So today, I started to experience some nasty symptoms of a virus.
My computer rebooted randomly after running unusually sluggish all day.
Upon rebooting, ESET did it's normal startup scan and reported a Win32/Olmarik.tdl4 trojan was on my computer and ESET couldn't remove it.
In addition to the random rebooting, my computer is constantly flooding me with crash reports that say: winrscmde has stopped working as a result of an APPCRASH in svchost.exe. Upon viewing my system processses, a svchost.exe is constantly taking up a LARGE portion of my memory. I've never noticed this before. I've done some googling around on this virus, and it looks pretty nasty. I'd appreciate any help you guys could give, I'd like to avoid having to do a wipe and reload, but I understand if that is necessary.
I'm running Windows Vista SP2 all windows updates downloaded.
I downloaded OTL as instructed, ran the quick scan, and here is the log: [this scan took a long time!][/size]
OTL logfile created on: 7/30/2012 1:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Davis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.19% Memory free
8.19 Gb Paging File | 6.60 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 228.40 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 3.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 605.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1015.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.47 Gb Total Space | 3.29 Gb Free Space | 44.07% Space Free | Partition Type: FAT32
Computer Name: DAVIS-PC | User Name: Davis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
PRC - [2012/07/21 20:42:41 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/18 22:53:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/01 20:56:15 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
PRC - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/30 01:03:02 | 001,169,408 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._core_.pyd
MOD - [2012/07/30 01:03:02 | 001,018,368 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\windows._cacheinvalidation.pyd
MOD - [2012/07/30 01:03:02 | 000,792,576 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._gdi_.pyd
MOD - [2012/07/30 01:03:02 | 000,731,136 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._misc_.pyd
MOD - [2012/07/30 01:03:02 | 000,645,120 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_ssl.pyd
MOD - [2012/07/30 01:03:02 | 000,571,392 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pysqlite2._sqlite.pyd
MOD - [2012/07/30 01:03:02 | 000,354,304 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pythoncom26.dll
MOD - [2012/07/30 01:03:02 | 000,263,168 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32com.shell.shell.pyd
MOD - [2012/07/30 01:03:02 | 000,153,088 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\pyexpat.pyd
MOD - [2012/07/30 01:03:02 | 000,110,592 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\PyWinTypes26.dll
MOD - [2012/07/30 01:03:02 | 000,096,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32api.pyd
MOD - [2012/07/30 01:03:02 | 000,086,016 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_elementtree.pyd
MOD - [2012/07/30 01:03:02 | 000,073,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_ctypes.pyd
MOD - [2012/07/30 01:03:02 | 000,070,656 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._html2.pyd
MOD - [2012/07/30 01:03:02 | 000,040,448 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_socket.pyd
MOD - [2012/07/30 01:03:02 | 000,036,352 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32process.pyd
MOD - [2012/07/30 01:03:02 | 000,022,528 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32pdh.pyd
MOD - [2012/07/30 01:03:02 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32crypt.pyd
MOD - [2012/07/30 01:03:01 | 000,311,808 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\_hashlib.pyd
MOD - [2012/07/30 01:02:47 | 000,807,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._windows_.pyd
MOD - [2012/07/30 01:02:30 | 001,056,256 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._controls_.pyd
MOD - [2012/07/30 01:02:30 | 000,121,856 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\wx._wizard.pyd
MOD - [2012/07/30 01:02:30 | 000,111,104 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32file.pyd
MOD - [2012/07/30 01:02:30 | 000,039,424 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32inet.pyd
MOD - [2012/07/30 01:02:29 | 000,585,728 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\unicodedata.pyd
MOD - [2012/07/30 01:02:29 | 000,017,920 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\win32event.pyd
MOD - [2012/07/30 01:02:28 | 000,011,776 | ---- | M] () -- C:\Users\Davis\AppData\Local\Temp\_MEI22322\select.pyd
MOD - [2012/07/18 22:53:19 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/18 21:20:29 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/18 12:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
MOD - [2010/01/18 12:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
MOD - [2009/12/16 12:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/12/16 12:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
MOD - [2009/11/26 03:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/06/22 08:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 08:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 08:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 08:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 08:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 08:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 08:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 08:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 12:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 03:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsmr.dll
MOD - [2009/02/20 03:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\DLEAsm.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/01/07 16:09:38 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleacoms.exe -- (dlea_device)
