I'm new to this site, and certainly new to discovering malware infections beyond the scope of MBAM, SpyBot, or other such tools. Recently, I've noticed sporadic behavior in YouTube videos and some other Shockwave Flash related content on my chrome web browser, where video and audio would freeze and stutter without cause or reason. Upon further investigation, I noticed the following three processes launching in quick succession before almost immediately terminating before I could investigate: winlogon.exe, LogonUI.exe, and csrss.exe. This led me to believe there may be a virus or some malware infection on my machine. No amount of digging I could do would return results. Running MBAM and Avast! did nothing but identify Adware (which I've had cleaned multiple times), and even running sfc /SCANNOW returned zero results.
Through the use of Process Hacker, I've been able to find two sessions which were entirely foreign to me, and have tracerouted them along with checking them on ipillion for status. This, however, doesn't solve my more immediate issue of removing any malware, spyware, virus, or keylogger (assuming keyloggers fall under a different category) to free me from the slow demise of my PC and the destruction of my sanity.
Please, help.
Log files are below:
OTL logfile created on: 5/22/2012 6:40:07 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = D:\MegaPhlux Libraries\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.95 Gb Total Physical Memory | 12.68 Gb Available Physical Memory | 79.53% Memory free
17.94 Gb Paging File | 14.22 Gb Available in Paging File | 79.25% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 28.80 Gb Free Space | 25.78% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1322.99 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 940.20 Gb Free Space | 50.47% Space Free | Partition Type: NTFS
Computer Name: MEGAPHLUX | User Name: Phlux | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\MegaPhlux Libraries\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - D:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Phlux\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll ()
MOD - C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HiPatchService) -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ViaUsbModemDriver) -- C:\Windows\SysNative\drivers\ViaUsbModem.sys ()
DRV:64bit: - (ViaUsbEtsDriver) -- C:\Windows\SysNative\drivers\ViaUsbEts.sys (Via Telecom, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (KProcessHacker2) -- D:\Program Files\Process Hacker 2\kprocesshacker.sys (wj32)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 46 B4 95 DE 20 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Phlux\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Phlux\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phlux\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phlux\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Phlux\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/04/23 00:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/04 01:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/23 00:24:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/03/27 17:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
[2012/02/07 22:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phlux\AppData\Roaming\Mozilla\Extensions
[2012/05/02 00:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phlux\AppData\Roaming\Mozilla\Firefox\Profiles\v57qf432.default\extensions
[2012/02/07 22:45:40 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PHLUX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V57QF432.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Phlux\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Phlux\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Phlux\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = D:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: VMware Remote Console and Client Integration Plug-in (Enabled) = C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Phlux\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Phlux\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\
CHR - Extension: Language Immersion for Chrome = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl\1.0.3_0\
CHR - Extension: YouTube = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Pastebin.com = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh\2.4_1\
CHR - Extension: avast! WebRep = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Resolution Test = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Robot Theme, inspired by Android\u2122 = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeljdmeofcikjblcoehpmdnooimalbmj\0.2.2_0\
CHR - Extension: Gmail = C:\Users\Phlux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/05/16 23:02:27 | 000,442,861 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15219 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] D:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray] D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Phlux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Phlux\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD52C47A-2358-48D3-82C4-C91F3CFBDD06}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/22 17:44:02 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\e-academy Inc
[2012/05/22 17:35:02 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\tor
[2012/05/22 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/22 17:14:40 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/22 17:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/22 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/20 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012/05/20 20:06:02 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\InstallShield
