Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Drive is full three weeks after a system reinstall [Closed]


  • This topic is locked This topic is locked

#1
Faxxy

Faxxy

    Member

  • Member
  • PipPip
  • 37 posts
Hello,

My system drive is C:. It has ONLY 26 gigabytes(yes I know it is weird). My other drives got more gigabytes. Well, when I reinstalled Windows 7, it had 23 gigabytes free(I think the files used for the system to work took the space) And then, I installed something on the C: drive(well it was a small thing but affected by a virus, my antivirus didn't show that). Then, suddenly, in a week my whole C: drive is full! Only 50 megabytes left! But I am sure I didn't install anything except that! I did a scan and deleted the files, but nothing happened. I heard that maybe the viruses could fill up the free space. Is there any way of cleaning it ?
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please try to do the following:

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    %systemroot%\*. /mp /s
    %Temp%\smtmp\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thank you for your response;
I don't have the Windows CD disc.

OTL.txt:


OTL logfile created on: 01/08/2012 20:12:44 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Fahro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.02% Memory free
4.00 Gb Paging File | 1.95 Gb Available in Paging File | 48.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 26.37 Gb Total Space | 0.27 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 3.85 Gb Free Space | 9.86% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 0.53 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Drive F: | 39.29 Gb Total Space | 5.16 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive G: | 109.98 Gb Total Space | 28.66 Gb Free Space | 26.06% Space Free | Partition Type: NTFS

Computer Name: FAHRO-PC | User Name: Fahro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 20:07:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Fahro\Desktop\OTL.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 08:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 08:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/07/04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/06/26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/06/11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/06/11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Fahro\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/08/09 21:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/06/02 00:58:44 | 007,704,216 | ---- | M] (Blizzard Entertainment) -- G:\World 'o' Warcraft\Wow.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/04 01:34:48 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012/07/04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/06/26 13:11:10 | 000,345,688 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/06/26 13:11:08 | 000,282,200 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/06/26 13:11:02 | 008,197,208 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/06/26 13:11:00 | 002,302,040 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/06/26 13:10:58 | 000,202,328 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012/06/26 13:10:58 | 000,027,736 | ---- | M] () -- F:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 22:34:14 | 000,413,696 | ---- | M] () -- G:\World 'o' Warcraft\DivxDecoder.dll
MOD - [2009/07/14 06:55:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\de8525cc2e6327337e1c6917352bfe16\WindowsFormsIntegration.ni.dll
MOD - [2009/07/14 06:43:48 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009/07/14 06:43:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009/07/14 06:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MOD - [2009/07/14 06:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009/07/14 06:43:20 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009/07/14 06:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 06:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 06:42:56 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\7ce9d463a5d343fe74d6f181f9226cab\UIAutomationProvider.ni.dll
MOD - [2009/07/14 06:42:55 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009/07/14 06:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/14 06:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 06:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 06:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 06:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/02 12:29:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Auto | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/28 20:49:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 21:38:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 08:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/04 01:34:42 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2012/07/04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 07:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/07/03 16:19:17 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/07/03 16:16:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/03/05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012/02/23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2007/04/09 14:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C AB 61 0C 42 6B CD 01 [binary data]
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: G:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Fahro\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fahro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fahro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 21:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/02 22:07:04 | 000,000,000 | ---D | M]

[2012/07/23 10:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahro\AppData\Roaming\Mozilla\Extensions
[2012/07/25 19:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fahro\AppData\Roaming\Mozilla\Firefox\Profiles\s7ey41lv.default\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fahro\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Fahro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search Results Toolbar) - {ad146b57-67a2-4c82-8b1c-51f6316b20d2} - C:\Program Files\searchresults9\searchresultsDX.dll (Ask.com)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {ad146b57-67a2-4c82-8b1c-51f6316b20d2} - C:\Program Files\searchresults9\searchresultsDX.dll (Ask.com)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001..\Run: [Akamai NetSession Interface] C:\Users\Fahro\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001..\Run: [Google Update] "C:\Users\Fahro\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001..\Run: [PC Suite Tray] F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1350697212-3610436638-3386948606-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B5F07C4-BE94-4E36-895E-72C06CA14B0C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/09 23:26:32 | 000,000,000 | ---D | M] - F:\autoskola -- [ NTFS ]
O33 - MountPoints2\{b2d12c2f-c4ca-11e1-96fb-8c89a530aad5}\Shell - "" = AutoRun
O33 - MountPoints2\{b2d12c2f-c4ca-11e1-96fb-8c89a530aad5}\Shell\AutoRun\command - "" = M:\unlock.exe autoplay=true
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Autorun.exe
O33 - MountPoints2\M\Shell\dinstall\command - "" = M:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 20:08:29 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Fahro\Desktop\OTL.exe
[2012/08/01 11:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/08/01 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012/08/01 11:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/30 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/30 22:23:20 | 000,000,000 | ---D | C] -- G:\Program Files\Oracle
[2012/07/30 22:23:00 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/30 22:22:41 | 000,000,000 | ---D | C] -- G:\Program Files\Java
[2012/07/30 16:24:43 | 000,000,000 | ---D | C] -- C:\Users\Fahro\Desktop\Originals
[2012/07/30 16:23:38 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\PhotoScape
[2012/07/29 17:51:41 | 000,000,000 | ---D | C] -- G:\Program Files\STALKER
[2012/07/29 16:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/07/29 16:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/07/29 16:25:47 | 000,000,000 | ---D | C] -- G:\Program Files\GreenTree Applications
[2012/07/29 16:03:12 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012/07/29 03:14:03 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\WinRAR
[2012/07/29 02:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGenesis
[2012/07/29 01:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stainless Steel
[2012/07/29 00:09:56 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\MilkShape 3D 1.x.x
[2012/07/29 00:05:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2012/07/28 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\vlc
[2012/07/28 21:54:53 | 000,000,000 | ---D | C] -- C:\VLC
[2012/07/28 19:16:13 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/07/28 14:57:11 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Ashampoo
[2012/07/28 14:57:10 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Ashampoo
[2012/07/28 14:10:27 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\SCE
[2012/07/28 14:10:19 | 000,000,000 | ---D | C] -- C:\Crash
[2012/07/28 14:00:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/07/28 14:00:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012/07/28 14:00:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012/07/28 14:00:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012/07/28 14:00:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012/07/28 14:00:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/07/28 14:00:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012/07/28 14:00:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/07/28 14:00:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/07/28 14:00:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/07/28 14:00:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/07/28 14:00:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/07/26 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Adobe
[2012/07/26 17:19:22 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\PC Suite
[2012/07/26 17:19:22 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Nokia
[2012/07/26 17:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/07/26 17:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012/07/26 17:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012/07/26 17:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2012/07/26 17:17:43 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012/07/26 17:17:17 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2012/07/26 17:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012/07/26 15:04:03 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\fizzy
[2012/07/25 01:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/25 01:47:55 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Babylon
[2012/07/25 01:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo!
[2012/07/24 21:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/24 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Apple
[2012/07/23 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Need for Speed World
[2012/07/23 18:17:01 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Electronic_Arts_Inc
[2012/07/23 10:50:51 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Macromedia
[2012/07/23 10:50:51 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Macromedia
[2012/07/23 10:49:43 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Mozilla
[2012/07/23 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\ATI
[2012/07/23 10:48:40 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\ATI
[2012/07/23 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Apple Computer
[2012/07/23 10:30:49 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\ESET
[2012/07/23 10:24:00 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Adobe
[2012/07/23 04:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/22 23:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fizzy
[2012/07/22 23:07:42 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/07/21 22:06:28 | 000,000,000 | ---D | C] -- C:\Users\Fahro\Documents\The Lord of the Rings Online
[2012/07/21 01:20:17 | 000,000,000 | ---D | C] -- C:\Users\Fahro\Documents\Need for Speed World
[2012/07/21 00:36:33 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Documents
[2012/07/20 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/07/20 17:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Allmyapps
[2012/07/18 19:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2012/07/15 15:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012/07/15 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\Fahro\.thumbnails
[2012/07/15 01:05:08 | 000,000,000 | ---D | C] -- C:\Users\Fahro\.gimp-2.8
[2012/07/14 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\AMD
[2012/07/14 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/14 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/14 16:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/14 16:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/07/14 16:29:19 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2012/07/14 16:24:12 | 000,000,000 | ---D | C] -- C:\AMD
[2012/07/13 01:05:48 | 000,094,208 | ---- | C] (Neil 'Jed' Jedrzejewski) -- C:\Windows\System32\vtfthumbext.dll
[2012/07/13 01:05:48 | 000,041,984 | ---- | C] (Neil 'Jed' Jedrzejewski) -- C:\Windows\System32\vtfcolumnext.dll
[2012/07/13 01:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSM SourceSDK
[2012/07/11 23:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
[2012/07/11 22:57:44 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2012/07/11 22:56:45 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2012/07/11 21:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/11 15:47:41 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/07/11 14:41:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/07/11 12:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/07/10 16:02:49 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Akamai
[2012/07/10 11:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Ray SDK
[2012/07/09 04:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/09 04:51:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/07/09 04:47:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/07/09 04:23:45 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Apple Computer
[2012/07/09 04:23:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/07/09 04:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/07/09 04:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/09 04:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/09 04:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/07/09 03:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/04 19:07:22 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/07/04 19:07:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/07/04 19:07:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/07/04 19:07:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/07/04 19:07:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/07/04 19:07:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012/07/04 19:07:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/07/04 19:07:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012/07/04 19:07:21 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/07/04 19:07:20 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012/07/04 19:07:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012/07/04 19:07:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012/07/04 19:07:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012/07/04 19:07:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012/07/04 19:07:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/07/04 19:07:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012/07/04 19:07:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/07/04 19:07:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/07/04 19:07:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/07/04 19:07:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/07/04 19:07:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/07/04 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/07/04 18:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/04 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/07/04 18:55:00 | 000,000,000 | ---D | C] -- G:\Program Files\bitComposer Games
[2012/07/04 08:58:12 | 010,070,016 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2012/07/04 08:35:46 | 019,586,048 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2012/07/04 08:27:18 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2012/07/04 08:27:08 | 000,918,528 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2012/07/04 08:21:46 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2012/07/04 08:21:18 | 000,453,632 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2012/07/04 08:20:42 | 000,217,088 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2012/07/04 08:19:24 | 000,163,840 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2012/07/04 08:19:14 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2012/07/04 08:19:06 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2012/07/04 07:36:22 | 000,058,368 | ---- | C] (AMD) -- C:\Windows\System32\coinst_8.97.100.3.dll
[2012/07/04 07:36:14 | 001,960,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2012/07/04 07:11:38 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2012/07/04 07:11:38 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2012/07/04 07:11:28 | 000,364,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2012/07/04 07:11:16 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2012/07/04 07:11:04 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2012/07/04 07:10:30 | 000,290,304 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2012/07/04 07:09:56 | 000,042,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2012/07/04 07:09:42 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2012/07/04 07:09:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2012/07/04 07:04:28 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2012/07/04 07:04:18 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2012/07/04 06:59:40 | 013,402,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2012/07/04 02:32:02 | 000,065,024 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OpenVideo.dll
[2012/07/04 02:31:52 | 000,056,320 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OVDecode.dll
[2012/07/04 02:30:58 | 013,008,384 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll
[2012/07/04 02:30:08 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/07/03 20:13:16 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012/07/03 20:13:16 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/07/03 20:13:16 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/07/03 20:13:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/07/03 20:13:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/07/03 20:13:16 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/07/03 16:47:16 | 000,000,000 | ---D | C] -- G:\Program Files\BitTorrent
[2012/07/03 16:28:52 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\BitTorrent
[2012/07/03 16:18:55 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/03 16:18:55 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/03 16:18:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/07/03 16:15:50 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012/07/03 16:15:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012/07/03 16:15:50 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012/07/03 16:15:49 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012/07/03 16:15:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012/07/03 16:15:49 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012/07/03 16:15:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012/07/03 16:15:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012/07/03 16:15:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012/07/03 16:15:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012/07/03 16:15:48 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012/07/03 16:15:48 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012/07/03 16:15:48 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012/07/03 16:15:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012/07/03 16:15:47 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012/07/03 16:15:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012/07/03 16:15:47 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012/07/03 16:15:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012/07/03 16:15:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012/07/03 16:15:47 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012/07/03 16:15:46 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/07/03 16:15:46 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012/07/03 16:15:46 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012/07/03 16:15:46 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012/07/03 16:15:46 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012/07/03 16:15:45 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012/07/03 16:15:45 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012/07/03 16:15:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012/07/03 16:15:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012/07/03 16:15:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012/07/03 16:15:45 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012/07/03 16:15:44 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012/07/03 16:15:44 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012/07/03 16:15:44 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012/07/03 16:15:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/07/03 16:15:43 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/07/03 16:15:43 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012/07/03 16:15:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/07/03 16:15:42 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/07/03 16:15:42 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/07/03 16:15:42 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/07/03 16:15:42 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/07/03 16:15:41 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/07/03 16:15:34 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/07/03 16:15:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/07/03 16:15:33 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/07/03 16:15:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/07/03 16:15:33 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/07/03 16:15:33 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/07/03 16:15:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/07/03 16:15:31 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/07/03 16:15:30 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/07/03 16:04:41 | 000,000,000 | ---D | C] -- G:\Program Files\Deep Silver
[2012/07/03 11:30:13 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/07/03 11:30:13 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/07/03 11:29:50 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/07/03 11:29:50 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/07/03 11:29:50 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/07/03 11:29:39 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/07/03 11:29:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/07/03 07:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/07/03 07:42:02 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/07/03 06:47:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/03 06:45:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/07/03 06:44:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/07/02 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Roaming\Skype
[2012/07/02 22:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/02 22:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/07/02 22:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/02 22:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/02 22:51:56 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/02 22:51:55 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/02 22:51:55 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/02 22:51:55 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/02 22:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/02 22:50:35 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/07/02 22:34:46 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Mozilla
[2012/07/02 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/02 22:22:55 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Opera
[2012/07/02 22:20:47 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Google
[2012/07/02 22:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/07/02 22:14:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2012/07/02 22:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/02 22:13:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/02 22:12:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/07/02 22:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
[2012/07/02 22:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/07/02 22:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/07/02 22:04:38 | 000,000,000 | ---D | C] -- C:\Purefix_v2.01
[2012/07/02 22:04:34 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/07/02 22:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/02 22:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/07/02 22:03:24 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/07/02 22:03:24 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/07/02 22:03:24 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/07/02 22:03:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/07/02 22:03:22 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012/07/02 22:03:22 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2012/07/02 22:03:22 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/07/02 22:03:21 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2012/07/02 22:03:20 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2012/07/02 22:03:19 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2012/07/02 22:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012/07/02 22:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012/07/02 22:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/02 21:54:41 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Searches
[2012/07/02 21:54:19 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Contacts
[2012/07/02 21:53:58 | 000,000,000 | --SD | C] -- C:\Users\Fahro\AppData\Roaming\Microsoft
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Videos
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Saved Games
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Pictures
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Music
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Links
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Favorites
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Downloads
[2012/07/02 21:53:58 | 000,000,000 | R--D | C] -- C:\Users\Fahro\Desktop
[2012/07/02 21:53:58 | 000,000,000 | -H-D | C] -- C:\Users\Fahro\AppData
[2012/07/02 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Temp
[2012/07/02 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Fahro\AppData\Local\Microsoft
[2012/07/02 21:53:55 | 000,000,000 | ---D | C] -- C:\Users\Fahro\Fahro
[2012/07/02 21:53:29 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/08/01 20:07:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Fahro\Desktop\OTL.exe
[2012/08/01 19:52:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 19:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1350697212-3610436638-3386948606-1001UA.job
[2012/08/01 17:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 13:29:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 13:29:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 13:21:43 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 11:18:48 | 000,000,081 | ---- | M] () -- C:\Users\Fahro\Desktop\realmlist.What the...
[2012/08/01 01:20:48 | 000,000,359 | ---- | M] () -- C:\Users\Fahro\Desktop\Recycle Bin - Shortcut.lnk
[2012/07/31 23:42:15 | 000,588,691 | ---- | M] () -- C:\Users\Fahro\Desktop\Faxxx.png
[2012/07/31 20:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1350697212-3610436638-3386948606-1001Core.job
[2012/07/31 18:07:29 | 002,577,323 | ---- | M] () -- C:\Users\Fahro\Desktop\DSC_7712.JPG
[2012/07/31 18:03:09 | 000,697,184 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012/07/31 18:03:09 | 000,683,828 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012/07/31 18:03:09 | 000,641,466 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2012/07/31 18:03:09 | 000,631,138 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012/07/31 18:03:09 | 000,623,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/31 18:03:09 | 000,150,268 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2012/07/31 18:03:09 | 000,136,674 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012/07/31 18:03:09 | 000,133,600 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012/07/31 18:03:09 | 000,123,564 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012/07/31 18:03:09 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/31 17:50:04 | 001,253,490 | ---- | M] () -- C:\Users\Fahro\Desktop\DSC_7713.JPG
[2012/07/30 22:22:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/30 22:22:43 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/30 16:24:44 | 000,272,446 | ---- | M] () -- C:\Users\Fahro\Desktop\487817_330577513698568_2111877652_n.jpg
[2012/07/30 15:39:10 | 000,028,458 | ---- | M] () -- C:\Users\Fahro\Desktop\Faxx.jpg
[2012/07/29 16:25:48 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/07/29 15:14:00 | 000,150,485 | ---- | M] () -- C:\Users\Fahro\Desktop\faxxy.png
[2012/07/29 02:21:25 | 000,297,714 | ---- | M] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2012/07/29 02:21:25 | 000,000,599 | ---- | M] () -- C:\Users\Fahro\Desktop\A Tale in the Desert.lnk
[2012/07/29 01:49:21 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Stainless Steel 6.3.lnk
[2012/07/28 20:49:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/28 20:49:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/28 19:16:13 | 000,001,204 | ---- | M] () -- C:\Users\Fahro\Desktop\EverQuest.lnk
[2012/07/26 17:20:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/07/26 17:18:01 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2012/07/25 02:27:47 | 000,117,542 | ---- | M] () -- C:\Users\Fahro\Desktop\558411_4391651479633_301986235_n modified.jpg
[2012/07/25 01:47:27 | 008,161,357 | ---- | M] ( ) -- C:\Users\Fahro\Desktop\peditor11inst.exe
[2012/07/25 01:00:07 | 000,080,724 | ---- | M] () -- C:\Users\Fahro\Desktop\558411_4391651479633_301986235_n.jpg
[2012/07/24 21:14:19 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/23 17:28:47 | 000,002,316 | ---- | M] () -- C:\Users\Fahro\Desktop\Google Chrome.lnk
[2012/07/23 08:49:41 | 000,109,638 | ---- | M] () -- C:\Users\Fahro\Desktop\steve-jobs-facebook-cover.jpg
[2012/07/22 01:00:53 | 000,194,867 | ---- | M] () -- C:\Users\Fahro\Desktop\ff.png
[2012/07/21 22:29:40 | 000,325,331 | ---- | M] () -- C:\Users\Fahro\Desktop\Untitled.png
[2012/07/21 22:15:16 | 000,132,356 | ---- | M] () -- C:\Users\Fahro\Desktop\earth.jpg
[2012/07/20 23:43:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2012/07/16 17:20:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/07/16 17:20:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/07/16 11:11:34 | 000,287,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/15 15:26:15 | 000,014,336 | -H-- | M] () -- C:\Users\Fahro\Desktop\photothumb.db
[2012/07/15 00:22:45 | 000,515,451 | ---- | M] () -- C:\Users\Fahro\Desktop\merit1.jpg
[2012/07/12 13:38:53 | 000,000,628 | ---- | M] () -- C:\Users\Fahro\Desktop\Call of Duty 2 SinglePlayer.lnk
[2012/07/12 00:17:34 | 000,000,988 | ---- | M] () -- C:\Windows\level.ini
[2012/07/12 00:08:44 | 000,001,041 | ---- | M] () -- C:\Windows\particle.ini
[2012/07/11 23:00:16 | 000,000,810 | ---- | M] () -- C:\Windows\Rtcw.INI
[2012/07/11 15:47:41 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/07/11 12:03:37 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/07/09 04:25:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/09 03:54:28 | 000,002,040 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/04 08:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2012/07/04 08:35:46 | 019,586,048 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2012/07/04 08:28:20 | 000,246,000 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2012/07/04 08:27:18 | 000,159,744 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2012/07/04 08:27:08 | 000,918,528 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\aticfx32.dll
[2012/07/04 08:21:46 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2012/07/04 08:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2012/07/04 08:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2012/07/04 08:19:24 | 000,163,840 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2012/07/04 08:19:14 | 000,020,992 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2012/07/04 08:19:06 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2012/07/04 08:18:18 | 006,811,648 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atidxx32.dll
[2012/07/04 07:36:22 | 000,058,368 | ---- | M] (AMD) -- C:\Windows\System32\coinst_8.97.100.3.dll
[2012/07/04 07:36:14 | 001,960,960 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdmv.dll
[2012/07/04 07:35:14 | 006,245,888 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdag.dll
[2012/07/04 07:28:52 | 004,749,312 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2012/07/04 07:27:30 | 002,852,480 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2012/07/04 07:27:30 | 000,204,952 | ---- | M] () -- C:\Windows\System32\ativvsvl.dat
[2012/07/04 07:27:30 | 000,157,144 | ---- | M] () -- C:\Windows\System32\ativvsva.dat
[2012/07/04 07:11:38 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2012/07/04 07:11:38 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2012/07/04 07:11:28 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2012/07/04 07:11:16 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2012/07/04 07:11:04 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2012/07/04 07:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2012/07/04 07:09:56 | 000,042,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2012/07/04 07:09:42 | 000,032,768 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2012/07/04 07:09:10 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2012/07/04 07:04:28 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2012/07/04 07:04:18 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2012/07/04 06:59:40 | 013,402,112 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2012/07/04 02:32:18 | 000,159,232 | ---- | M] () -- C:\Windows\System32\clinfo.exe
[2012/07/04 02:32:02 | 000,065,024 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OpenVideo.dll
[2012/07/04 02:31:52 | 000,056,320 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\OVDecode.dll
[2012/07/04 02:30:58 | 013,008,384 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\amdocl.dll
[2012/07/04 02:30:08 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/07/03 16:47:25 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/07/03 16:19:17 | 000,279,712 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/07/03 16:16:27 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/07/03 07:42:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/07/03 06:49:59 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/07/03 06:48:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/07/03 06:48:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/02 22:52:21 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/02 22:22:31 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/02 22:20:25 | 000,281,032 | RHS- | M] () -- C:\JIFCZ
[2012/07/02 22:14:53 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/07/02 22:09:43 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk
[2012/07/02 22:02:10 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 10.lnk

========== Files Created - No Company Name ==========

[2012/08/01 11:18:53 | 000,000,081 | ---- | C] () -- C:\Users\Fahro\Desktop\realmlist.What the...
[2012/08/01 01:20:48 | 000,000,359 | ---- | C] () -- C:\Users\Fahro\Desktop\Recycle Bin - Shortcut.lnk
[2012/07/31 23:42:14 | 000,588,691 | ---- | C] () -- C:\Users\Fahro\Desktop\Faxxx.png
[2012/07/31 18:02:33 | 001,253,490 | ---- | C] () -- C:\Users\Fahro\Desktop\DSC_7713.JPG
[2012/07/31 18:02:31 | 002,577,323 | ---- | C] () -- C:\Users\Fahro\Desktop\DSC_7712.JPG
[2012/07/30 16:23:04 | 000,272,446 | ---- | C] () -- C:\Users\Fahro\Desktop\487817_330577513698568_2111877652_n.jpg
[2012/07/30 15:39:15 | 000,028,458 | ---- | C] () -- C:\Users\Fahro\Desktop\Faxx.jpg
[2012/07/29 16:25:48 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/07/29 15:14:00 | 000,150,485 | ---- | C] () -- C:\Users\Fahro\Desktop\faxxy.png
[2012/07/29 02:21:25 | 000,297,714 | ---- | C] () -- C:\Windows\A Tale in the Desert Uninstaller.exe
[2012/07/29 02:21:25 | 000,000,599 | ---- | C] () -- C:\Users\Fahro\Desktop\A Tale in the Desert.lnk
[2012/07/29 01:49:21 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Stainless Steel 6.3.lnk
[2012/07/28 13:53:08 | 000,001,204 | ---- | C] () -- C:\Users\Fahro\Desktop\EverQuest.lnk
[2012/07/28 13:53:08 | 000,001,132 | ---- | C] () -- C:\Users\Fahro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk
[2012/07/26 17:20:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012/07/26 17:18:01 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2012/07/25 02:27:47 | 000,117,542 | ---- | C] () -- C:\Users\Fahro\Desktop\558411_4391651479633_301986235_n modified.jpg
[2012/07/25 01:47:09 | 008,161,357 | ---- | C] ( ) -- C:\Users\Fahro\Desktop\peditor11inst.exe
[2012/07/25 01:00:12 | 000,080,724 | ---- | C] () -- C:\Users\Fahro\Desktop\558411_4391651479633_301986235_n.jpg
[2012/07/24 21:14:19 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/23 08:49:44 | 000,109,638 | ---- | C] () -- C:\Users\Fahro\Desktop\steve-jobs-facebook-cover.jpg
[2012/07/22 01:00:52 | 000,194,867 | ---- | C] () -- C:\Users\Fahro\Desktop\ff.png
[2012/07/21 22:29:40 | 000,325,331 | ---- | C] () -- C:\Users\Fahro\Desktop\Untitled.png
[2012/07/21 22:15:01 | 000,132,356 | ---- | C] () -- C:\Users\Fahro\Desktop\earth.jpg
[2012/07/20 23:43:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2012/07/16 17:20:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/07/16 17:20:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/07/15 15:25:36 | 000,014,336 | -H-- | C] () -- C:\Users\Fahro\Desktop\photothumb.db
[2012/07/15 00:57:17 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/15 00:22:40 | 000,515,451 | ---- | C] () -- C:\Users\Fahro\Desktop\merit1.jpg
[2012/07/13 01:05:48 | 000,516,096 | ---- | C] () -- C:\Windows\System32\VTFLib.dll
[2012/07/12 13:38:53 | 000,000,628 | ---- | C] () -- C:\Users\Fahro\Desktop\Call of Duty 2 SinglePlayer.lnk
[2012/07/12 00:17:33 | 000,000,988 | ---- | C] () -- C:\Windows\level.ini
[2012/07/12 00:08:44 | 000,001,041 | ---- | C] () -- C:\Windows\particle.ini
[2012/07/11 22:56:37 | 000,000,810 | ---- | C] () -- C:\Windows\Rtcw.INI
[2012/07/11 12:03:37 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/07/09 04:25:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/09 04:20:54 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/04 18:58:46 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/04 18:58:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/04 08:28:20 | 000,246,000 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2012/07/04 07:27:30 | 002,852,480 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2012/07/04 07:27:30 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/07/04 07:27:30 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/07/04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/03 16:47:25 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/07/03 16:18:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/03 16:16:27 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/07/03 16:16:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/07/03 07:42:05 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/07/03 07:42:03 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012/07/03 06:49:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/03 06:49:35 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/03 06:48:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/03 06:48:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/03 06:44:29 | 1610,014,720 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/02 22:52:21 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/02 22:48:41 | 000,002,316 | ---- | C] () -- C:\Users\Fahro\Desktop\Google Chrome.lnk
[2012/07/02 22:22:54 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/07/02 22:22:31 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/02 22:22:31 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/02 22:20:49 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1350697212-3610436638-3386948606-1001UA.job
[2012/07/02 22:20:48 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1350697212-3610436638-3386948606-1001Core.job
[2012/07/02 22:20:24 | 000,281,032 | RHS- | C] () -- C:\JIFCZ
[2012/07/02 22:14:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/02 22:09:43 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\Update NOD32 license.lnk
[2012/07/02 22:03:23 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/02 22:03:23 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/07/02 22:03:22 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012/07/02 22:03:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/07/02 22:03:21 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/07/02 22:03:21 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/07/02 22:03:19 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/07/02 22:02:10 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 10.lnk
[2012/04/18 19:39:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/03/06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== LOP Check ==========

[2012/07/28 14:57:28 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\Ashampoo
[2012/07/25 01:47:55 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\Babylon
[2012/07/30 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\BitTorrent
[2012/07/26 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\fizzy
[2012/07/29 00:10:06 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\MilkShape 3D 1.x.x
[2012/07/23 18:18:02 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\Need for Speed World
[2012/07/29 17:35:50 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\Nokia
[2012/07/26 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\PC Suite
[2012/07/30 16:24:21 | 000,000,000 | ---D | M] -- C:\Users\Fahro\AppData\Roaming\PhotoScape
[2009/07/14 06:53:46 | 000,012,398 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/04/04 07:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/09/04 07:54:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0F006BAEB5F7BF8128B634046B6AFC20 -- C:\Windows\System32\ru-RU\services.exe.mui
[2009/09/04 07:54:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0F006BAEB5F7BF8128B634046B6AFC20 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_b2f4b4eed84dbed9\services.exe.mui
[2009/09/04 07:24:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=54AD4E57E9B71B60FD700AD6CF17AD6F -- C:\Windows\System32\cs-CZ\services.exe.mui
[2009/09/04 07:24:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=54AD4E57E9B71B60FD700AD6CF17AD6F -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_267d51dea04e66d4\services.exe.mui
[2009/09/04 07:33:27 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=75318ED0E80FDFE219594954D6FD0570 -- C:\Windows\System32\hu-HU\services.exe.mui
[2009/09/04 07:33:27 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=75318ED0E80FDFE219594954D6FD0570 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_53c6f0655ea19a55\services.exe.mui
[2009/09/04 07:43:33 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=A23ED3C2245080D27C9ED860C2837B42 -- C:\Windows\System32\pl-PL\services.exe.mui
[2009/09/04 07:43:33 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=A23ED3C2245080D27C9ED860C2837B42 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_691be91af5732ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/09/04 07:54:13 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\System32\ru-RU\services.msc
[2009/09/04 07:54:13 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed3684daaeb758cc\services.msc
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/09/04 07:24:27 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\System32\cs-CZ\services.msc
[2009/09/04 07:24:27 | 000,092,783 | ---- | M] () MD5=83D67501F523432693756799EEA7F1A0 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_60bf21ca76b800c7\services.msc
[2009/09/04 07:33:24 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\System32\hu-HU\services.msc
[2009/09/04 07:33:24 | 000,092,763 | ---- | M] () MD5=8EF69E13C021F7C1D060E22019990830 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_8e08c051350b3448\services.msc
[2009/09/04 07:43:31 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\System32\pl-PL\services.msc
[2009/09/04 07:43:31 | 000,092,756 | ---- | M] () MD5=C32B37F3C50BF058FC4860267DB4CD56 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_a35db906cbdcc6e0\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/18 21:38:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/18 21:38:54 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< End of report >
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Extras.txt

OTL Extras logfile created on: 01/08/2012 20:12:44 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Fahro\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.02% Memory free
4.00 Gb Paging File | 1.95 Gb Available in Paging File | 48.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 26.37 Gb Total Space | 0.27 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 3.85 Gb Free Space | 9.86% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 0.53 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Drive F: | 39.29 Gb Total Space | 5.16 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive G: | 109.98 Gb Total Space | 28.66 Gb Free Space | 26.06% Space Free | Partition Type: NTFS

Computer Name: FAHRO-PC | User Name: Fahro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_USERS\S-1-5-21-1350697212-3610436638-3386948606-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0286947B-F63A-42D5-8AFD-4C1D75B254C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D167AB2-A34E-4A86-BCAD-B86106EEE457}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F68F8D4-05CB-4D9C-B153-949E8D69A453}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{16B2BF93-0E78-4BF7-9A9B-B0FCB9817F0D}" = rport=139 | protocol=6 | dir=out | app=system |
"{2919B646-1705-43EC-895F-69A657446CBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{35B93B53-85D3-4E6F-830A-D3A2B7C26A8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B91AFF5-39C2-4DAB-AD81-904240BCD00F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B8ACF2-69CB-4FA9-B537-A5DEC3EC6F50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D6FFEC8-3AC5-48C9-9D32-0C6C211C1B09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AABDE95-C69F-4F35-B4C9-53C951B7B805}" = lport=139 | protocol=6 | dir=in | app=system |
"{80ABEFF5-D719-42B6-8C89-B2E398418444}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D80D931-D4C6-4774-84A7-C596732853C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EB41EBE-6E27-40AB-823B-0F2FFDC84E91}" = lport=445 | protocol=6 | dir=in | app=system |
"{A149BEF3-59D6-4E8A-922D-C84686F8C536}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A323B2B5-D8F4-4DB3-9981-AAE84440E7E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A4AB5A69-1FE2-4086-A3E3-EE43C3762ADF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A88651C2-8CBC-4450-84C8-5AC65467D482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C97F308D-B197-4FC1-B923-109860326E65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE04A5D5-3C50-45C9-B0B0-92916EE8BB26}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CF315F50-DE53-4AE9-BAD6-ADAF94D44F8D}" = lport=138 | protocol=17 | dir=in | app=system |
"{D95D176B-5B80-4269-A335-4815E1259F2A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8968B1F-EE0E-4FE6-A186-619F9474DB4F}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface |
"{F22926C2-523E-43E5-8F4C-217668353124}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CF20D1-6AAF-45D0-9FF8-CD4E29F20281}" = protocol=1 | dir=out | [email protected],-28544 |
"{11A8AFAC-7F47-4793-9D33-76A84E45ACB2}" = protocol=6 | dir=in | app=c:\program files\searchresults9\dtuser.exe |
"{1FD5CB30-9BFE-49E8-9EC8-863518303512}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BD05B5A-48A2-4004-B08E-864C2C3E7A16}" = protocol=6 | dir=out | app=system |
"{2D4B08F4-F9C1-4A1F-9435-C70411F9C849}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B295F12-CFFD-40B1-BEA8-D670FF3E104C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CC98A54-6D7C-4E80-BD05-E39FB4840CD2}" = protocol=6 | dir=in | app=g:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{4268B211-9F30-468D-9987-BBADF1B68CBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C1859B5-1E62-427A-80FA-FFDBD4B54304}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{509FE170-5F8D-4255-AC04-BB57DC2C0DDB}" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{50FAB68F-D51F-44AB-94B7-7EB923D76E2E}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{52BA0DB0-6587-41B9-80E6-1A28DB048965}" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe |
"{53CCB064-1267-411F-99E3-59551A68F5B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5427E3A3-5089-4DE0-86DB-AB68631375C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58A67097-B3C5-47FC-BF7C-A55F2584229C}" = protocol=6 | dir=in | app=g:\program files\bittorrent\bittorrent.exe |
"{5EA94209-B251-43FD-82F1-852085D1A5CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61A96D6B-D1C8-4917-898E-B6DD761C0707}" = protocol=6 | dir=in | app=g:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{705D816F-48DF-4E34-8790-74D3EE01CEB1}" = protocol=58 | dir=in | [email protected],-28545 |
"{733C6D39-A968-4030-850D-8D1AC37E40CC}" = protocol=17 | dir=in | app=g:\world 'o' warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{7D89161E-016A-442A-AF06-E10C48E648D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81710066-AA3D-45A3-ADEA-B830A513B3EF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9711CA34-A6FA-4A0A-B108-E8C3ADA4AD9C}" = protocol=1 | dir=in | [email protected],-28543 |
"{9A130B6B-A687-4B23-B229-8B6C0CCC3560}" = protocol=58 | dir=out | [email protected],-28546 |
"{A889638F-9543-42AC-AF35-13ADD96BD086}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9FBA4B8-055A-4C0A-B0C1-90E11068D51A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB671A38-7144-4362-9389-1650B87CABB5}" = protocol=6 | dir=in | app=g:\world 'o' warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{AD13CBE3-E0A1-4E76-A818-BD289EBAA7D4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AFB121C7-48C7-4894-A085-FA29DCD4376D}" = protocol=17 | dir=in | app=g:\program files\bittorrent\bittorrent.exe |
"{AFF14857-7EFB-44C1-AF6E-CF335B1DE718}" = protocol=17 | dir=in | app=g:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{B0D269D5-12AC-482B-A260-ACD9CB3A6CCC}" = protocol=17 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{B3841E78-C32E-4DAC-9AAF-118D9E40BDEB}" = protocol=17 | dir=in | app=g:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe |
"{B5EF1546-FEFB-4754-BE89-B0C5A04345CD}" = protocol=17 | dir=in | app=g:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{BBE1A5D3-1B42-45F7-BFC8-4933484C7532}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{BEFB486A-A10C-45EC-A655-2AB95E78090E}" = protocol=6 | dir=in | app=c:\program files\valve\half-life 2\hl2.exe |
"{BF11AAEE-E59F-4713-BF4D-416850159995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF7E6E0D-10CB-4A25-BE95-A3E624A981D3}" = protocol=6 | dir=in | app=g:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{C3BF31FB-D4DA-4B2D-8A66-543442A7421A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C79A0623-0E2A-41D0-8110-BF6A9CE92BDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA7C0794-6643-4745-B62B-7CCA26B43F1F}" = protocol=17 | dir=in | app=c:\program files\searchresults9\dtuser.exe |
"{EE6783D9-E4D0-4164-A7E7-389BC3AAA8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB58FF4-AE81-4CE0-9DBE-1C51AFD7C9B2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3DC10FB9-083F-4A64-AB07-43C3B879703D}G:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=g:\call of duty 2\cod2mp_s.exe |
"TCP Query User{4F25711F-3A1F-4B31-BAD1-9551EB884638}C:\users\fahro\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fahro\appdata\local\akamai\netsession_win.exe |
"TCP Query User{52098F2B-456D-43B2-BC0A-95B65713CE9D}G:\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=g:\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{726D507E-893F-463A-98A7-D776D493F80F}G:\a tale in the desert\eclient.exe" = protocol=6 | dir=in | app=g:\a tale in the desert\eclient.exe |
"TCP Query User{75EDE919-ED6B-4BC8-A2B1-28DC792A4330}G:\programfiles\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=g:\programfiles\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{81E6F35A-AC22-4F8E-BCB7-F545439857DC}G:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=g:\program files\sega\medieval ii total war\kingdoms.exe |
"TCP Query User{ABC93CB3-984F-4A17-850A-166C10ADCFA7}G:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=g:\program files\sega\medieval ii total war\medieval2.exe |
"TCP Query User{AE452F92-10CF-41BF-9900-2C7D3342B0FD}D:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=d:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{C2CCC412-C5ED-4E74-A30A-08C56CCAEF5C}C:\users\fahro\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fahro\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D68B8870-453F-4D5F-BDE8-55B267CE507E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D99E0314-2250-465D-A5B3-6BF11692526F}G:\program files\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=g:\program files\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{0568BC84-68D1-40C9-A716-BD8CB848E807}C:\users\fahro\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fahro\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0DFE3E1A-9E00-4739-B8A6-136BFBBC4A3B}C:\users\fahro\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fahro\appdata\local\akamai\netsession_win.exe |
"UDP Query User{57F96D7B-E1FB-49FD-AB71-D5315776A718}G:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=g:\program files\sega\medieval ii total war\kingdoms.exe |
"UDP Query User{9A4787A6-489A-45FB-90D7-053E987DF823}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9BC6901F-812C-4AB0-990B-BB74CD39AC3B}G:\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=g:\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{9FA73340-B416-4EA9-9E4E-4864864DA604}G:\programfiles\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=g:\programfiles\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AE727E0B-A32B-4C8A-8A7A-5D89798E8D65}G:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=g:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{B7E2E6E2-157D-4972-B478-1767179C2DE0}G:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=g:\call of duty 2\cod2mp_s.exe |
"UDP Query User{E5E015D8-3C77-4C45-9D00-CBC68D08340E}G:\a tale in the desert\eclient.exe" = protocol=17 | dir=in | app=g:\a tale in the desert\eclient.exe |
"UDP Query User{F5F769E3-4EF1-4380-B6E3-B3A853E62673}G:\program files\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=g:\program files\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{FD97ECB4-BEF9-48EF-B184-427569A53C36}D:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=d:\program files\return to castle wolfenstein\wolfmp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{09531D9D-21C0-03DD-9281-1C812E4D7CAA}" = AMD Accelerated Video Transcoding
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = AMD VISION Engine Control Center
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{785C2367-7EB2-64EB-A361-86BB863A146B}" = AMD Fuel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}" = Tom Clancy's EndWar
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2920BBC-E708-1322-C3F7-7B0146F8EE7F}" = AMD Media Foundation Decoders
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{CF9B66B8-F8BC-4BE6-A512-F0FC4708269E}" = AMD Catalyst Install Manager
"{D0C9C769-835C-6DC6-C654-4BCFBA08A72E}" = AMD Drag and Drop Transcoding
"{D87A56DF-C7BC-C037-B0A0-3F9069EC3EFF}" = ccc-utility
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F9E858E3-522C-4E89-AACC-619CCA2E1EA4}" = ESET NOD32 Antivirus
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 4.65
"A Tale in the Desert" = A Tale in the Desert
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Crusader" = Crusader 1.0
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"GIMP-2_is1" = GIMP 2.8.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5
"McAfee Security Scan" = McAfee Security Scan Plus
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Opera 12.00.1467" = Opera 12.00
"PhotoScape" = PhotoScape
"PhotoToolkit_is1" = Photo! Editor 1.1
"PowerISO" = PowerISO
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"REVOLUTiON CSM SourceSDK SP3" = REVOLUTiON CSM SourceSDK with Service Pack 3
"searchresults9" = Search Results Toolbar
"Swords and Sandals 2" = Swords and Sandals 2 2.0
"TNod" = TNod User & Password Finder
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver
"X-Ray SDK Patch 0.4_is1" = X-Ray SDK Patch 0.4
"X-Ray SDK_is1" = X-Ray SDK v0.4
"ZiggyTV" = ZiggyTV

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1350697212-3610436638-3386948606-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-EverQuest" = EverQuest

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/07/2012 08:19:50 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29/07/2012 08:19:50 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3073

Error - 29/07/2012 08:19:50 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3073

Error - 29/07/2012 10:00:50 | Computer Name = Fahro-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aeria_ignite_install.exe, version: 0.0.0.0,
time stamp: 0x4fa136ff Faulting module name: aeria_ignite_install.exe, version:
0.0.0.0, time stamp: 0x4fa136ff Exception code: 0xc0000005 Fault offset: 0x0002db2e
Faulting
process id: 0x778 Faulting application start time: 0x01cd6d928e72e680 Faulting application
path: G:\AeriaGames\Downloader\aeria_ignite_install.exe Faulting module path: G:\AeriaGames\Downloader\aeria_ignite_install.exe
Report
Id: cd1d41f0-d985-11e1-b0dd-8c89a530aad5

Error - 30/07/2012 06:55:53 | Computer Name = Fahro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/07/2012 12:02:16 | Computer Name = Fahro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "M:\iTunes64Setup.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/07/2012 13:01:11 | Computer Name = Fahro-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 31/07/2012 17:06:20 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 31/07/2012 17:06:20 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 31/07/2012 17:06:20 | Computer Name = Fahro-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

[ System Events ]
Error - 31/07/2012 06:17:56 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 31/07/2012 06:20:17 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error: %%126

Error - 31/07/2012 06:20:17 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7000
Description = The WMPNetworkSvc service failed to start due to the following error:
%%2

Error - 31/07/2012 17:17:39 | Computer Name = Fahro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 31/07/2012 19:22:54 | Computer Name = Fahro-PC | Source = DCOM | ID = 10000
Description =

Error - 31/07/2012 20:54:48 | Computer Name = Fahro-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 01/08/2012 07:21:58 | Computer Name = Fahro-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 01/08/2012 07:21:58 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 01/08/2012 07:24:14 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error: %%126

Error - 01/08/2012 07:24:14 | Computer Name = Fahro-PC | Source = Service Control Manager | ID = 7000
Description = The WMPNetworkSvc service failed to start due to the following error:
%%2


< End of report >




Thanks
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [resethosts]
    [emptytemp]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hello and thanks again.

Well, I think I did something wrong;
I copied the text, ran the program as an administrator and pressed Run Fix. The problem is, my screen went black, and a window appeared which said that a file named "Fahro.bat" could not be created, with only the OTL program visible. At the lower left corner of the window it said : Killing processes (DO NOT INTERRUPT) well it did that for maybe 5 minutes, and nothing. I restarted my system.

Edited by Faxxy, 01 August 2012 - 03:32 PM.

  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#7
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ComboFix 12-07-31.03 - Fahro 01/08/2012 23:44:35.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1263 [GMT 2:00]
Running from: c:\users\Fahro\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 21:52 . 2012-08-01 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 21:13 . 2012-08-01 21:13 -------- d-----w- C:\_OTL
2012-08-01 09:10 . 2012-08-01 09:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-08-01 09:09 . 2012-08-01 09:09 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-30 20:31 . 2012-07-30 20:31 -------- d-----w- c:\program files\Common Files\Java
2012-07-30 20:23 . 2012-07-30 20:23 -------- d-----w- g:\program files\Oracle
2012-07-30 20:22 . 2012-07-30 20:22 -------- d-----w- g:\program files\Java
2012-07-30 14:23 . 2012-07-30 14:24 -------- d-----w- c:\users\Fahro\AppData\Roaming\PhotoScape
2012-07-29 15:51 . 2012-07-29 17:13 -------- d-----w- g:\program files\STALKER
2012-07-29 14:26 . 2012-07-29 14:26 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-29 14:25 . 2012-07-29 14:25 -------- d-----w- g:\program files\GreenTree Applications
2012-07-29 14:03 . 2012-07-29 14:03 -------- d-----w- C:\AeriaGames
2012-07-29 00:21 . 2012-07-29 00:21 297714 ----a-w- c:\windows\A Tale in the Desert Uninstaller.exe
2012-07-28 22:09 . 2012-07-28 22:10 -------- d-----w- c:\users\Fahro\AppData\Roaming\MilkShape 3D 1.x.x
2012-07-28 19:57 . 2012-07-28 20:21 -------- d-----w- c:\users\Fahro\AppData\Roaming\vlc
2012-07-28 19:54 . 2012-07-28 19:55 -------- d-----w- C:\VLC
2012-07-28 12:57 . 2012-07-28 12:57 -------- d-----w- c:\users\Fahro\AppData\Local\Ashampoo
2012-07-28 12:57 . 2012-07-28 12:57 -------- d-----w- c:\users\Fahro\AppData\Roaming\Ashampoo
2012-07-28 12:10 . 2012-07-28 12:10 -------- d-----w- c:\users\Fahro\AppData\Local\SCE
2012-07-28 12:10 . 2012-07-28 12:10 -------- d-----w- C:\Crash
2012-07-28 12:00 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-07-28 12:00 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-07-28 12:00 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-07-28 12:00 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-28 12:00 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-28 12:00 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-28 12:00 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-28 12:00 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-28 12:00 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-07-28 12:00 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-07-28 12:00 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-07-28 12:00 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-07-26 15:39 . 2012-07-26 15:39 -------- d-----w- c:\users\Fahro\AppData\Local\Adobe
2012-07-26 15:19 . 2012-07-29 15:35 -------- d-----w- c:\users\Fahro\AppData\Roaming\Nokia
2012-07-26 15:19 . 2012-07-26 15:20 -------- d-----w- c:\users\Fahro\AppData\Roaming\PC Suite
2012-07-26 15:19 . 2012-07-26 15:19 -------- d-----w- c:\programdata\PC Suite
2012-07-26 15:18 . 2012-07-26 15:18 -------- d-----w- c:\program files\Common Files\PCSuite
2012-07-26 15:17 . 2012-07-26 15:17 -------- d-----w- c:\program files\Common Files\Nokia
2012-07-26 15:17 . 2012-06-11 09:33 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-07-26 15:17 . 2012-01-09 15:28 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-07-26 15:15 . 2012-07-26 15:15 -------- d-----w- c:\programdata\Installations
2012-07-26 13:04 . 2012-07-26 13:04 -------- d-----w- c:\users\Fahro\AppData\Roaming\fizzy
2012-07-24 23:47 . 2012-07-24 23:47 -------- d-----w- c:\programdata\Babylon
2012-07-24 23:47 . 2012-07-24 23:47 -------- d-----w- c:\users\Fahro\AppData\Roaming\Babylon
2012-07-24 13:29 . 2012-07-24 13:29 -------- d-----w- c:\users\Fahro\AppData\Local\Apple
2012-07-23 16:18 . 2012-07-23 16:18 -------- d-----w- c:\users\Fahro\AppData\Roaming\Need for Speed World
2012-07-23 16:17 . 2012-07-23 16:17 -------- d-----w- c:\users\Fahro\AppData\Local\Electronic_Arts_Inc
2012-07-23 08:50 . 2012-07-23 08:50 -------- d-----w- c:\users\Fahro\AppData\Local\Macromedia
2012-07-23 08:48 . 2012-07-23 08:48 -------- d-----w- c:\users\Fahro\AppData\Roaming\ATI
2012-07-23 08:48 . 2012-07-23 08:48 -------- d-----w- c:\users\Fahro\AppData\Local\ATI
2012-07-23 08:32 . 2012-07-23 08:32 -------- d-----w- c:\users\Fahro\AppData\Local\Apple Computer
2012-07-23 08:30 . 2012-07-23 08:30 -------- d-----w- c:\users\Fahro\AppData\Local\ESET
2012-07-23 02:13 . 2012-07-23 02:13 -------- d-----w- c:\windows\Sun
2012-07-22 21:07 . 2012-07-22 21:07 -------- d-sh--w- c:\windows\ftpcache
2012-07-20 17:37 . 2012-07-20 17:37 -------- d-----w- c:\programdata\Electronic Arts
2012-07-20 15:55 . 2012-07-20 15:55 -------- d-----w- c:\programdata\Allmyapps
2012-07-15 10:27 . 2012-07-23 08:35 -------- d-----w- c:\users\Fahro\.thumbnails
2012-07-14 23:05 . 2012-07-23 08:35 -------- d-----w- c:\users\Fahro\.gimp-2.8
2012-07-14 14:31 . 2012-07-14 14:31 -------- d-----w- c:\users\Fahro\AppData\Local\AMD
2012-07-14 14:31 . 2012-07-14 14:31 -------- d-----w- c:\programdata\ATI
2012-07-14 14:30 . 2012-07-14 14:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-14 14:29 . 2012-07-14 14:30 -------- d-----w- c:\programdata\AMD
2012-07-14 14:29 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-07-14 14:24 . 2012-07-14 14:24 -------- d-----w- C:\AMD
2012-07-12 23:05 . 2007-07-20 16:30 94208 ----a-w- c:\windows\system32\vtfthumbext.dll
2012-07-12 23:05 . 2007-07-20 16:30 41984 ----a-w- c:\windows\system32\vtfcolumnext.dll
2012-07-12 23:05 . 2007-03-10 07:36 516096 ----a-w- c:\windows\system32\VTFLib.dll
2012-07-11 20:57 . 2001-06-19 15:53 266293 ----a-w- c:\windows\system32\temp.001
2012-07-11 20:56 . 2001-06-19 15:53 266293 ----a-w- c:\windows\system32\temp.000
2012-07-11 13:47 . 2012-07-11 13:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-10 14:02 . 2012-07-10 14:03 -------- d-----w- c:\users\Fahro\AppData\Local\Akamai
2012-07-09 02:51 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-09 02:51 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-09 02:23 . 2012-07-23 08:52 -------- d-----w- c:\users\Fahro\AppData\Roaming\Apple Computer
2012-07-09 02:23 . 2012-07-26 15:17 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-09 02:22 . 2012-07-09 02:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-09 02:22 . 2012-07-09 02:22 -------- d-----w- c:\programdata\Apple Computer
2012-07-09 02:20 . 2012-07-09 02:50 -------- d-----w- c:\program files\Common Files\Apple
2012-07-09 02:20 . 2012-07-09 02:20 -------- d-----w- c:\programdata\Apple
2012-07-04 16:58 . 2012-07-04 16:58 -------- d-----w- c:\programdata\McAfee Security Scan
2012-07-04 16:57 . 2012-07-04 16:58 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-04 16:55 . 2012-07-04 16:55 -------- d-----w- g:\program files\bitComposer Games
2012-07-04 06:58 . 2012-07-04 06:58 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27 . 2012-07-04 06:27 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21 . 2012-07-04 06:21 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20 . 2012-07-04 06:20 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19 . 2012-07-04 06:19 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19 . 2012-07-04 06:19 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 05:36 . 2012-07-04 05:36 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10 . 2012-07-04 05:10 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09 . 2012-07-04 05:09 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2012-07-04 00:32 . 2012-07-04 00:32 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-04 00:32 . 2012-07-04 00:32 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-04 00:31 . 2012-07-04 00:31 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-04 00:30 . 2012-07-04 00:30 13008384 ----a-w- c:\windows\system32\amdocl.dll
2012-07-04 00:30 . 2012-07-04 00:30 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-03 18:13 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2012-07-03 18:13 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2012-07-03 18:13 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2012-07-03 18:13 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-07-03 18:13 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-07-03 18:13 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-07-03 14:47 . 2012-07-03 14:47 -------- d-----w- g:\program files\BitTorrent
2012-07-03 14:28 . 2012-07-30 20:21 -------- d-----w- c:\users\Fahro\AppData\Roaming\BitTorrent
2012-07-03 14:18 . 2012-07-28 18:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 14:18 . 2012-07-28 18:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 14:18 . 2012-07-03 14:18 -------- d-----w- c:\windows\system32\Macromed
2012-07-03 14:16 . 2012-07-03 14:19 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-07-03 14:16 . 2012-07-03 14:16 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-07-03 14:04 . 2012-07-03 14:04 -------- d-----w- g:\program files\Deep Silver
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 06:18 . 2009-07-13 22:09 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:35 . 2009-06-10 21:19 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28 . 2009-07-13 22:09 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-06-29 08:44 . 2012-07-18 16:17 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1741CB3C-4151-44B4-9155-F48CAAA901F4}\mpengine.dll
2012-05-31 10:25 . 2012-07-02 20:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 17:29 . 2012-07-02 20:51 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 17:29 . 2012-07-02 20:51 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad146b57-67a2-4c82-8b1c-51f6316b20d2}]
2012-06-19 05:04 89288 ----a-w- c:\program files\searchresults9\searchresultsDX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ad146b57-67a2-4c82-8b1c-51f6316b20d2}"= "c:\program files\searchresults9\searchresultsDX.dll" [2012-06-19 89288]
.
[HKEY_CLASSES_ROOT\clsid\{ad146b57-67a2-4c82-8b1c-51f6316b20d2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Fahro\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"PC Suite Tray"="f:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-09 3076144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - g:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 18:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fahro\AppData\Roaming\Mozilla\Firefox\Profiles\s7ey41lv.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GIMP-2_is1 - c:\program files\GIMP 2\uninst\unins000.exe
AddRemove-Opera 12.00.1467 - c:\program files\Opera\Opera.exe
AddRemove-REVOLUTiON CSM SourceSDK SP3 - c:\sourcesdk\unins000.exe
AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
AddRemove-X-Ray SDK Patch 0.4_is1 - c:\program files\X-Ray SDK\unins001.exe
AddRemove-X-Ray SDK_is1 - g:\program files\X-Ray SDK\unins000.exe
AddRemove-ZiggyTV - c:\program files\ZiggyTV\Uninstall.exe
AddRemove-SOE-EverQuest - g:\program files\Sony Online Entertainment\Installed Games\EverQuest\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4264)
f:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
f:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
f:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
f:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\users\Fahro\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-08-02 00:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 22:02
.
Pre-Run: 273,321,984 bytes free
Post-Run: 187,842,560 bytes free
.
- - End Of File - - 72526568BFFB7302640C597F313B8820




and also it says that some user file was corrupted and it was restored.
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please enable NOD32.

Download TFC from here to your Desktop run it and then click on Start.
Reboot if asked if not close it when finished.

NEXT....

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#9
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I am sorry but when I go to the TFC site it says:
"TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files."

What does that mean? Does it mean that it will delete my browsers or what? (Please sorry, I don't know anything about malware removal and stuff)
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

It will delete all temporary files. Your browsers, bookmarks and other personal settings stays intact.
  • 0

Advertisements


#11
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
What are temporary files?
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please take a look here and here.
  • 0

#13
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
So I don't actually need them for my system to run?
  • 0

#14
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Let's say no.
  • 0

#15
Faxxy

Faxxy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Sorry for being a noob, but that is not going to make problems to my PC? Sorry once more.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP