-82ACA9ACB664}" = AMD Catalyst Install Manager
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EDA705D8-129D-4EDE-A653-5958B555B36F}" = Microsoft LifeCam
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AACACM" = AAC ACM Codec x64 1.8
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
"WhoCrashed_is1" = WhoCrashed 3.04
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55A9BA4F-00AB-4882-92C7-9BDA1930C359}" = Microsoft Corporation
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AVG Secure Search" = AVG Security Toolbar
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"DMX5_is1" = DriverMax 6
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"mv61xxDriver" = marvell 61xx
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OpenAL" = OpenAL
"PC Tools Utilities_is1" = PC Tools Performance Toolkit 2.0
"PunkBusterSvc" = PunkBuster Services
"Screenshot Utility_is1" = Screenshot Utility version 1.0
"Steam App 207270" = DiRT Showdown Demo
"Steam App 55100" = Homefront
"UPCShell" = LeapFrog Connect
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.5.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
CompCav
Posted 05 May 2012 - 08:37 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, John Lauhoff! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


P2P Warning!:

IMPORTANT I have noticed that there are signs of BitTorrent P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these type programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


Step 1.

Download OTL to your Desktop
or
If you still have OTL on your desktop go immediately to the following steps:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt .
  • Post the log


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
aswMBR log




Give me any updates on issues with your computer
  • 0

#3
John Lauhoff
Posted 05 May 2012 - 08:59 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 21:57:33
-----------------------------
21:57:33.062 OS Version: Windows x64 6.1.7600
21:57:33.062 Number of processors: 6 586 0xA00
21:57:33.062 ComputerName: JOHN-PC UserName: John
21:57:35.074 Initialize success
21:57:49.905 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:57:49.920 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
21:57:49.936 Disk 0 MBR read successfully
21:57:49.936 Disk 0 MBR scan
21:57:49.936 Disk 0 Windows 7 default MBR code
21:57:49.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:57:49.952 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
21:57:49.952 Disk 0 scanning C:\Windows\system32\drivers
21:57:54.366 Service scanning
21:58:07.424 Modules scanning
21:58:07.424 Disk 0 trace - called modules:
21:58:07.439 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS amdide64.sys PCIIDEX.SYS hal.dll atapi.sys
21:58:07.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af9060]
21:58:07.455 3 CLASSPNP.SYS[fffff880018d543f] -> nt!IofCallDriver -> [0xfffffa80079929b0]
21:58:07.455 5 ACPI.sys[fffff88000f9e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007aed680]
21:58:07.455 Scan finished successfully
21:58:31.016 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\otl\MBR.dat"
21:58:31.062 The log file has been saved successfully to "C:\Users\John\Desktop\otl\aswMBR.txt"