SRV:64bit: - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/18 22:53:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/08 18:53:24 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/07 16:09:33 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2010/01/07 16:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dleacoms.exe -- (dlea_device)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/11 10:41:34 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/01/20 21:49:04 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008/01/20 21:47:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/03/12 04:11:00 | 000,320,512 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WUSB54GCx64.sys -- (netr7364)
DRV:64bit: - [2007/02/23 14:56:54 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV:64bit: - [2006/10/02 21:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Davis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/11/25 16:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 22:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 12:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/25 16:46:47 | 000,000,000 | ---D | M]
[2011/03/05 19:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Extensions
[2012/05/03 20:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions
[2011/03/08 19:45:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/12 15:02:31 | 000,000,000 | ---D | M] (Diccionario de EspaƱol/EspaƱa) -- C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\ri8imcqx.default\extensions\[email protected]
[2012/06/21 14:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/18 22:53:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/29 00:06:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 14:13:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 14:13:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Davis\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9827CD4C-F3B5-4EBE-8660-B764670D7EDD}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C296B4-7A12-4D41-A4A9-C8EB44068A9E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B56CD4B2-F36F-46D7-8B86-F4F9121F4A94}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/27 08:57:55 | 000,221,184 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/11/08 16:14:07 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/12/25 17:37:16 | 000,005,022 | R--- | M] () - D:\autorun.ini -- [ CDFS ]
O32 - AutoRun File - [2011/07/14 12:36:25 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/08/19 13:05:30 | 000,000,054 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003/02/04 15:14:13 | 000,000,183 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/04/10 04:44:31 | 000,000,077 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c2db39c-479b-11e0-b8df-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006/11/27 08:57:55 | 000,221,184 | R--- | M] ()
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f5-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/01/17 13:42:14 | 000,335,992 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33f9-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011/09/02 19:29:01 | 000,217,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\directx\command - "" = G:\DIRECTX\DXSETUP.EXE -- [2003/02/04 15:14:37 | 000,461,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fa-5fcd-11e0-9edd-001fe25350c2}\Shell\setup\command - "" = G:\SETUP.EXE -- [2003/02/04 15:22:15 | 002,392,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{355b33fb-5fcd-11e0-9edd-001fe25350c2}\Shell\AutoRun\command - "" = H:\BvsC_Setup.exe -- [2011/04/10 04:27:11 | 955,210,224 | R--- | M] (Zuxxez Entertainment )
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3576a09-ea24-11e0-9d33-001fe25350c2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/30 01:23:33 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/27 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\tobewavd
[2012/07/26 16:06:42 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\m01acutscenes
[2012/07/26 14:47:12 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\fontconfig
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\gegl-0.2
[2012/07/26 14:47:10 | 000,000,000 | ---D | C] -- C:\Users\Davis\.gimp-2.8
[2012/07/26 14:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP 2
[2012/07/26 14:31:15 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\UtfEditor
[2012/07/26 14:10:29 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\Goblin's Inferno
[2012/07/21 20:39:10 | 000,000,000 | --SD | C] -- C:\Users\Davis\Google Drive
[2012/07/21 20:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Local\Google
[2012/07/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/20 01:18:05 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\FL Tools
[2012/07/19 00:26:19 | 000,000,000 | ---D | C] -- C:\Users\Davis\Desktop\saves
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 21:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2012/07/16 17:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III Napoleonic Era
[2012/07/10 00:12:26 | 001,113,600 | ---- | C] (©citybuilders®) -- C:\Windows\SysWow64\Age3NEUnInst.exe
[2012/07/09 02:46:55 | 000,034,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/09 02:46:54 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/09 02:46:54 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/07/09 02:46:48 | 000,080,768 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/09 02:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/07/09 02:44:21 | 001,236,992 | ---- | C] (crea-doo) -- C:\Users\Davis\Desktop\aoe3loader.exe
[2005/01/13 15:47:42 | 000,061,440 | ---- | C] (none) -- C:\Program Files (x86)\mdMod1.dll
[2004/07/28 19:43:27 | 000,024,576 | ---- | C] (none) -- C:\Program Files (x86)\EnDeCrypt.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/30 01:22:57 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Davis\Desktop\OTL.exe
[2012/07/30 01:16:38 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 01:16:38 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 01:16:38 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 01:10:50 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 01:02:52 | 000,000,857 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/07/30 01:01:56 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 01:01:56 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 01:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 00:46:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 15:23:08 | 000,002,213 | ---- | M] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | M] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/26 14:14:09 | 000,008,704 | ---- | M] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 15:55:53 | 518,337,599 | ---- | M] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | M] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | M] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/19 00:49:03 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/17 14:25:34 | 000,377,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 22:37:50 | 003,269,778 | ---- | M] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:44 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/07/01 20:13:14 | 000,000,248 | ---- | M] () -- C:\Windows\w32demo8.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/26 15:23:08 | 000,002,213 | ---- | C] () -- C:\Users\Davis\AppData\Local\recently-used.xbel
[2012/07/26 14:46:20 | 000,000,922 | ---- | C] () -- C:\Users\Davis\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,910 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/26 14:46:20 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012/07/25 15:23:34 | 518,337,599 | ---- | C] () -- C:\Users\Davis\Desktop\Freelancer[Gob's Server 7-24-12].rar
[2012/07/22 01:17:29 | 000,008,756 | ---- | C] () -- C:\Users\Davis\Desktop\intro_waterplanet.thn.lua
[2012/07/21 20:39:11 | 000,001,504 | ---- | C] () -- C:\Users\Davis\Desktop\Google Drive.lnk
[2012/07/21 20:37:32 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 20:37:31 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 00:49:03 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Freelancer.lnk
[2012/07/12 22:33:48 | 003,269,778 | ---- | C] () -- C:\Users\Davis\Desktop\EXE.rar
[2012/07/09 02:46:42 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/01 20:12:47 | 000,000,248 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012/06/26 00:15:59 | 005,309,465 | ---- | C] () -- C:\Users\Davis\DSCN1884.JPG
[2012/06/22 00:58:19 | 000,019,068 | ---- | C] () -- C:\Users\Davis\obviously.jpg
[2012/06/21 21:17:47 | 003,269,071 | ---- | C] () -- C:\Users\Davis\EXE.rar
[2012/06/12 17:56:03 | 000,004,246 | ---- | C] () -- C:\Users\Davis\account.jpg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/22 16:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/25 00:58:35 | 000,001,164 | ---- | C] () -- C:\Windows\eReg.dat
[2011/09/27 22:25:22 | 000,008,704 | ---- | C] () -- C:\Users\Davis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 18:53:24 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2011/07/08 18:53:24 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2011/07/08 18:53:24 | 000,000,857 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2011/05/21 11:29:24 | 000,000,061 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/10 16:50:03 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/22 14:09:18 | 000,003,388 | ---- | C] () -- C:\Users\Davis\AppData\Roaming\glide_wrapper.zbag.ini
[2011/04/07 23:10:28 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2011/04/07 23:10:28 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2011/04/07 23:10:28 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2011/04/07 23:10:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2011/04/07 23:10:27 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2011/04/07 23:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2011/04/07 23:10:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2011/04/07 23:10:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2011/04/07 23:10:26 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2011/04/07 23:10:26 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2011/04/07 23:10:26 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2011/04/07 23:10:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2011/04/07 23:10:25 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2011/04/07 23:10:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2011/04/07 23:10:24 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2011/04/07 23:10:24 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2011/04/07 23:10:24 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2011/04/07 23:10:23 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2011/04/07 23:10:23 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2011/04/07 23:10:23 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2011/04/07 23:10:22 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2011/04/07 23:10:22 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2011/04/07 23:09:39 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll
[2011/04/07 23:09:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll
[2011/04/02 18:41:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/27 14:34:10 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/27 14:34:09 | 000,042,035 | ---- | C] () -- C:\Windows\unins000.dat
[2011/03/06 19:43:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/06 19:42:36 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/06 19:42:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/03/06 19:42:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/03/06 00:38:16 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/03/05 20:12:44 | 000,001,356 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps.dat
[2011/03/05 19:48:52 | 000,000,732 | ---- | C] () -- C:\Users\Davis\AppData\Local\d3d9caps64.dat
========== LOP Check ==========
[2012/04/04 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\2K Sports
[2012/07/30 01:14:09 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\BitTorrent
[2012/02/20 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/22 16:47:24 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Leadertech
[2011/07/16 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\LucasArts
[2011/07/02 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Out of the Park Developments
[2011/05/21 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\PopCapv1002
[2012/02/01 20:55:57 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SanDisk
[2011/11/26 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\SystemRequirementsLab
[2012/04/13 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Davis\AppData\Roaming\Vulture
[2012/07/30 01:10:46 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8776F88E
< End of report >
There was also another log file the program created that had more information [extras.txt], just let me know if I need to post that log as well.
Thanks in advance for your help, guys.