[2012/05/17 17:54:15 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Jitsi
[2012/05/17 17:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoner
[2012/05/17 17:44:06 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MicroSIP
[2012/05/17 17:37:28 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Linphone
[2012/05/17 17:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linphone
[2012/05/16 22:53:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/15 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Process Hacker 2
[2012/05/15 00:05:36 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2012/05/14 00:25:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/05/14 00:25:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/13 19:38:29 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\com.yourname.gamename
[2012/05/13 19:38:18 | 000,000,000 | ---D | C] -- C:\Users\Phlux\Desktop\CrashCourseHard
[2012/05/13 17:22:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/13 17:22:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/13 17:22:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/13 17:22:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/13 17:21:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 11:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/05/09 21:21:32 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\Malwarebytes
[2012/05/09 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/09 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/09 21:21:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/09 21:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/09 00:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/09 00:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/09 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/09 00:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/05/09 00:46:51 | 000,000,000 | ---D | C] -- C:\AMD
[2012/05/04 12:28:16 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\MySQL
[2012/05/04 10:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/05/03 23:12:02 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Local\ElevatedDiagnostics
[2012/05/02 19:47:59 | 000,000,000 | ---D | C] -- D:\MegaPhlux Libraries\User Places\Documents\Talk
[2012/05/01 11:11:47 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2012/05/01 11:11:11 | 000,000,000 | ---D | C] -- C:\Users\Phlux\Desktop\Driver_TU-S9(CDV1.33)
[2012/04/29 12:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telephony Programs
[2012/04/29 12:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/04/29 12:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/04/29 12:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/04/29 12:52:44 | 000,000,000 | ---D | C] -- C:\Users\Phlux\AppData\Roaming\NCH Software
[2012/04/29 12:02:58 | 000,000,000 | ---D | C] -- D:\MegaPhlux Libraries\User Places\Documents\pubKeys
[2012/04/26 17:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/26 17:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/23 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\Phlux\Adobe Flash Builder 4.5
[2012/04/23 00:25:19 | 000,000,000 | R--D | C] -- C:\Users\Phlux\Documents
[2012/04/23 00:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/04/23 00:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2012/04/23 00:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/04/23 00:21:04 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2012/04/23 00:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
========== Files - Modified Within 30 Days ==========
[2012/05/22 18:42:52 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 18:42:52 | 000,022,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 18:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/22 18:35:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/22 17:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27904381-2184510844-881867659-1000UA.job
[2012/05/22 17:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-27904381-2184510844-881867659-1000Core.job
[2012/05/22 17:44:02 | 000,003,139 | ---- | M] () -- C:\Users\Phlux\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2012/05/22 17:14:41 | 000,001,808 | ---- | M] () -- C:\Users\Phlux\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 16:55:17 | 000,002,012 | -H-- | M] () -- D:\MegaPhlux Libraries\User Places\Documents\Default.rdp
[2012/05/22 11:28:45 | 000,000,600 | ---- | M] () -- C:\Users\Phlux\AppData\Roaming\winscp.rnd
[2012/05/21 16:41:35 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/21 16:41:35 | 000,629,528 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/21 16:41:35 | 000,108,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/21 02:29:03 | 000,000,600 | ---- | M] () -- C:\Users\Phlux\AppData\Local\PUTTY.RND
[2012/05/17 17:40:26 | 000,000,218 | ---- | M] () -- C:\Users\Phlux\AppData\Local\recently-used.xbel
[2012/05/17 14:57:52 | 000,002,355 | ---- | M] () -- C:\Users\Phlux\Desktop\Google Chrome.lnk
[2012/05/16 22:53:29 | 746,223,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/15 22:30:25 | 000,000,907 | ---- | M] () -- C:\Users\Phlux\Desktop\Process Hacker 2.lnk
[2012/05/13 18:36:37 | 022,445,923 | ---- | M] () -- C:\Users\Phlux\Desktop\CrashCourseEasy.zip
[2012/05/13 18:36:32 | 022,446,391 | ---- | M] () -- C:\Users\Phlux\Desktop\CrashCourseHard.zip
[2012/05/11 11:23:53 | 004,976,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/02 22:09:20 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\BinTube.lnk
[2012/05/02 01:12:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/29 12:52:47 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Express Talk.lnk
[2012/04/27 00:30:34 | 000,378,788 | ---- | M] () -- C:\bar.emf
[2012/04/26 17:36:04 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/23 01:10:03 | 000,000,053 | ---- | M] () -- C:\Windows\Eraser.INI
========== Files Created - No Company Name ==========
[2012/05/22 17:44:02 | 000,003,139 | ---- | C] () -- C:\Users\Phlux\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2012/05/22 17:14:41 | 000,001,808 | ---- | C] () -- C:\Users\Phlux\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 16:56:52 | 000,135,168 | ---- | C] () -- C:\Users\Phlux\Desktop\LOIC.exe
[2012/05/17 17:54:12 | 000,001,610 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jitsi.lnk
[2012/05/17 17:40:26 | 000,000,218 | ---- | C] () -- C:\Users\Phlux\AppData\Local\recently-used.xbel
[2012/05/16 22:53:29 | 746,223,471 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/15 22:30:25 | 000,000,907 | ---- | C] () -- C:\Users\Phlux\Desktop\Process Hacker 2.lnk
[2012/05/13 18:28:09 | 022,446,391 | ---- | C] () -- C:\Users\Phlux\Desktop\CrashCourseHard.zip
[2012/05/13 18:28:05 | 022,445,923 | ---- | C] () -- C:\Users\Phlux\Desktop\CrashCourseEasy.zip
[2012/05/13 17:22:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/13 17:22:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/13 17:22:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/13 17:22:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/13 17:22:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/01 11:11:47 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/04/29 12:52:47 | 000,001,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Talk.lnk
[2012/04/29 12:52:47 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Express Talk.lnk
[2012/04/27 00:30:34 | 000,378,788 | ---- | C] () -- C:\bar.emf
[2012/04/23 03:07:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/23 01:10:03 | 000,000,053 | ---- | C] () -- C:\Windows\Eraser.INI
[2012/04/23 00:25:00 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/04/23 00:25:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/04/23 00:23:38 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/04/23 00:23:27 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/04/23 00:20:17 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/04/22 00:49:40 | 000,007,596 | ---- | C] () -- C:\Users\Phlux\AppData\Local\Resmon.ResmonCfg
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/22 01:00:29 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/02/22 00:58:06 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/02/08 22:46:33 | 000,000,600 | ---- | C] () -- C:\Users\Phlux\AppData\Local\PUTTY.RND
[2012/01/31 22:00:03 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012/01/31 22:00:03 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012/01/31 22:00:03 | 000,047,383 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012/01/31 22:00:03 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012/01/31 22:00:02 | 000,000,999 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012/01/31 22:00:00 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012/01/31 22:00:00 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012/01/18 22:29:51 | 000,000,875 | ---- | C] () -- C:\Users\Phlux\AppData\Roaming\SAS7_000.DAT
[2012/01/09 02:18:39 | 000,734,850 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/01 04:41:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/27 21:22:24 | 000,281,880 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/27 21:22:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/27 20:40:41 | 000,000,600 | ---- | C] () -- C:\Users\Phlux\AppData\Roaming\winscp.rnd
[2011/12/26 23:55:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/26 23:27:22 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/12/26 23:27:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/12/26 23:18:47 | 000,035,206 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/12/26 23:17:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/26 23:17:18 | 000,023,425 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== LOP Check ==========
[2012/03/09 23:32:29 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\.minecraft
[2012/05/22 18:43:13 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\.purple
[2012/04/17 13:04:48 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\.techniclauncher
[2012/01/31 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\ASUS
[2012/05/13 19:38:29 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\com.yourname.gamename
[2012/05/22 18:35:53 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Dropbox
[2012/05/22 17:44:02 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\e-academy Inc
[2012/05/15 02:37:01 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\gtk-2.0
[2012/02/22 01:04:49 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\HandBrake
[2012/05/22 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Jitsi
[2011/12/27 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Leadertech
[2012/05/17 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Linphone
[2012/05/04 12:28:16 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\MySQL
[2012/03/01 18:39:25 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Notepad++
[2012/01/18 22:16:12 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Nuance
[2011/12/27 20:17:12 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Origin
[2012/05/22 18:29:58 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\Process Hacker 2
[2012/04/22 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\Phlux\AppData\Roaming\uTorrent
[2009/07/14 01:08:49 | 000,011,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
< End of report >