OTL logfile created on: 5/5/2012 10:00:53 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 75.25% Memory free
16.00 Gb Paging File | 13.68 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 751.21 Gb Free Space | 53.77% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 21:57:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Downloads\aswMBR.exe
PRC - [2012/05/05 21:02:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2012/05/05 17:49:22 | 000,215,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/05/05 17:48:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/01 17:07:49 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/05/01 17:07:49 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/03/26 09:40:04 | 009,532,824 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\John\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/20 18:03:53 | 000,075,022 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/10/25 18:46:36 | 000,793,056 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/10/25 18:46:36 | 000,103,904 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/10/12 15:47:06 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2012/05/01 17:07:50 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/01 17:07:49 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/27 21:07:01 | 000,444,400 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 21:06:59 | 003,915,248 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 21:05:45 | 000,544,240 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll
MOD - [2012/04/27 21:05:44 | 000,117,744 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll
MOD - [2012/04/27 21:05:34 | 000,122,880 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 21:05:33 | 000,220,672 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 21:05:32 | 001,747,456 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/03/19 11:26:44 | 000,008,608 | ---- | M] () -- C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
MOD - [2012/02/20 18:03:53 | 000,075,022 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/17 23:14:44 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/23 21:07:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/30 17:55:46 | 000,919,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/05 17:49:22 | 000,215,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/05/05 17:48:26 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/01 17:07:49 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/10/25 18:47:00 | 001,030,112 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/10/25 18:46:52 | 001,038,304 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/10/25 18:46:36 | 000,793,056 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/05 20:44:20 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/04/18 09:16:50 | 000,090,624 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/04/17 23:39:00 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/17 22:10:08 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/23 21:07:42 | 002,193,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/16 16:02:54 | 000,685,672 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 17:21:18 | 000,045,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/02/16 17:21:16 | 000,051,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/12/13 12:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/25 18:47:20 | 000,191,104 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDSMon.sys -- (PCTDSMon)
DRV:64bit: - [2011/10/25 18:47:14 | 000,163,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV:64bit: - [2011/10/20 11:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/06 03:56:02 | 000,182,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/03/30 09:48:34 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2010/03/22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/08/24 06:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/10/25 18:47:26 | 000,108,864 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-05-01 17:07:51&v=11.0.0.9&sap=hp
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 1E 61 6D 7F C2 CC 01 [binary data]
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-05-01 17:07:51&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/05 14:04:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...sa&d=2012-05-01 17:07:51&v=11.0.0.9&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Frat Boy Beer Pong = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldnejoajcpmegfmelnfikdlnnpclaoi\1.0_0\
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.2_0\
CHR - Extension: Facebook = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: MSN for Google Chrome = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjjkcnenagkaiaojegiehoadmjaihij\1.0_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Netflix = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: Pandora = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Flixster = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Marvel Comics = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: Alarm Clock Radio = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi\1.6_0\
CHR - Extension: Newegg Official Chrome Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifdjinihgcdkoiefclobajdfjnpjjm\1.5_0\
CHR - Extension: Windows Live Messenger Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpifmiaadiihnkolggaepacodfmgceki\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Ebay Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikeoegkppplgaboiikcijmboeepoj\2.5_0\
CHR - Extension: Fieldrunners = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
CHR - Extension: Plants vs Zombies = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Netflix Fix = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfckkhdbfddoeicejihbdikjgbejiiio\1.4.1.0_0\
CHR - Extension: Netflix Watch Now Layout Fix = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngacmlmclfopgbnmefcffgbcjiafbfpo\2.1_0\
CHR - Extension: Facebook Notifications = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: imo instant messenger = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi\1.3_0\
CHR - Extension: The Pirate Bay Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkheaminkolfgjmmeclpgmepibjhiml\3.8_0\
CHR - Extension: Compare Video Games Prices = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiihhobjjoohfoiokbpbeadmcobkomh\1.0.0.1_0\
CHR - Extension: Psykopaint = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.7_0\
CHR - Extension: Psykopaint = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.7_0\.bak
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001..\Run: [Akamai NetSession Interface] C:\Users\John\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [WinSATRestorePower] C:\Windows\SysNative\powercfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2E1589-CE6D-42C7-B758-AE17C63B02BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 21:08:40 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\otl
[2012/05/05 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/05/05 20:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/05/05 20:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/05/05 16:35:54 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/05 16:25:28 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/05/05 16:10:05 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012/05/05 16:03:55 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2012/05/05 16:03:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2012/05/05 16:03:55 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2012/05/05 16:03:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2012/05/05 16:03:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2012/05/05 16:03:54 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2012/05/05 16:03:54 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2012/05/05 16:03:54 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2012/05/05 16:01:54 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/05/05 16:01:54 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/05/05 16:01:45 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/05/05 16:01:44 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/05/05 16:01:44 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/05/05 16:01:44 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/05/05 16:01:44 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/05/05 16:01:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/05/05 16:01:44 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/05/05 15:32:47 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/05 15:32:47 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/05 15:32:46 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/05 15:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/05 15:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/05 15:21:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/05/05 15:21:38 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/05/05 15:21:37 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/05/05 15:15:33 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/05/05 15:15:30 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/05/05 15:15:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/05/05 15:15:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/05 15:15:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/05 15:15:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/05/05 15:15:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/05/05 15:15:29 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/05/05 15:15:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/05 15:15:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/05 15:15:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/05 15:15:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/05 15:15:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/05/05 15:15:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/05/05 15:15:28 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/05/05 15:15:05 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/05/05 15:15:05 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/05/05 15:15:04 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/05/05 15:15:03 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/05/05 15:15:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/05/05 15:15:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/05/05 15:15:03 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/05/05 15:15:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/05/05 15:15:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/05/05 15:15:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/05/05 15:15:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/05/05 15:15:02 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/05/05 15:15:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/05/05 15:14:55 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/05/05 15:14:55 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/05/05 15:14:42 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/05/05 15:14:42 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/05/05 15:14:42 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/05/05 15:14:41 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/05/05 15:14:40 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/05/05 15:14:39 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/05/05 15:14:39 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/05/05 15:14:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/05/05 15:14:39 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/05/05 15:14:39 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/05/05 15:14:39 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/05/05 15:14:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/05/05 15:14:39 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/05/05 15:14:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/05/05 15:14:22 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/05/05 15:14:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/05/05 15:14:20 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/05/05 15:14:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/05/05 15:14:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/05/05 15:14:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/05/05 15:14:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/05/05 15:14:17 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/05 15:14:16 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/05 15:14:16 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/05 15:14:16 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/05 15:14:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/05 15:14:12 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/05/05 15:14:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/05/05 15:14:08 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/05/05 15:14:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/05/05 15:14:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/05/05 15:14:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/05/05 15:14:07 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/05/05 15:14:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/05/05 15:14:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/05/05 15:14:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/05/05 15:14:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/05/05 15:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/05 15:14:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/05 15:14:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/05/05 15:14:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/05/05 15:14:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/05/05 15:14:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/05/05 15:14:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/05/05 15:14:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/05/05 15:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/05/05 15:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/05/05 15:14:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/05/05 15:13:54 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/05/05 15:13:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/05/05 15:13:54 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/05/05 15:13:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/05/05 15:13:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/05/05 15:13:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/05/05 15:13:50 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/05 15:13:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/05 15:13:45 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/05/05 15:13:44 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/05/05 15:13:43 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/05/05 15:13:43 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/05/05 15:13:40 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/05/05 15:13:40 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/05/05 15:13:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/05/05 15:13:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/05/05 15:13:39 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/05/05 15:13:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/05/05 15:13:39 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/05/05 15:13:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/05/05 15:13:34 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/05/05 15:13:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/05/05 15:13:20 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/05/05 15:13:19 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/05/05 15:13:17 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/05/05 15:13:16 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/05/05 15:13:16 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/05/05 15:13:16 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/05/05 15:13:15 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/05/05 15:13:15 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/05/05 15:13:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/05/05 15:13:14 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/05/05 15:13:14 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/05/05 15:13:13 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/05/05 15:13:13 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/05/05 15:13:13 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/05/05 15:13:12 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/05/05 15:13:12 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/05/05 15:13:12 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/05/05 15:13:12 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/05/05 15:13:08 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/05/05 15:13:08 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/05/05 15:13:04 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/05/05 15:13:04 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/05/05 15:13:04 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/05/05 15:13:04 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/05/05 15:13:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/05/05 15:13:04 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/05/05 15:13:04 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/05/05 15:13:04 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/05/05 15:13:03 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/05/05 15:13:03 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/05/05 15:13:03 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/05/05 15:13:03 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/05/05 15:13:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/05/05 15:13:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/05/05 15:13:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/05/05 15:13:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/05/05 15:12:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/05/05 15:12:56 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/05/05 15:12:53 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/05/05 15:12:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/05/05 15:12:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/05/05 15:12:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/05/05 15:12:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/05/05 15:12:52 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/05/05 15:12:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/05/05 15:12:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/05/05 15:12:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/05/05 15:12:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/05/05 15:12:47 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/05/05 15:12:47 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/05/05 15:12:47 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/05/05 15:12:47 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/05/05 15:12:45 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/05/05 15:12:45 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/05/05 15:12:45 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/05/05 15:12:45 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/05/05 15:12:44 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/05/05 15:12:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/05/05 15:12:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/05/05 15:12:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/05/05 15:12:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/05/05 15:12:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/05/05 15:12:42 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/05/05 15:12:42 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/05/05 15:12:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/05/05 15:12:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/05/05 15:12:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/05/05 15:12:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/05/05 15:12:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/05/05 15:12:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/05/05 15:12:39 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/05/05 15:12:31 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/05/05 15:12:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/05/05 15:12:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/05/05 15:12:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/05/05 15:12:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/05/05 15:12:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/05/05 15:12:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/05/05 15:12:27 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/05/05 15:12:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/05/05 15:12:21 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/05/05 15:12:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/05/05 15:12:20 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/05/05 15:12:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/05/05 15:12:11 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/05/05 15:12:11 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/05/05 15:12:09 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/05/05 15:12:09 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/05/05 15:12:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/05/05 15:12:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/05/05 15:12:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/05/05 15:11:59 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/05/05 15:11:59 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/05/05 15:11:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/05/05 15:11:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/05/05 15:11:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/05/05 15:11:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/05/05 15:11:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/05/05 15:11:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/05/05 15:11:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/05/05 15:11:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/05/05 15:11:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/05/05 15:11:32 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/05/05 15:11:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/05/05 15:11:30 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/05/05 15:11:29 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/05/05 15:11:29 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/05/05 15:03:33 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/05/05 15:03:33 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/05/05 15:02:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/05/05 15:01:36 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/05/05 15:01:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/05/05 15:01:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/05/05 14:52:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/05 14:40:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/05/05 14:40:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/05/05 14:40:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/05/05 14:40:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/05/05 14:40:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/05/05 14:40:00 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/05/05 14:39:59 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/05/05 14:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/05 13:43:52 | 000,000,000 | --SD | C] -- C:\Users\John\AppData\Roaming\Microsoft
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Videos
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Saved Games
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Pictures
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Music
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Links
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Favorites
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Downloads
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Documents
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\Desktop
[2012/05/05 13:43:52 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Temporary Internet Files
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Templates
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Start Menu
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\SendTo
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Recent
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\PrintHood
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\NetHood
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Videos
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Pictures
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Documents\My Music
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\My Documents
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Local Settings
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\History
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Cookies
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\Application Data
[2012/05/05 13:43:52 | 000,000,000 | -HSD | C] -- C:\Users\John\AppData\Local\Application Data
[2012/05/05 13:43:52 | 000,000,000 | -H-D | C] -- C:\Users\John\AppData
[2012/05/05 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Temp
[2012/05/05 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Microsoft
[2012/05/05 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Media Center Programs
[2012/05/05 13:42:41 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/05/05 13:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012/05/05 13:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012/05/05 13:38:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/04 23:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/04 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/04 22:37:32 | 001,436,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2012/05/04 22:37:32 | 000,073,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2012/05/04 22:37:08 | 001,580,368 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\LogiLDA.DLL
[2012/05/04 22:36:33 | 000,051,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys
[2012/05/04 22:35:10 | 000,157,696 | ---- | C] (Matrox Graphics Inc.) -- C:\Windows\SysNative\drivers\MxEFUF64.sys
[2012/05/04 22:34:53 | 000,046,192 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Windows\SysNative\drivers\LPCFilter.sys
[2012/05/04 22:34:36 | 000,045,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012/05/04 22:33:20 | 000,090,624 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW86.sys
[2012/05/04 22:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/05/04 22:27:26 | 002,046,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\coin90.dll
[2012/05/04 21:21:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SlimWare Utilities Inc
[2012/05/04 21:17:58 | 000,023,816 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/05/04 21:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/05/04 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/05/04 19:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/04 19:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/04 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/05/04 17:34:36 | 000,011,832 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys
[2012/05/04 17:30:18 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.97.dll
[2012/05/04 17:30:17 | 004,749,312 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/05/04 17:30:17 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/05/04 17:30:17 | 000,042,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/05/04 17:30:16 | 006,245,888 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/05/04 17:30:16 | 001,960,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2012/05/04 17:30:15 | 004,260,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/05/04 17:30:15 | 001,053,696 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2012/05/04 17:30:14 | 019,586,048 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/05/04 17:30:14 | 007,477,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/05/04 17:30:14 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/05/04 17:30:14 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/05/04 17:30:14 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/05/04 17:30:13 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe
[2012/05/04 17:30:12 | 026,016,256 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/05/04 17:30:12 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe
[2012/05/04 17:30:11 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/05/04 17:30:11 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/05/04 17:30:11 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/05/04 17:30:10 | 011,922,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/05/04 17:30:10 | 000,359,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/05/04 17:30:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/05/04 17:30:10 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/05/04 17:30:10 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/05/04 17:30:10 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/05/04 17:30:10 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/05/04 17:30:09 | 007,510,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/05/04 17:30:09 | 006,811,648 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/05/04 17:30:09 | 000,514,048 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/05/04 17:30:09 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/05/04 17:30:09 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/05/04 17:30:09 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/05/04 17:30:09 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/05/04 17:30:08 | 015,827,456 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/05/04 17:30:08 | 001,081,856 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/05/04 17:30:08 | 000,918,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/05/04 17:30:08 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/05/04 17:30:08 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/05/04 17:30:08 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/05/04 17:30:07 | 013,402,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/05/04 17:30:07 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/05/04 17:30:06 | 000,535,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/05/04 17:30:06 | 000,364,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/05/04 17:30:06 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/05/04 17:30:06 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2012/05/04 17:30:06 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/05/04 17:30:06 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/05/04 17:30:06 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/05/04 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/04 15:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/05/04 15:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2012/05/04 12:22:44 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\screenshots
[2012/05/04 12:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screenshot Utility
[2012/05/04 12:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screenshot Utility
[2012/05/04 11:41:15 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2012/05/04 11:39:42 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Logishrd
[2012/05/04 11:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/05/04 11:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/05/04 11:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/05/04 11:37:13 | 002,965,104 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2012/05/04 11:37:13 | 002,193,008 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2012/05/04 11:37:13 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2012/05/04 11:37:13 | 001,119,344 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2012/05/04 11:37:13 | 000,677,488 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2012/05/04 11:37:13 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2012/05/04 11:37:13 | 000,094,832 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2012/05/04 11:37:13 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2012/05/04 11:37:13 | 000,085,504 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2012/05/04 11:37:13 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2012/05/04 11:37:13 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2012/05/04 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\DriverGenius
[2012/05/04 10:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/05/04 10:55:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2012/05/04 10:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell
[2012/05/04 10:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/05/04 10:53:03 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2012/05/04 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2012/05/04 10:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/05/04 10:50:24 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2012/05/04 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Chipset
[2012/05/04 10:41:34 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys
[2012/05/03 18:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/05/03 18:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/05/03 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2012/05/03 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DriverCure
[2012/05/03 18:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/05/03 17:09:31 | 000,685,672 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/05/03 17:09:31 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/05/03 17:09:31 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2012/05/03 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Windows Live Writer
[2012/05/03 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Windows Live Writer
[2012/05/03 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Innovative Solutions
[2012/05/03 15:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2012/05/03 15:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2012/05/03 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Akamai
[2012/05/03 13:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/05/03 13:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012/05/03 13:31:27 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2012/05/03 13:31:27 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012/05/03 13:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012/05/03 13:31:24 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/05/03 13:31:24 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/05/03 13:31:24 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/05/03 13:31:24 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/05/03 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/05/02 17:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/05/02 13:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/05/01 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AVG Secure Search
[2012/05/01 17:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/01 17:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/01 17:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/01 17:07:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/01 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\FixCleaner
[2012/05/01 17:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/05/01 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/01 16:57:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/05/01 16:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/05/01 15:19:19 | 000,000,000 | ---D | C] -- C:\Crash
[2012/05/01 15:19:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\SCE
[2012/05/01 14:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/01 12:17:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/01 12:16:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/01 12:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/01 12:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/01 12:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/01 12:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/04/30 17:54:03 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Games
[2012/04/30 15:19:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/30 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PC Tools Performance Toolkit
[2012/04/30 15:11:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\PC Tools Performance Toolkit
[2012/04/30 15:11:17 | 000,191,104 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTDSMon.sys
[2012/04/30 15:11:17 | 000,163,472 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTDMDefrag.sys
[2012/04/30 15:11:17 | 000,108,864 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2012/04/30 15:11:17 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2012/04/30 15:11:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012/04/30 15:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2012/04/30 15:11:16 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/04/30 15:11:16 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/04/30 15:11:16 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/04/30 15:11:16 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012/04/30 15:11:16 | 000,512,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2012/04/30 15:11:16 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/04/30 15:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/30 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/30 15:11:15 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\File Recover
[2012/04/30 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012/04/30 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012/04/30 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Leadertech
[2012/04/30 14:51:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012/04/30 14:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/04/30 14:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012/04/30 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012/04/30 14:50:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Logitech
[2012/04/30 14:50:08 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Logishrd
[2012/04/30 14:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/04/30 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/04/29 17:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/29 17:28:53 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Product_PT
[2012/04/29 17:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/05 22:34:10 | 000,074,752 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/04/05 22:34:04 | 000,064,512 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/04/05 22:33:56 | 000,063,488 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/04/05 22:33:52 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/04/05 22:33:44 | 016,457,216 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/04/05 22:32:56 | 013,007,872 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 21:27:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277986409-3721482306-3149500578-1001UA.job
[2012/05/05 20:50:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 20:50:32 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 20:45:10 | 000,014,100 | ---- | M] () -- C:\Users\John\AppData\Local\Temp11.html
[2012/05/05 20:45:06 | 000,001,955 | ---- | M] () -- C:\Users\John\AppData\Local\Temp1.html
[2012/05/05 20:44:20 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/05 20:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 20:41:46 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/05 20:41:44 | 710,121,146 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/05 20:38:40 | 000,000,221 | ---- | M] () -- C:\Users\John\Desktop\Homefront.url
[2012/05/05 20:12:04 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\PTSchedule.job
[2012/05/05 20:11:16 | 000,000,222 | ---- | M] () -- C:\Users\John\Desktop\DiRT Showdown Demo.url
[2012/05/05 20:05:26 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/05/05 17:55:04 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/05 17:49:22 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/05 17:48:26 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/05/05 17:48:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/05 17:23:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/05 17:23:32 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/05 17:23:32 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/05 17:17:08 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 15:28:18 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/05 14:36:31 | 000,001,441 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/05 14:29:36 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/05/05 14:29:36 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/05/05 14:17:37 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/05 13:43:15 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/05/05 13:43:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/05/05 13:42:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/05/05 13:41:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/05/05 11:11:02 | 000,003,096 | ---- | M] () -- C:\Users\John\Desktop\Windows Compatibility Report.htm
[2012/05/05 10:49:50 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/05/05 10:49:50 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/05/05 01:27:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277986409-3721482306-3149500578-1001Core.job
[2012/05/04 23:25:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/04 22:37:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/05/04 22:32:53 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/05/04 21:17:58 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/04 19:15:00 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/04 15:28:32 | 000,001,250 | ---- | M] () -- C:\Users\John\Desktop\DriverMax.lnk
[2012/05/04 11:40:00 | 000,001,358 | ---- | M] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/04 11:37:27 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/05/04 10:56:50 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/05/04 10:52:09 | 000,041,066 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012/05/04 10:50:01 | 000,033,630 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/05/04 10:34:56 | 083,279,754 | ---- | M] () -- C:\Users\John\Documents\AMD_Chipset_V13254_51010008_XPVISTAWIN7.zip
[2012/05/03 13:31:24 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/05/03 13:31:24 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/05/03 13:31:24 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/05/03 13:31:24 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/04/30 15:11:17 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Performance Toolkit.lnk
[2012/04/18 09:16:50 | 000,090,624 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW86.sys
[2012/04/17 23:39:00 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/04/17 23:21:44 | 000,245,968 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/04/17 23:21:44 | 000,245,968 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/04/17 23:20:48 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/04/17 23:20:40 | 000,918,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/04/17 23:18:50 | 001,081,856 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/04/17 23:15:34 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/04/17 23:15:30 | 000,514,048 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/04/17 23:14:44 | 000,238,080 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/04/17 23:13:24 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/04/17 23:13:10 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/04/17 23:13:06 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/04/17 23:13:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/04/17 23:12:22 | 006,811,648 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/04/17 23:06:14 | 026,016,256 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/04/17 22:58:32 | 000,069,632 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.97.dll
[2012/04/17 22:53:26 | 007,510,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/04/17 22:52:18 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\amdverag.dll
[2012/04/17 22:49:24 | 019,586,048 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/04/17 22:33:26 | 006,245,888 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/04/17 22:30:40 | 001,053,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll
[2012/04/17 22:30:20 | 001,960,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll
[2012/04/17 22:29:48 | 004,260,864 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/04/17 22:28:22 | 002,818,784 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/04/17 22:28:22 | 000,204,952 | ---- | M] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/17 22:28:22 | 000,204,952 | ---- | M] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/04/17 22:28:22 | 000,157,144 | ---- | M] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/17 22:28:22 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\ativvsva.dat
[2012/04/17 22:28:22 | 000,026,936 | ---- | M] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/04/17 22:28:22 | 000,026,936 | ---- | M] () -- C:\Windows\SysNative\ativvsnl.dat
[2012/04/17 22:28:22 | 000,000,025 | ---- | M] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/17 22:28:22 | 000,000,025 | ---- | M] () -- C:\Windows\SysNative\ativvsny.dat
[2012/04/17 22:28:16 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/04/17 22:28:14 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/04/17 22:28:08 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/04/17 22:28:06 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/04/17 22:27:56 | 015,827,456 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/04/17 22:23:32 | 013,402,112 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/04/17 22:22:56 | 004,749,312 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/04/17 22:22:48 | 007,477,760 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/04/17 22:21:34 | 002,852,480 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/04/17 22:10:50 | 000,535,552 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/04/17 22:10:42 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/04/17 22:10:30 | 000,017,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/04/17 22:10:26 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/04/17 22:10:26 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/04/17 22:10:22 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/04/17 22:10:16 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/04/17 22:10:08 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/04/17 22:09:16 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/04/17 22:09:10 | 000,042,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/04/17 22:09:02 | 000,045,056 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/04/17 22:08:54 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/04/17 22:08:24 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/04/17 22:05:14 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/04/17 22:05:14 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/04/17 22:05:08 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/04/17 22:05:08 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2012/04/05 22:34:26 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012/04/05 22:34:10 | 000,074,752 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll
[2012/04/05 22:34:04 | 000,064,512 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll
[2012/04/05 22:33:56 | 000,063,488 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll
[2012/04/05 22:33:52 | 000,056,320 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll
[2012/04/05 22:33:44 | 016,457,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll
[2012/04/05 22:32:56 | 013,007,872 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 20:45:10 | 000,014,100 | ---- | C] () -- C:\Users\John\AppData\Local\Temp11.html
[2012/05/05 20:38:40 | 000,000,221 | ---- | C] () -- C:\Users\John\Desktop\Homefront.url
[2012/05/05 20:11:16 | 000,000,222 | ---- | C] () -- C:\Users\John\Desktop\DiRT Showdown Demo.url
[2012/05/05 20:05:26 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/05/05 17:49:22 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/05 17:48:27 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/05 17:48:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/05/05 17:48:26 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/05 14:53:14 | 000,001,955 | ---- | C] () -- C:\Users\John\AppData\Local\Temp1.html
[2012/05/05 14:36:31 | 000,001,413 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/05 14:36:27 | 000,001,447 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/05 14:30:53 | 2146,832,383 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/05 14:17:37 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/05 13:43:52 | 000,000,290 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/05 13:43:52 | 000,000,272 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/05 13:43:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/05 13:43:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/05 13:43:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/05/05 13:42:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/05/05 13:41:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/05 11:11:03 | 000,003,096 | ---- | C] () -- C:\Users\John\Desktop\Windows Compatibility Report.htm
[2012/05/04 23:25:09 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/04 23:25:03 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/04 22:37:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/05/04 22:32:53 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/05/04 21:21:50 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/05/04 21:17:58 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/05/04 19:15:00 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/04 17:30:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/04 17:30:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2012/05/04 17:30:17 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/05/04 17:30:17 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/04 17:30:17 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2012/05/04 17:30:17 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/04 17:30:17 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat
[2012/05/04 17:30:17 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/05/04 17:30:17 | 000,000,025 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat
[2012/05/04 17:30:15 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/05/04 17:30:14 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/04 17:30:14 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2012/05/04 17:30:13 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/05/04 17:30:10 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/05/04 17:30:06 | 000,245,968 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/05/04 17:30:06 | 000,245,968 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/05/04 17:30:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\amdverag.dll
[2012/05/04 15:28:32 | 000,001,250 | ---- | C] () -- C:\Users\John\Desktop\DriverMax.lnk
[2012/05/04 11:39:49 | 000,001,358 | ---- | C] () -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/04 11:37:27 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/05/04 11:37:27 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2012/05/04 10:52:07 | 000,041,066 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/05/04 10:49:22 | 000,033,630 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/05/04 10:41:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/05/04 10:34:18 | 083,279,754 | ---- | C] () -- C:\Users\John\Documents\AMD_Chipset_V13254_51010008_XPVISTAWIN7.zip
[2012/05/02 21:55:36 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/05/02 21:55:36 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/05/01 14:15:41 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\PTSchedule.job
[2012/04/30 15:11:17 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Performance Toolkit.lnk
[2012/04/30 15:11:16 | 000,040,416 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/04/05 22:34:26 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/11/30 14:53:34 | 000,171,008 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2011/11/30 14:53:26 | 006,244,574 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2011/11/30 14:53:26 | 000,957,031 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011/11/30 14:53:26 | 000,337,369 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2011/11/30 14:53:26 | 000,197,696 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2011/11/30 14:53:26 | 000,127,340 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/11/20 06:34:48 | 003,900,928 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/11/20 06:09:44 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/20 06:07:24 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/11/20 06:07:06 | 000,133,632 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
[2011/11/20 06:07:04 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/11/20 06:07:04 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/11/20 06:07:02 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/11/20 06:07:02 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/11/20 06:07:02 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/11/20 06:07:02 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/11/20 06:07:00 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/11/20 06:06:58 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== LOP Check ==========

[2012/05/05 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2012/05/05 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\COWON
[2012/05/05 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DriverCure
[2012/05/05 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FixCleaner
[2012/05/05 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2012/05/05 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Product_PT
[2012/05/05 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\redsn0w
[2012/05/05 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2012/05/03 16:03:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer
[2012/05/05 20:12:04 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\PTSchedule.job
[2012/05/05 21:51:33 | 000,003,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 10:32:30 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{0F2E1589-CE6D-42C7-B758-AE17C63B02BA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ECFB1063-7D1D-4E06-81C0-9B1780469617}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 00 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/02/28 00:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/02/28 00:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/02/28 00:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/02/28 00:42:27 | 000,673,048 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: JOHN-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 1397 GB Healthy Boot

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0D786AE3

< End of report >

Edited by John Lauhoff, 05 May 2012 - 09:05 PM.

  • 0

#4
CompCav
Posted 05 May 2012 - 09:02 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
We cross posted I am reviewing the log now!
  • 0

#5
John Lauhoff
Posted 05 May 2012 - 09:06 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
is this what you needed
  • 0

#6
CompCav
Posted 05 May 2012 - 09:09 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Yes :thumbsup:
  • 0

#7
CompCav
Posted 05 May 2012 - 10:06 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Our terms of use do not allow working on computers with cracks, keygens, or jailbreaks on them.

Please remove them if you want us to continue helping you.

This includes any illegal downloads and installs from:

The Pirate Bay which is a search extension you have in your Chrome browser. This is also a place where infections are routinely embedded in the downloads to prey on unsuspecting users.


Jailbreaks like redsn0w for Apple products.


After removal we can continue to help you.


Regards,

CompCav
  • 0

#8
John Lauhoff
Posted 05 May 2012 - 10:20 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
im not positive about which ones ill remove redsnow and any other i see do i need to rerun one of the test after if so which one if not both
  • 0

#9
John Lauhoff
Posted 05 May 2012 - 10:22 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
i didnt see redsnow saw bittorent removing it
  • 0

#10
CompCav
Posted 05 May 2012 - 10:30 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I can remove redsn0w just go to your Chrome browser and delete the Pirate Bay Search extension as well.

For extensions (Pirate Bay Search) type the following into the address box in Chrome:

chrome:extensions


This will show all of the installed extensions and each extension can be either disabled or uninstalled from this page.


No need for additional scans just let me know when you complete the extension removal in Chrome as well.
  • 0

Advertisements

#11
John Lauhoff
Posted 05 May 2012 - 10:32 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
ok the extensions removed and bittorent been uninstalled sorry bout that
  • 0

#12
CompCav
Posted 05 May 2012 - 10:36 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks I will have an initial post in just a few minutes.
  • 0

#13
CompCav
Posted 05 May 2012 - 10:49 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you so wish.


Step 2.

Please uninstall or do not use the following programs:

speed max pc
fix cleaner

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.


Step 3.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
PRC - [2012/02/20 18:03:53 | 000,075,022 | ---- | M] () -- C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe
O3 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2012/05/03 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2012/05/03 18:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/05/05 20:45:10 | 000,014,100 | ---- | M] () -- C:\Users\John\AppData\Local\Temp11.html
[2012/05/05 20:45:06 | 000,001,955 | ---- | M] () -- C:\Users\John\AppData\Local\Temp1.html
[2012/05/05 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\BitTorrent
[2012/05/05 14:11:02 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FixCleaner
[2012/05/05 14:11:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\redsn0w
[2012/05/05 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SpeedMaxPc
[2008/04/11 10:32:30 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\install.exe



:files
ipconfig /flushdns /c
C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\John\AppData\Local\Temp\~nsu.tmp


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 4.

Here are a list of questions that will help me address the issues you have:

Did you recently upgrade your operating system?

If so did you start having the BSOD's only after the upgrade? Or did the frequency of BSOD's change?

What did you upgrade from?


These files show an upgrade was done:
[2012/05/05 16:25:28 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/05/05 16:10:05 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR



Do you need all of these as trusted sites?

I ask because trusted sites can send things around your normal protections. Sometimes the sites do this but do not need it to function.

O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1277986409-3721482306-3149500578-1001\..Trusted Domains: sony.com ([]* in Trusted sites)




Step 5.

Please post:

OTL fix log

Give me an update on how the computer is performing with the initial removals completed.
  • 0

#14
John Lauhoff
Posted 05 May 2012 - 10:59 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
i removed punkbusters i did not see speed max pc
fix cleaner but im running the fix after i copied and pasted the code provided when finished ill post the fix log<br style="color: rgb(34, 34, 34); font-size: 13px; line-height: 19px; text-align: left; ">
  • 0

#15
John Lauhoff
Posted 05 May 2012 - 11:06 PM

John Lauhoff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John
->Temp folder emptied: 141075409 bytes
->Temporary Internet Files folder emptied: 2277172 bytes
->Google Chrome cache emptied: 12054220 bytes
->Flash cache emptied: 17373 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11375364 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 18294009704 bytes

Total Files Cleaned = 17,606.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05052012_235710

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP